{"uuid": "697222f6-a544-4ed0-ba97-40ca6d2895fc", "vulnerability": {"vulnId": "CVE-2026-45659", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-07-01T19:00:06+00:00"}, "gcve": {"object_uuid": "697222f6-a544-4ed0-ba97-40ca6d2895fc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-07-01T19:00:06+00:00", "recorded_at": "2026-07-01T20:00:01+00:00", "first_seen_at": "2026-07-01T19:00:06+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft SharePoint Remote Code Execution Vulnerability | Affected: Microsoft / Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition | CVSS: 8.8 (HIGH) | EPSS: 0.02781 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-45659", "url": "https://www.cve.org/CVERecord?id=CVE-2026-45659"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-45659"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft SharePoint Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition", "added_date": "2026-07-01T19:00:06.901Z", "cvss_score": 8.8, "epss_score": 0.02781, "cvss_severity": "HIGH", "epss_percentile": 0.8461, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8c6a3467-34fd-4b6e-894e-d38f28eba85a", "vulnerability": {"vulnId": "CVE-2026-8037", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-07-01T14:51:57+00:00"}, "gcve": {"object_uuid": "8c6a3467-34fd-4b6e-894e-d38f28eba85a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-07-01T14:51:57+00:00", "recorded_at": "2026-07-01T15:00:02+00:00", "first_seen_at": "2026-07-01T14:51:57+00:00"}, "scope": {"notes": "KEVIntel entry: OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF | Affected: Progress Software / LoadMaster, ECS Connections Manager, Object Scale Connection Manager, MOVEit WAF | CVSS: 9.6 (CRITICAL) | EPSS: 0.0819 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-8037", "url": "https://www.cve.org/CVERecord?id=CVE-2026-8037"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-8037"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF", "vendor": "Progress Software", "product": "LoadMaster, ECS Connections Manager, Object Scale Connection Manager, MOVEit WAF", "added_date": "2026-07-01T14:51:57.959Z", "cvss_score": 9.6, "epss_score": 0.0819, "cvss_severity": "CRITICAL", "epss_percentile": 0.94176, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "d56dc37d-6592-441a-961f-e40aee59b7ee", "vulnerability": {"vulnId": "CVE-2026-52813", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T16:02:32+00:00"}, "gcve": {"object_uuid": "d56dc37d-6592-441a-961f-e40aee59b7ee", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-30T16:02:32+00:00", "recorded_at": "2026-06-30T17:00:01+00:00", "first_seen_at": "2026-06-30T16:02:32+00:00"}, "scope": {"notes": "KEVIntel entry: Gogs: Path Traversal in organization name results in RCE through Git hooks | Affected: gogs / gogs | CVSS: 10.0 (CRITICAL) | EPSS: 0.01107 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-52813", "url": "https://www.cve.org/CVERecord?id=CVE-2026-52813"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-52813"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Gogs: Path Traversal in organization name results in RCE through Git hooks", "vendor": "gogs", "product": "gogs", "added_date": "2026-06-30T16:02:32.752Z", "cvss_score": 10.0, "epss_score": 0.01107, "cvss_severity": "CRITICAL", "epss_percentile": 0.6173, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "fa2bfd2f-33ee-42a0-ba8e-46e04c2c7ca6", "vulnerability": {"vulnId": "CVE-2026-46817", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-29T15:45:00+00:00"}, "gcve": {"object_uuid": "fa2bfd2f-33ee-42a0-ba8e-46e04c2c7ca6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-29T15:45:00+00:00", "recorded_at": "2026-06-29T16:00:01+00:00", "first_seen_at": "2026-06-29T15:45:00+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission).  Supported versions that are affected are... | Affected: Oracle Corporation / Oracle Payments | CVSS: 9.8 (CRITICAL) | EPSS: 0.00418 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-46817", "url": "https://www.cve.org/CVERecord?id=CVE-2026-46817"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-46817"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission).  Supported versions that are affected are...", "vendor": "Oracle Corporation", "product": "Oracle Payments", "added_date": "2026-06-29T15:45:00.000Z", "cvss_score": 9.8, "epss_score": 0.00418, "cvss_severity": "CRITICAL", "epss_percentile": 0.3353, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "885e6fd4-e620-46f3-85eb-794dd7c822e6", "vulnerability": {"vulnId": "CVE-2026-48558", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-29T14:20:22+00:00"}, "gcve": {"object_uuid": "885e6fd4-e620-46f3-85eb-794dd7c822e6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-29T14:20:22+00:00", "recorded_at": "2026-06-29T15:00:02+00:00", "first_seen_at": "2026-06-29T14:20:22+00:00"}, "scope": {"notes": "KEVIntel entry: SimpleHelp Authentication Bypass via Missing OIDC JWT Signature Verification | Affected: SimpleHelp / SimpleHelp | CVSS: 9.5 (CRITICAL) | EPSS: 0.00721 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-48558", "url": "https://www.cve.org/CVERecord?id=CVE-2026-48558"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-48558"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SimpleHelp Authentication Bypass via Missing OIDC JWT Signature Verification", "vendor": "SimpleHelp", "product": "SimpleHelp", "added_date": "2026-06-29T14:20:22.145Z", "cvss_score": 9.5, "epss_score": 0.00721, "cvss_severity": "CRITICAL", "epss_percentile": 0.49308, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "76cd7564-c28a-45e1-9c61-de0ad80fd2f5", "vulnerability": {"vulnId": "CVE-2026-8054", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-27T14:36:50+00:00"}, "gcve": {"object_uuid": "76cd7564-c28a-45e1-9c61-de0ad80fd2f5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-27T14:36:50+00:00", "recorded_at": "2026-06-27T15:00:01+00:00", "first_seen_at": "2026-06-27T14:36:50+00:00"}, "scope": {"notes": "KEVIntel entry: Unauthenticated SQL Injection in dotCMS Publish Audit API | Affected: dotCMS / dotCMS Core | CVSS: 10.0 (CRITICAL) | EPSS: 0.01584 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-8054", "url": "https://www.cve.org/CVERecord?id=CVE-2026-8054"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-8054"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unauthenticated SQL Injection in dotCMS Publish Audit API", "vendor": "dotCMS", "product": "dotCMS Core", "added_date": "2026-06-27T14:36:50.219Z", "cvss_score": 10.0, "epss_score": 0.01584, "cvss_severity": "CRITICAL", "epss_percentile": 0.72506, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "1004b842-5eb5-4b13-95b4-1e46330b29bb", "vulnerability": {"vulnId": "CVE-2023-6567", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-27T14:36:38+00:00"}, "gcve": {"object_uuid": "1004b842-5eb5-4b13-95b4-1e46330b29bb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-27T14:36:38+00:00", "recorded_at": "2026-06-27T15:00:01+00:00", "first_seen_at": "2026-06-27T14:36:38+00:00"}, "scope": {"notes": "KEVIntel entry: The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018order_by\u2019 parameter in all versions up to, and including,... | Affected: thimpress / LearnPress \u2013 WordPress LMS Plugin | CVSS: 9.8 (CRITICAL) | EPSS: 0.51394 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-6567", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6567"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-6567"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018order_by\u2019 parameter in all versions up to, and including,...", "vendor": "thimpress", "product": "LearnPress \u2013 WordPress LMS Plugin", "added_date": "2026-06-27T14:36:38.919Z", "cvss_score": 9.8, "epss_score": 0.51394, "cvss_severity": "CRITICAL", "epss_percentile": 0.98802, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "1897383c-d052-42c0-8d39-9cd023b8b6a3", "vulnerability": {"vulnId": "CVE-2026-12569", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-25T00:00:00+00:00"}, "gcve": {"object_uuid": "1897383c-d052-42c0-8d39-9cd023b8b6a3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-25T00:00:00+00:00", "recorded_at": "2026-06-25T20:00:01+00:00", "first_seen_at": "2026-06-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Remote Code Execution (RCE) vulnerability in Windchill PDMlink | Affected: PTC / Windchill PDMLink, FlexPLM | CVSS: 9.3 (CRITICAL) | EPSS: 0.00499 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-12569", "url": "https://www.cve.org/CVERecord?id=CVE-2026-12569"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-12569"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Remote Code Execution (RCE) vulnerability in Windchill PDMlink", "vendor": "PTC", "product": "Windchill PDMLink, FlexPLM", "added_date": "2026-06-25T00:00:00.000Z", "cvss_score": 9.3, "epss_score": 0.00499, "cvss_severity": "CRITICAL", "epss_percentile": 0.38899, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "52ee6f16-bdc2-4950-ad34-a2d8c19aafbd", "vulnerability": {"vulnId": "CVE-2026-20230", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-23T22:20:36+00:00"}, "gcve": {"object_uuid": "52ee6f16-bdc2-4950-ad34-a2d8c19aafbd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-23T22:20:36+00:00", "recorded_at": "2026-06-23T23:00:01+00:00", "first_seen_at": "2026-06-23T22:20:36+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified... | Affected: Cisco / Cisco Unified Communications Manager | CVSS: 8.6 (HIGH) | EPSS: 0.20442 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-20230", "url": "https://www.cve.org/CVERecord?id=CVE-2026-20230"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-20230"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified...", "vendor": "Cisco", "product": "Cisco Unified Communications Manager", "added_date": "2026-06-23T22:20:36.536Z", "cvss_score": 8.6, "epss_score": 0.20442, "cvss_severity": "HIGH", "epss_percentile": 0.97156, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "652ed326-7713-416f-bf90-c92d1145572f", "vulnerability": {"vulnId": "CVE-2025-67038", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-23T00:00:00+00:00"}, "gcve": {"object_uuid": "652ed326-7713-416f-bf90-c92d1145572f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-23T00:00:00+00:00", "recorded_at": "2026-06-23T19:00:01+00:00", "first_seen_at": "2026-06-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication... | Affected: Lantronix / EDS5000 | EPSS: 0.00469 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-67038", "url": "https://www.cve.org/CVERecord?id=CVE-2025-67038"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-67038"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication...", "vendor": "Lantronix", "product": "EDS5000", "added_date": "2026-06-23T00:00:00.000Z", "cvss_score": null, "epss_score": 0.00469, "cvss_severity": null, "epss_percentile": 0.36913, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cbae0eae-766c-43d7-bd5f-5d723d5ef7d5", "vulnerability": {"vulnId": "CVE-2026-4020", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-17T10:28:34+00:00"}, "gcve": {"object_uuid": "cbae0eae-766c-43d7-bd5f-5d723d5ef7d5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-17T10:28:34+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-17T10:28:34+00:00"}, "scope": {"notes": "KEVIntel entry: Gravity SMTP <= 2.1.4 - Unauthenticated Sensitive Information Exposure via REST API | Affected: RocketGenius / Gravity SMTP | CVSS: 7.5 (HIGH) | EPSS: 0.0298 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-4020", "url": "https://www.cve.org/CVERecord?id=CVE-2026-4020"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-4020"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Gravity SMTP <= 2.1.4 - Unauthenticated Sensitive Information Exposure via REST API", "vendor": "RocketGenius", "product": "Gravity SMTP", "added_date": "2026-06-17T10:28:34.000Z", "cvss_score": 7.5, "epss_score": 0.0298, "cvss_severity": "HIGH", "epss_percentile": 0.85527, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "3b350b79-811d-4e07-a651-6771def715f5", "vulnerability": {"vulnId": "CVE-2026-48907", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-16T00:00:00+00:00"}, "gcve": {"object_uuid": "3b350b79-811d-4e07-a651-6771def715f5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-16T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-16T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5 | Affected: joomlacontenteditor.net / Joomla Content Editor (JCE) extension for Joomla | CVSS: 10.0 (CRITICAL) | EPSS: 0.06854 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-48907", "url": "https://www.cve.org/CVERecord?id=CVE-2026-48907"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-48907"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5", "vendor": "joomlacontenteditor.net", "product": "Joomla Content Editor (JCE) extension for Joomla", "added_date": "2026-06-16T00:00:00.000Z", "cvss_score": 10.0, "epss_score": 0.06854, "cvss_severity": "CRITICAL", "epss_percentile": 0.93214, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6b1d1a8e-5f37-45a9-85d1-b876feb512c4", "vulnerability": {"vulnId": "CVE-2026-39813", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-15T12:48:52+00:00"}, "gcve": {"object_uuid": "6b1d1a8e-5f37-45a9-85d1-b876feb512c4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-15T12:48:52+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-15T12:48:52+00:00"}, "scope": {"notes": "KEVIntel entry: A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to... | Affected: Fortinet / FortiSandbox, FortiSandbox Cloud | CVSS: 9.1 (CRITICAL) | EPSS: 0.18703 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-39813", "url": "https://www.cve.org/CVERecord?id=CVE-2026-39813"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-39813"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to...", "vendor": "Fortinet", "product": "FortiSandbox, FortiSandbox Cloud", "added_date": "2026-06-15T12:48:52.791Z", "cvss_score": 9.1, "epss_score": 0.18703, "cvss_severity": "CRITICAL", "epss_percentile": 0.96908, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "ded4285b-0f26-4008-abc1-7a77523a9c25", "vulnerability": {"vulnId": "CVE-2026-53435", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-15T09:02:00+00:00"}, "gcve": {"object_uuid": "ded4285b-0f26-4008-abc1-7a77523a9c25", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-15T09:02:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-15T09:02:00+00:00"}, "scope": {"notes": "KEVIntel entry: In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrary types defined in Jenkins... | Affected: Jenkins Project / Jenkins | CVSS: 8.8 (HIGH) | EPSS: 0.00368 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-53435", "url": "https://www.cve.org/CVERecord?id=CVE-2026-53435"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-53435"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrary types defined in Jenkins...", "vendor": "Jenkins Project", "product": "Jenkins", "added_date": "2026-06-15T09:02:00.000Z", "cvss_score": 8.8, "epss_score": 0.00368, "cvss_severity": "HIGH", "epss_percentile": 0.28443, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "3f9ef71a-5889-4be3-8b58-82875f9c614f", "vulnerability": {"vulnId": "CVE-2026-20253", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-15T05:15:25+00:00"}, "gcve": {"object_uuid": "3f9ef71a-5889-4be3-8b58-82875f9c614f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-15T05:15:25+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-15T05:15:25+00:00"}, "scope": {"notes": "KEVIntel entry: Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise | Affected: Splunk / Splunk Enterprise | CVSS: 9.8 (CRITICAL) | EPSS: 0.01731 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-20253", "url": "https://www.cve.org/CVERecord?id=CVE-2026-20253"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-20253"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise", "vendor": "Splunk", "product": "Splunk Enterprise", "added_date": "2026-06-15T05:15:25.399Z", "cvss_score": 9.8, "epss_score": 0.01731, "cvss_severity": "CRITICAL", "epss_percentile": 0.74662, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 3}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0d092dd8-9f66-4d7e-a596-94fd1f4d74a4", "vulnerability": {"vulnId": "CVE-2024-27497", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-15T00:00:00+00:00"}, "gcve": {"object_uuid": "0d092dd8-9f66-4d7e-a596-94fd1f4d74a4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-15T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file. | Affected: Linksys / E2000 | CVSS: 8.8 (HIGH) | EPSS: 0.2646 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-27497", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27497"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-27497"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file.", "vendor": "Linksys", "product": "E2000", "added_date": "2026-06-15T00:00:00.000Z", "cvss_score": 8.8, "epss_score": 0.2646, "cvss_severity": "HIGH", "epss_percentile": 0.97752, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "2d62ba33-6a45-42b2-b9d8-d2964150e3fd", "vulnerability": {"vulnId": "CVE-2017-9833", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-15T00:00:00+00:00"}, "gcve": {"object_uuid": "2d62ba33-6a45-42b2-b9d8-d2964150e3fd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-15T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: /cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of \"../..\" using the FILECAMERA variable (sent by GET) to read files with root privileges.... | Affected: Boa / Boa Web Server | CVSS: 7.5 (HIGH) | EPSS: 0.67725 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2017-9833", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9833"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-9833"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of \"../..\" using the FILECAMERA variable (sent by GET) to read files with root privileges....", "vendor": "Boa", "product": "Boa Web Server", "added_date": "2026-06-15T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.67725, "cvss_severity": "HIGH", "epss_percentile": 0.99225, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "70dcba80-894a-46fa-aef6-74a3c03ee6e6", "vulnerability": {"vulnId": "CVE-2023-31059", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-15T00:00:00+00:00"}, "gcve": {"object_uuid": "70dcba80-894a-46fa-aef6-74a3c03ee6e6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-15T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php. | Affected: Repetier / Repetier Server | CVSS: 7.5 (HIGH) | EPSS: 0.05574 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-31059", "url": "https://www.cve.org/CVERecord?id=CVE-2023-31059"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-31059"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php.", "vendor": "Repetier", "product": "Repetier Server", "added_date": "2026-06-15T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.05574, "cvss_severity": "HIGH", "epss_percentile": 0.91876, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "c67b158f-1ebf-43c9-b3e8-5a1047ea95c3", "vulnerability": {"vulnId": "CVE-2020-24949", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-15T00:00:00+00:00"}, "gcve": {"object_uuid": "c67b158f-1ebf-43c9-b3e8-5a1047ea95c3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-15T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server... | Affected: PHP-Fusion / PHP-Fusion | CVSS: 8.8 (HIGH) | EPSS: 0.67516 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-24949", "url": "https://www.cve.org/CVERecord?id=CVE-2020-24949"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-24949"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server...", "vendor": "PHP-Fusion", "product": "PHP-Fusion", "added_date": "2026-06-15T00:00:00.000Z", "cvss_score": 8.8, "epss_score": 0.67516, "cvss_severity": "HIGH", "epss_percentile": 0.99217, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "da332c3d-d822-41aa-ac44-a39da741fd25", "vulnerability": {"vulnId": "CVE-2024-31750", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-15T00:00:00+00:00"}, "gcve": {"object_uuid": "da332c3d-d822-41aa-ac44-a39da741fd25", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-15T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id parameter. | Affected: f-logic / datacube3 | CVSS: 9.8 (CRITICAL) | EPSS: 0.1942 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-31750", "url": "https://www.cve.org/CVERecord?id=CVE-2024-31750"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-31750"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id parameter.", "vendor": "f-logic", "product": "datacube3", "added_date": "2026-06-15T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.1942, "cvss_severity": "CRITICAL", "epss_percentile": 0.97017, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "e14d33b7-25bb-45fb-9b85-bc6645d7e782", "vulnerability": {"vulnId": "CVE-2025-27222", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-15T00:00:00+00:00"}, "gcve": {"object_uuid": "e14d33b7-25bb-45fb-9b85-bc6645d7e782", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-15T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to retrieve files. However, the application doesn't... | Affected: Rocket Software / TRUfusion Enterprise | CVSS: 8.6 (HIGH) | EPSS: 0.01773 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-27222", "url": "https://www.cve.org/CVERecord?id=CVE-2025-27222"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-27222"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to retrieve files. However, the application doesn't...", "vendor": "Rocket Software", "product": "TRUfusion Enterprise", "added_date": "2026-06-15T00:00:00.000Z", "cvss_score": 8.6, "epss_score": 0.01773, "cvss_severity": "HIGH", "epss_percentile": 0.75283, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "abbb1b27-fc04-40fa-b76e-e849a315db7e", "vulnerability": {"vulnId": "CVE-2022-25486", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-15T00:00:00+00:00"}, "gcve": {"object_uuid": "abbb1b27-fc04-40fa-b76e-e849a315db7e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-15T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php. | Affected: CuppaCMS / CuppaCMS | CVSS: 7.8 (HIGH) | EPSS: 0.09966 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-25486", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25486"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-25486"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php.", "vendor": "CuppaCMS", "product": "CuppaCMS", "added_date": "2026-06-15T00:00:00.000Z", "cvss_score": 7.8, "epss_score": 0.09966, "cvss_severity": "HIGH", "epss_percentile": 0.94998, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "31cd8fcc-8b44-4807-857f-014211b10d4a", "vulnerability": {"vulnId": "CVE-2026-20262", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-15T00:00:00+00:00"}, "gcve": {"object_uuid": "31cd8fcc-8b44-4807-857f-014211b10d4a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-15T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability | Affected: Cisco / Cisco Catalyst SD-WAN Manager | CVSS: 6.5 (MEDIUM) | EPSS: 0.01145 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-20262", "url": "https://www.cve.org/CVERecord?id=CVE-2026-20262"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-20262"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability", "vendor": "Cisco", "product": "Cisco Catalyst SD-WAN Manager", "added_date": "2026-06-15T00:00:00.000Z", "cvss_score": 6.5, "epss_score": 0.01145, "cvss_severity": "MEDIUM", "epss_percentile": 0.62597, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5bd93969-31e7-466c-9711-ee910f5dcee3", "vulnerability": {"vulnId": "CVE-2024-32738", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-15T00:00:00+00:00"}, "gcve": {"object_uuid": "5bd93969-31e7-466c-9711-ee910f5dcee3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-15T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: CyberPower PowerPanel Enterprise SQL Injection | Affected: CyberPower / CyberPower PowerPanel Enterprise | CVSS: 7.5 (HIGH) | EPSS: 0.04515 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-32738", "url": "https://www.cve.org/CVERecord?id=CVE-2024-32738"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-32738"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "CyberPower PowerPanel Enterprise SQL Injection", "vendor": "CyberPower", "product": "CyberPower PowerPanel Enterprise", "added_date": "2026-06-15T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.04515, "cvss_severity": "HIGH", "epss_percentile": 0.90301, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "4eea7983-a515-41f9-9c0d-14b2f7ce1a99", "vulnerability": {"vulnId": "CVE-2017-15363", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-15T00:00:00+00:00"}, "gcve": {"object_uuid": "4eea7983-a515-41f9-9c0d-14b2f7ce1a99", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-15T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used in the restler extension... | Affected: Luracast / Restler | CVSS: 7.5 (HIGH) | EPSS: 0.13649 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2017-15363", "url": "https://www.cve.org/CVERecord?id=CVE-2017-15363"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-15363"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used in the restler extension...", "vendor": "Luracast", "product": "Restler", "added_date": "2026-06-15T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.13649, "cvss_severity": "HIGH", "epss_percentile": 0.95997, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "46ca9d3b-b316-454f-9b24-b87addf817b1", "vulnerability": {"vulnId": "CVE-2022-25485", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-15T00:00:00+00:00"}, "gcve": {"object_uuid": "46ca9d3b-b316-454f-9b24-b87addf817b1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-15T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php. | Affected: CuppaCMS / CuppaCMS | CVSS: 7.8 (HIGH) | EPSS: 0.07927 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-25485", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25485"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-25485"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php.", "vendor": "CuppaCMS", "product": "CuppaCMS", "added_date": "2026-06-15T00:00:00.000Z", "cvss_score": 7.8, "epss_score": 0.07927, "cvss_severity": "HIGH", "epss_percentile": 0.93983, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "5ee10a93-2d01-4ce9-b596-39d0355e4cce", "vulnerability": {"vulnId": "CVE-2026-54420", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-14T04:01:15+00:00"}, "gcve": {"object_uuid": "5ee10a93-2d01-4ce9-b596-39d0355e4cce", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-14T04:01:15+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-14T04:01:15+00:00"}, "scope": {"notes": "KEVIntel entry: LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web... | Affected: LiteSpeed Technologies / cPanel Plugin | CVSS: 8.5 (HIGH) | EPSS: 0.00654 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-54420", "url": "https://www.cve.org/CVERecord?id=CVE-2026-54420"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-54420"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web...", "vendor": "LiteSpeed Technologies", "product": "cPanel Plugin", "added_date": "2026-06-14T04:01:15.820Z", "cvss_score": 8.5, "epss_score": 0.00654, "cvss_severity": "HIGH", "epss_percentile": 0.46447, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "hour", "count": 20}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a751dd2b-ae10-42b7-b189-ac95f0bf993c", "vulnerability": {"vulnId": "CVE-2023-39796", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-14T00:00:00+00:00"}, "gcve": {"object_uuid": "a751dd2b-ae10-42b7-b189-ac95f0bf993c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-14T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via the... | Affected: WBCE / WBCE CMS | CVSS: 9.8 (CRITICAL) | EPSS: 0.06096 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-39796", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39796"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-39796"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via the...", "vendor": "WBCE", "product": "WBCE CMS", "added_date": "2026-06-14T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.06096, "cvss_severity": "CRITICAL", "epss_percentile": 0.92498, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "7b0577d2-314f-4699-a229-249801590837", "vulnerability": {"vulnId": "CVE-2022-38296", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-13T00:00:00+00:00"}, "gcve": {"object_uuid": "7b0577d2-314f-4699-a229-249801590837", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-13T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager. | Affected: Cuppa CMS / Cuppa CMS | CVSS: 9.8 (CRITICAL) | EPSS: 0.0377 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-38296", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38296"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-38296"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager.", "vendor": "Cuppa CMS", "product": "Cuppa CMS", "added_date": "2026-06-13T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.0377, "cvss_severity": "CRITICAL", "epss_percentile": 0.88535, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "450831fe-2b65-4c13-b91e-060c8e1f043b", "vulnerability": {"vulnId": "CVE-2026-39808", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-12T13:59:12+00:00"}, "gcve": {"object_uuid": "450831fe-2b65-4c13-b91e-060c8e1f043b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-12T13:59:12+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-12T13:59:12+00:00"}, "scope": {"notes": "KEVIntel entry: A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through... | Affected: Fortinet / FortiSandbox, FortiSandbox PaaS | CVSS: 9.8 (CRITICAL) | EPSS: 0.66168 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-39808", "url": "https://www.cve.org/CVERecord?id=CVE-2026-39808"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-39808"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through...", "vendor": "Fortinet", "product": "FortiSandbox, FortiSandbox PaaS", "added_date": "2026-06-12T13:59:12.791Z", "cvss_score": 9.8, "epss_score": 0.66168, "cvss_severity": "CRITICAL", "epss_percentile": 0.9918, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "c2c8b36a-5c58-4d4c-9ffe-883b8202bcbb", "vulnerability": {"vulnId": "CVE-2021-31805", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-12T00:32:51+00:00"}, "gcve": {"object_uuid": "c2c8b36a-5c58-4d4c-9ffe-883b8202bcbb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-12T00:32:51+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-12T00:32:51+00:00"}, "scope": {"notes": "KEVIntel entry: Forced OGNL evaluation, when evaluated on raw not validated user input in tag attributes, may lead to RCE. | Affected: Apache Software Foundation / Apache Struts | CVSS: 9.8 (CRITICAL) | EPSS: 0.85101 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-31805", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31805"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-31805"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Forced OGNL evaluation, when evaluated on raw not validated user input in tag attributes, may lead to RCE.", "vendor": "Apache Software Foundation", "product": "Apache Struts", "added_date": "2026-06-12T00:32:51.325Z", "cvss_score": 9.8, "epss_score": 0.85101, "cvss_severity": "CRITICAL", "epss_percentile": 0.99684, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "e9ba9e5d-7227-4a86-8275-c31e1b2aab8c", "vulnerability": {"vulnId": "CVE-2021-30128", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-12T00:32:50+00:00"}, "gcve": {"object_uuid": "e9ba9e5d-7227-4a86-8275-c31e1b2aab8c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-12T00:32:50+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2026-06-12T00:32:50+00:00"}, "scope": {"notes": "KEVIntel entry: Unsafe deserialization in Apache OFBiz | Affected: Apache Software Foundation / Apache OFBiz | CVSS: 9.8 (CRITICAL) | EPSS: 0.81079 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-30128", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30128"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-30128"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unsafe deserialization in Apache OFBiz", "vendor": "Apache Software Foundation", "product": "Apache OFBiz", "added_date": "2026-06-12T00:32:50.259Z", "cvss_score": 9.8, "epss_score": 0.81079, "cvss_severity": "CRITICAL", "epss_percentile": 0.99583, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "8f3b5b51-0f4b-4110-81fd-8ec81938d7c4", "vulnerability": {"vulnId": "CVE-2020-6286", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-12T00:32:46+00:00"}, "gcve": {"object_uuid": "8f3b5b51-0f4b-4110-81fd-8ec81938d7c4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-12T00:32:46+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-12T00:32:46+00:00"}, "scope": {"notes": "KEVIntel entry: The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30,... | Affected: SAP SE / SAP NetWeaver AS JAVA (LM Configuration Wizard) | CVSS: 5.3 (MEDIUM) | EPSS: 0.28312 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-6286", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6286"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-6286"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30,...", "vendor": "SAP SE", "product": "SAP NetWeaver AS JAVA (LM Configuration Wizard)", "added_date": "2026-06-12T00:32:46.583Z", "cvss_score": 5.3, "epss_score": 0.28312, "cvss_severity": "MEDIUM", "epss_percentile": 0.97872, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "3a1e6236-2c1e-44c0-a25d-0049adc05c2f", "vulnerability": {"vulnId": "CVE-2026-35273", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-11T20:20:23+00:00"}, "gcve": {"object_uuid": "3a1e6236-2c1e-44c0-a25d-0049adc05c2f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-11T20:20:23+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-11T20:20:23+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions... | Affected: Oracle Corporation / PeopleSoft Enterprise PeopleTools | CVSS: 9.8 (CRITICAL) | EPSS: 0.00717 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-35273", "url": "https://www.cve.org/CVERecord?id=CVE-2026-35273"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-35273"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions...", "vendor": "Oracle Corporation", "product": "PeopleSoft Enterprise PeopleTools", "added_date": "2026-06-11T20:20:23.651Z", "cvss_score": 9.8, "epss_score": 0.00717, "cvss_severity": "CRITICAL", "epss_percentile": 0.48925, "used_in_malware": "yes", "ahead_of_cisa_kev": {"unit": "hour", "count": 4}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7cca623f-6e18-4cb6-b221-dc0e78595a5c", "vulnerability": {"vulnId": "CVE-2026-10795", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-11T07:20:32+00:00"}, "gcve": {"object_uuid": "7cca623f-6e18-4cb6-b221-dc0e78595a5c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-11T07:20:32+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-11T07:20:32+00:00"}, "scope": {"notes": "KEVIntel entry: UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc | Affected: davidanderson / UpdraftPlus: WP Backup & Migration Plugin | CVSS: 8.1 (HIGH) | EPSS: 0.01252 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-10795", "url": "https://www.cve.org/CVERecord?id=CVE-2026-10795"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-10795"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc", "vendor": "davidanderson", "product": "UpdraftPlus: WP Backup & Migration Plugin", "added_date": "2026-06-11T07:20:32.076Z", "cvss_score": 8.1, "epss_score": 0.01252, "cvss_severity": "HIGH", "epss_percentile": 0.65563, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "ecd01b57-baf6-4215-b130-c74a585ee5c0", "vulnerability": {"vulnId": "CVE-2025-5821", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-11T00:20:49+00:00"}, "gcve": {"object_uuid": "ecd01b57-baf6-4215-b130-c74a585ee5c0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-11T00:20:49+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-11T00:20:49+00:00"}, "scope": {"notes": "KEVIntel entry: Case Theme User <= 1.0.3 - Authentication Bypass via Social Login | Affected: Case-Themes / Case Theme User | CVSS: 9.8 (CRITICAL) | EPSS: 0.00714 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-5821", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5821"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-5821"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Case Theme User <= 1.0.3 - Authentication Bypass via Social Login", "vendor": "Case-Themes", "product": "Case Theme User", "added_date": "2026-06-11T00:20:49.551Z", "cvss_score": 9.8, "epss_score": 0.00714, "cvss_severity": "CRITICAL", "epss_percentile": 0.48822, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "e672aea8-6ef3-4acc-854b-e88dff8c8a61", "vulnerability": {"vulnId": "CVE-2026-5027", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-10T16:20:36+00:00"}, "gcve": {"object_uuid": "e672aea8-6ef3-4acc-854b-e88dff8c8a61", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-10T16:20:36+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-10T16:20:36+00:00"}, "scope": {"notes": "KEVIntel entry: Langflow - Path Traversal Arbitrary File Write via upload_user_file | Affected: langflow-ai / langflow | CVSS: 8.8 (HIGH) | EPSS: 0.02289 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-5027", "url": "https://www.cve.org/CVERecord?id=CVE-2026-5027"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-5027"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Langflow - Path Traversal Arbitrary File Write via upload_user_file", "vendor": "langflow-ai", "product": "langflow", "added_date": "2026-06-10T16:20:36.494Z", "cvss_score": 8.8, "epss_score": 0.02289, "cvss_severity": "HIGH", "epss_percentile": 0.80961, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "524a908a-0142-4138-b5a9-f396e4e36e0c", "vulnerability": {"vulnId": "CVE-2026-10520", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-10T09:50:00+00:00"}, "gcve": {"object_uuid": "524a908a-0142-4138-b5a9-f396e4e36e0c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-10T09:50:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-10T09:50:00+00:00"}, "scope": {"notes": "KEVIntel entry: An OS Command Injection vulnerability\u00a0in Ivanti\u00a0Sentry before\u00a0the\u00a0R10.5.2, R10.6.2 and R10.7.1\u00a0versions\u00a0allows\u00a0a remote unauthenticated user to... | Affected: ivanti / Sentry | CVSS: 10.0 (CRITICAL) | EPSS: 0.59524 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-10520", "url": "https://www.cve.org/CVERecord?id=CVE-2026-10520"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-10520"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An OS Command Injection vulnerability\u00a0in Ivanti\u00a0Sentry before\u00a0the\u00a0R10.5.2, R10.6.2 and R10.7.1\u00a0versions\u00a0allows\u00a0a remote unauthenticated user to...", "vendor": "ivanti", "product": "Sentry", "added_date": "2026-06-10T09:50:00.000Z", "cvss_score": 10.0, "epss_score": 0.59524, "cvss_severity": "CRITICAL", "epss_percentile": 0.99005, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "45a952dd-c3c3-429b-85e8-2265f8f5adc9", "vulnerability": {"vulnId": "CVE-2026-11645", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-09T13:20:17+00:00"}, "gcve": {"object_uuid": "45a952dd-c3c3-429b-85e8-2265f8f5adc9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-09T13:20:17+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-09T13:20:17+00:00"}, "scope": {"notes": "KEVIntel entry: Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | EPSS: 0.00713 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-11645", "url": "https://www.cve.org/CVERecord?id=CVE-2026-11645"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-11645"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox...", "vendor": "Google", "product": "Chrome", "added_date": "2026-06-09T13:20:17.736Z", "cvss_score": 8.8, "epss_score": 0.00713, "cvss_severity": "HIGH", "epss_percentile": 0.48789, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "hour", "count": 5}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "789dd99a-1e53-44a1-a731-dac63a350697", "vulnerability": {"vulnId": "CVE-2026-34910", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-09T08:18:00+00:00"}, "gcve": {"object_uuid": "789dd99a-1e53-44a1-a731-dac63a350697", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-09T08:18:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-09T08:18:00+00:00"}, "scope": {"notes": "KEVIntel entry: A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a... | Affected: Ubiquiti Inc / UniFi OS Server, UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, UDM-Beast, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UNVR, UNVR-Pro, UNVR-Instant, UNVR-G2, UNVR-G2-Pro, ENVR, ENVR-Core, UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4, UNAS-Pro-8, UCKP, UCK, UCK-Enterprise, UCG-Ultra, UCG-Max, UCG-Fiber, UCG-Industrial | CVSS: 10.0 (CRITICAL) | EPSS: 0.04509 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-34910", "url": "https://www.cve.org/CVERecord?id=CVE-2026-34910"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-34910"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a...", "vendor": "Ubiquiti Inc", "product": "UniFi OS Server, UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, UDM-Beast, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UNVR, UNVR-Pro, UNVR-Instant, UNVR-G2, UNVR-G2-Pro, ENVR, ENVR-Core, UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4, UNAS-Pro-8, UCKP, UCK, UCK-Enterprise, UCG-Ultra, UCG-Max, UCG-Fiber, UCG-Industrial", "added_date": "2026-06-09T08:18:00.000Z", "cvss_score": 10.0, "epss_score": 0.04509, "cvss_severity": "CRITICAL", "epss_percentile": 0.9029, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "8d69f7cd-4645-4528-8084-410d4e004779", "vulnerability": {"vulnId": "CVE-2026-34909", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-09T07:29:00+00:00"}, "gcve": {"object_uuid": "8d69f7cd-4645-4528-8084-410d4e004779", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-09T07:29:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-09T07:29:00+00:00"}, "scope": {"notes": "KEVIntel entry: A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the... | Affected: Ubiquiti Inc / UniFi OS Server, Express, UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, UDM-Beast, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UNVR, UNVR-Pro, UNVR-Instant, UNVR-G2, UNVR-G2-Pro, ENVR, ENVR-Core, UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4, UNAS-Pro-8, UCKP, UCK, UCK-Enterprise, UCG-Ultra, UCG-Max, UCG-Fiber, UCG-Industrial | CVSS: 10.0 (CRITICAL) | EPSS: 0.00623 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-34909", "url": "https://www.cve.org/CVERecord?id=CVE-2026-34909"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-34909"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the...", "vendor": "Ubiquiti Inc", "product": "UniFi OS Server, Express, UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, UDM-Beast, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UNVR, UNVR-Pro, UNVR-Instant, UNVR-G2, UNVR-G2-Pro, ENVR, ENVR-Core, UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4, UNAS-Pro-8, UCKP, UCK, UCK-Enterprise, UCG-Ultra, UCG-Max, UCG-Fiber, UCG-Industrial", "added_date": "2026-06-09T07:29:00.000Z", "cvss_score": 10.0, "epss_score": 0.00623, "cvss_severity": "CRITICAL", "epss_percentile": 0.45123, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "614d811c-34aa-48e0-ad83-76e5891e175c", "vulnerability": {"vulnId": "CVE-2026-34908", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-09T07:27:00+00:00"}, "gcve": {"object_uuid": "614d811c-34aa-48e0-ad83-76e5891e175c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-09T07:27:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-09T07:27:00+00:00"}, "scope": {"notes": "KEVIntel entry: A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized... | Affected: Ubiquiti Inc / UniFi OS Server, UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, UDM-Beast, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UNVR, UNVR-Pro, UNVR-Instant, UNVR-G2, UNVR-G2-Pro, ENVR, ENVR-Core, UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4, UNAS-Pro-8, UCKP, UCK, UCK-Enterprise, UCG-Ultra, UCG-Max, UCG-Fiber, UCG-Industrial | CVSS: 10.0 (CRITICAL) | EPSS: 0.00565 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-34908", "url": "https://www.cve.org/CVERecord?id=CVE-2026-34908"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-34908"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized...", "vendor": "Ubiquiti Inc", "product": "UniFi OS Server, UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, UDM-Beast, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UNVR, UNVR-Pro, UNVR-Instant, UNVR-G2, UNVR-G2-Pro, ENVR, ENVR-Core, UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4, UNAS-Pro-8, UCKP, UCK, UCK-Enterprise, UCG-Ultra, UCG-Max, UCG-Fiber, UCG-Industrial", "added_date": "2026-06-09T07:27:00.000Z", "cvss_score": 10.0, "epss_score": 0.00565, "cvss_severity": "CRITICAL", "epss_percentile": 0.42425, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "8c62718f-8b3d-436a-999b-a63f5a1c748b", "vulnerability": {"vulnId": "CVE-2026-42271", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-08T18:00:45+00:00"}, "gcve": {"object_uuid": "8c62718f-8b3d-436a-999b-a63f5a1c748b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-08T18:00:45+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-08T18:00:45+00:00"}, "scope": {"notes": "KEVIntel entry: LiteLLM: Authenticated command execution via MCP stdio test endpoints | Affected: BerriAI / litellm | CVSS: 8.7 (HIGH) | EPSS: 0.53701 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-42271", "url": "https://www.cve.org/CVERecord?id=CVE-2026-42271"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-42271"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "LiteLLM: Authenticated command execution via MCP stdio test endpoints", "vendor": "BerriAI", "product": "litellm", "added_date": "2026-06-08T18:00:45.030Z", "cvss_score": 8.7, "epss_score": 0.53701, "cvss_severity": "HIGH", "epss_percentile": 0.98862, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c1e58597-3eee-4787-8148-4a312f0b967b", "vulnerability": {"vulnId": "CVE-2026-50751", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-08T14:20:34+00:00"}, "gcve": {"object_uuid": "c1e58597-3eee-4787-8148-4a312f0b967b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-08T14:20:34+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-08T14:20:34+00:00"}, "scope": {"notes": "KEVIntel entry: User Authentication Bypass in VPN Remote Access and Mobile Access | Affected: checkpoint / Quantum Security Gateway, Spark Firewalls | CVSS: 9.3 (CRITICAL) | EPSS: 0.41152 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-50751", "url": "https://www.cve.org/CVERecord?id=CVE-2026-50751"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-50751"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "User Authentication Bypass in VPN Remote Access and Mobile Access", "vendor": "checkpoint", "product": "Quantum Security Gateway, Spark Firewalls", "added_date": "2026-06-08T14:20:34.968Z", "cvss_score": 9.3, "epss_score": 0.41152, "cvss_severity": "CRITICAL", "epss_percentile": 0.98488, "used_in_malware": "yes", "ahead_of_cisa_kev": {"unit": "hour", "count": 6}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "043a8e22-8194-4c18-97c2-fc5b2d131011", "vulnerability": {"vulnId": "CVE-2021-33544", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "043a8e22-8194-4c18-97c2-fc5b2d131011", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-08T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: UDP Technology/Geutebr\u00fcck camera devices: command injection leading to RCE | Affected: Geutebr\u00fcck / E2 Series, Encoder G-Code | CVSS: 7.2 (HIGH) | EPSS: 0.94622 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-33544", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33544"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-33544"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "UDP Technology/Geutebr\u00fcck camera devices: command injection leading to RCE", "vendor": "Geutebr\u00fcck", "product": "E2 Series, Encoder G-Code", "added_date": "2026-06-08T00:00:00.000Z", "cvss_score": 7.2, "epss_score": 0.94622, "cvss_severity": "HIGH", "epss_percentile": 0.99846, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "fe680b89-8e0f-41e6-b048-c945f16a2fb0", "vulnerability": {"vulnId": "CVE-2025-61666", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "fe680b89-8e0f-41e6-b048-c945f16a2fb0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-08T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Traccar Unauthenticated Local File Inclusion on Windows - Leakage of Traccar Config File | Affected: traccar / traccar | CVSS: 8.7 (HIGH) | EPSS: 0.01214 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-61666", "url": "https://www.cve.org/CVERecord?id=CVE-2025-61666"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-61666"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Traccar Unauthenticated Local File Inclusion on Windows - Leakage of Traccar Config File", "vendor": "traccar", "product": "traccar", "added_date": "2026-06-08T00:00:00.000Z", "cvss_score": 8.7, "epss_score": 0.01214, "cvss_severity": "HIGH", "epss_percentile": 0.6458, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "d4e84ef9-8458-44b2-96cc-b23d22436339", "vulnerability": {"vulnId": "CVE-2025-8085", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "d4e84ef9-8458-44b2-96cc-b23d22436339", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-08T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Ditty < 3.1.58 - Unauthenticated SSRF | Affected: Unknown / Ditty | CVSS: 8.6 (HIGH) | EPSS: 0.16399 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-8085", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8085"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-8085"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Ditty < 3.1.58 - Unauthenticated SSRF", "vendor": "Unknown", "product": "Ditty", "added_date": "2026-06-08T00:00:00.000Z", "cvss_score": 8.6, "epss_score": 0.16399, "cvss_severity": "HIGH", "epss_percentile": 0.96574, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "ec5ec735-4446-4939-ac59-1815cf146b01", "vulnerability": {"vulnId": "CVE-2023-4490", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-07T00:00:00+00:00"}, "gcve": {"object_uuid": "ec5ec735-4446-4939-ac59-1815cf146b01", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-07T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: WP Job Portal < 2.0.6 - Unauthenticated SQLi | Affected: Unknown / WP Job Portal | CVSS: 9.8 (CRITICAL) | EPSS: 0.03122 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-4490", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4490"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-4490"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WP Job Portal < 2.0.6 - Unauthenticated SQLi", "vendor": "Unknown", "product": "WP Job Portal", "added_date": "2026-06-07T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.03122, "cvss_severity": "CRITICAL", "epss_percentile": 0.86164, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a50013b6-0888-4e93-a867-fed077da58ce", "vulnerability": {"vulnId": "CVE-2026-1405", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-07T00:00:00+00:00"}, "gcve": {"object_uuid": "a50013b6-0888-4e93-a867-fed077da58ce", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-07T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Slider Future <= 1.0.5 - Unauthenticated Arbitrary File Upload | Affected: franchidesign / Slider Future | CVSS: 9.8 (CRITICAL) | EPSS: 0.03177 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-1405", "url": "https://www.cve.org/CVERecord?id=CVE-2026-1405"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-1405"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Slider Future <= 1.0.5 - Unauthenticated Arbitrary File Upload", "vendor": "franchidesign", "product": "Slider Future", "added_date": "2026-06-07T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.03177, "cvss_severity": "CRITICAL", "epss_percentile": 0.86392, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "f772a712-c920-4196-873f-d2c9bc456e5b", "vulnerability": {"vulnId": "CVE-2021-24227", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-07T00:00:00+00:00"}, "gcve": {"object_uuid": "f772a712-c920-4196-873f-d2c9bc456e5b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-07T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Patreon WordPress < 1.7.0 - Unauthenticated Local File Disclosure | Affected: Unknown / Patreon WordPress | CVSS: 7.5 (HIGH) | EPSS: 0.05879 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-24227", "url": "https://www.cve.org/CVERecord?id=CVE-2021-24227"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-24227"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Patreon WordPress < 1.7.0 - Unauthenticated Local File Disclosure", "vendor": "Unknown", "product": "Patreon WordPress", "added_date": "2026-06-07T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.05879, "cvss_severity": "HIGH", "epss_percentile": 0.92266, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "11c78b06-b8d5-4925-82f4-dccfb9125efa", "vulnerability": {"vulnId": "CVE-2022-34753", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-07T00:00:00+00:00"}, "gcve": {"object_uuid": "11c78b06-b8d5-4925-82f4-dccfb9125efa", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-07T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote... | Affected: Schneider Electric / SpaceLogic C-Bus Home Controller | CVSS: 8.8 (HIGH) | EPSS: 0.71084 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-34753", "url": "https://www.cve.org/CVERecord?id=CVE-2022-34753"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-34753"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote...", "vendor": "Schneider Electric", "product": "SpaceLogic C-Bus Home Controller", "added_date": "2026-06-07T00:00:00.000Z", "cvss_score": 8.8, "epss_score": 0.71084, "cvss_severity": "HIGH", "epss_percentile": 0.99326, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "b9136156-40a3-4533-814a-60ec73db4a21", "vulnerability": {"vulnId": "CVE-2021-27358", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-07T00:00:00+00:00"}, "gcve": {"object_uuid": "b9136156-40a3-4533-814a-60ec73db4a21", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-07T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API... | Affected: Grafana Labs / Grafana | CVSS: 7.5 (HIGH) | EPSS: 0.83042 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-27358", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27358"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-27358"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API...", "vendor": "Grafana Labs", "product": "Grafana", "added_date": "2026-06-07T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.83042, "cvss_severity": "HIGH", "epss_percentile": 0.99636, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a42dd5ea-9004-46d0-afd7-97f0d9969e18", "vulnerability": {"vulnId": "CVE-2024-8752", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-07T00:00:00+00:00"}, "gcve": {"object_uuid": "a42dd5ea-9004-46d0-afd7-97f0d9969e18", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-07T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: WebIQ 2.15.9 Runtime on Windows - Directory Traversal Vulnerability | Affected: Smart HMI / WebIQ | CVSS: 9.3 (CRITICAL) | EPSS: 0.1166 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-8752", "url": "https://www.cve.org/CVERecord?id=CVE-2024-8752"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-8752"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WebIQ 2.15.9 Runtime on Windows - Directory Traversal Vulnerability", "vendor": "Smart HMI", "product": "WebIQ", "added_date": "2026-06-07T00:00:00.000Z", "cvss_score": 9.3, "epss_score": 0.1166, "cvss_severity": "CRITICAL", "epss_percentile": 0.9551, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "2225e278-0b76-47ce-bad4-ba058ba0a064", "vulnerability": {"vulnId": "CVE-2024-55457", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-07T00:00:00+00:00"}, "gcve": {"object_uuid": "2225e278-0b76-47ce-bad4-ba058ba0a064", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-07T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: MasterSAM Star Gate 11 is vulnerable to directory traversal via /adama/adama/downloadService. An attacker can exploit this vulnerability by... | Affected: MasterSAM / Star Gate 11 | CVSS: 6.5 (MEDIUM) | EPSS: 0.03012 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-55457", "url": "https://www.cve.org/CVERecord?id=CVE-2024-55457"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-55457"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "MasterSAM Star Gate 11 is vulnerable to directory traversal via /adama/adama/downloadService. An attacker can exploit this vulnerability by...", "vendor": "MasterSAM", "product": "Star Gate 11", "added_date": "2026-06-07T00:00:00.000Z", "cvss_score": 6.5, "epss_score": 0.03012, "cvss_severity": "MEDIUM", "epss_percentile": 0.85684, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "b325b9f4-ca8e-4569-9e41-2566ca4697d7", "vulnerability": {"vulnId": "CVE-2021-20166", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-07T00:00:00+00:00"}, "gcve": {"object_uuid": "b325b9f4-ca8e-4569-9e41-2566ca4697d7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-07T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability. The URL parsing functionality in the cgi-bin endpoint of the router... | Affected: Netgear / RAX43 | CVSS: 8.8 (HIGH) | EPSS: 0.02177 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-20166", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20166"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-20166"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability. The URL parsing functionality in the cgi-bin endpoint of the router...", "vendor": "Netgear", "product": "RAX43", "added_date": "2026-06-07T00:00:00.000Z", "cvss_score": 8.8, "epss_score": 0.02177, "cvss_severity": "HIGH", "epss_percentile": 0.79988, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "f3ca5deb-7413-4e2a-b849-79dcb61a0144", "vulnerability": {"vulnId": "CVE-2021-41569", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-07T00:00:00+00:00"}, "gcve": {"object_uuid": "f3ca5deb-7413-4e2a-b849-79dcb61a0144", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-07T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows... | Affected: SAS Institute Inc. / SAS/Intrnet | CVSS: 7.5 (HIGH) | EPSS: 0.07845 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-41569", "url": "https://www.cve.org/CVERecord?id=CVE-2021-41569"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-41569"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows...", "vendor": "SAS Institute Inc.", "product": "SAS/Intrnet", "added_date": "2026-06-07T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.07845, "cvss_severity": "HIGH", "epss_percentile": 0.9393, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "13ae7f9e-6561-4080-887d-7960d8c16c26", "vulnerability": {"vulnId": "CVE-2024-39713", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-07T00:00:00+00:00"}, "gcve": {"object_uuid": "13ae7f9e-6561-4080-887d-7960d8c16c26", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-07T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1. | Affected: Rocket.Chat / Rocket.Chat | CVSS: 8.6 (HIGH) | EPSS: 0.03201 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-39713", "url": "https://www.cve.org/CVERecord?id=CVE-2024-39713"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-39713"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1.", "vendor": "Rocket.Chat", "product": "Rocket.Chat", "added_date": "2026-06-07T00:00:00.000Z", "cvss_score": 8.6, "epss_score": 0.03201, "cvss_severity": "HIGH", "epss_percentile": 0.86478, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "30447ca0-f03f-499c-979b-584a06b8a6e0", "vulnerability": {"vulnId": "CVE-2017-10974", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-07T00:00:00+00:00"}, "gcve": {"object_uuid": "30447ca0-f03f-499c-979b-584a06b8a6e0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-07T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of... | Affected: Yaws / Yaws | CVSS: 7.5 (HIGH) | EPSS: 0.81028 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2017-10974", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10974"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-10974"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of...", "vendor": "Yaws", "product": "Yaws", "added_date": "2026-06-07T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.81028, "cvss_severity": "HIGH", "epss_percentile": 0.99583, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "1d21810f-0dd8-47e0-aa7a-5040d65276d4", "vulnerability": {"vulnId": "CVE-2022-3801", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-07T00:00:00+00:00"}, "gcve": {"object_uuid": "1d21810f-0dd8-47e0-aa7a-5040d65276d4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-07T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: IBAX go-ibax rowsInfo sql injection | Affected: IBAX / go-ibax | CVSS: 6.3 (MEDIUM) | EPSS: 0.30082 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-3801", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3801"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-3801"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "IBAX go-ibax rowsInfo sql injection", "vendor": "IBAX", "product": "go-ibax", "added_date": "2026-06-07T00:00:00.000Z", "cvss_score": 6.3, "epss_score": 0.30082, "cvss_severity": "MEDIUM", "epss_percentile": 0.97976, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "06c1eef2-ecfa-4fc6-9df6-a8c27e83ad6b", "vulnerability": {"vulnId": "CVE-2022-34121", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-07T00:00:00+00:00"}, "gcve": {"object_uuid": "06c1eef2-ecfa-4fc6-9df6-a8c27e83ad6b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-07T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php. | Affected: Cuppa CMS / Cuppa CMS | CVSS: 7.5 (HIGH) | EPSS: 0.02955 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-34121", "url": "https://www.cve.org/CVERecord?id=CVE-2022-34121"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-34121"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php.", "vendor": "Cuppa CMS", "product": "Cuppa CMS", "added_date": "2026-06-07T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.02955, "cvss_severity": "HIGH", "epss_percentile": 0.85396, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "2955fb61-dff0-4860-8482-30dd296f0658", "vulnerability": {"vulnId": "CVE-2021-3577", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-07T00:00:00+00:00"}, "gcve": {"object_uuid": "2955fb61-dff0-4860-8482-30dd296f0658", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-07T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker... | Affected: Motorola / Binatone Hubble Cameras | CVSS: 8.8 (HIGH) | EPSS: 0.59893 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-3577", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3577"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-3577"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker...", "vendor": "Motorola", "product": "Binatone Hubble Cameras", "added_date": "2026-06-07T00:00:00.000Z", "cvss_score": 8.8, "epss_score": 0.59893, "cvss_severity": "HIGH", "epss_percentile": 0.99014, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "77004d97-6fdc-4f76-8cc6-6d7aac2229d9", "vulnerability": {"vulnId": "CVE-2021-27670", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-06T00:00:00+00:00"}, "gcve": {"object_uuid": "77004d97-6fdc-4f76-8cc6-6d7aac2229d9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-06T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter. | Affected: Appspace / Appspace 6.2.4 | CVSS: 9.8 (CRITICAL) | EPSS: 0.60404 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-27670", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27670"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-27670"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.", "vendor": "Appspace", "product": "Appspace 6.2.4", "added_date": "2026-06-06T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.60404, "cvss_severity": "CRITICAL", "epss_percentile": 0.99027, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "32606c42-a48d-491a-971f-a5fd4fdc729e", "vulnerability": {"vulnId": "CVE-2022-1390", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-06T00:00:00+00:00"}, "gcve": {"object_uuid": "32606c42-a48d-491a-971f-a5fd4fdc729e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-06T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Admin Word Count Column <= 2.2 - Unauthenticated Arbitrary File Read | Affected: Unknown / Admin Word Count Column | CVSS: 9.8 (CRITICAL) | EPSS: 0.20846 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-1390", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1390"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-1390"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Admin Word Count Column <= 2.2 - Unauthenticated Arbitrary File Read", "vendor": "Unknown", "product": "Admin Word Count Column", "added_date": "2026-06-06T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.20846, "cvss_severity": "CRITICAL", "epss_percentile": 0.97232, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "854c2644-c7f7-43ba-a958-fdf57647e90a", "vulnerability": {"vulnId": "CVE-2021-4458", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-06T00:00:00+00:00"}, "gcve": {"object_uuid": "854c2644-c7f7-43ba-a958-fdf57647e90a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-06T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Modern Events Calendar Lite <= 6.3.0 - Unauthenticated SQL Injection | Affected: webnus / Modern Events Calendar Lite | CVSS: 5.9 (MEDIUM) | EPSS: 0.00354 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-4458", "url": "https://www.cve.org/CVERecord?id=CVE-2021-4458"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-4458"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Modern Events Calendar Lite <= 6.3.0 - Unauthenticated SQL Injection", "vendor": "webnus", "product": "Modern Events Calendar Lite", "added_date": "2026-06-06T00:00:00.000Z", "cvss_score": 5.9, "epss_score": 0.00354, "cvss_severity": "MEDIUM", "epss_percentile": 0.27111, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "b5002c90-55f8-4078-a7a0-f44884bc1071", "vulnerability": {"vulnId": "CVE-2022-29078", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-06T00:00:00+00:00"}, "gcve": {"object_uuid": "b5002c90-55f8-4078-a7a0-f44884bc1071", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-06T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view... | Affected: mde / ejs | CVSS: 9.8 (CRITICAL) | EPSS: 0.30623 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-29078", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29078"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-29078"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view...", "vendor": "mde", "product": "ejs", "added_date": "2026-06-06T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.30623, "cvss_severity": "CRITICAL", "epss_percentile": 0.98007, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "142dabd1-c666-4391-b6ee-294c380514be", "vulnerability": {"vulnId": "CVE-2021-21805", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-06T00:00:00+00:00"}, "gcve": {"object_uuid": "142dabd1-c666-4391-b6ee-294c380514be", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-06T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted... | Affected: Advantech / R-SeeNet | CVSS: 9.8 (CRITICAL) | EPSS: 0.69631 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-21805", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21805"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-21805"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted...", "vendor": "Advantech", "product": "R-SeeNet", "added_date": "2026-06-06T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.69631, "cvss_severity": "CRITICAL", "epss_percentile": 0.99279, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "e2f4e4de-0fc1-4c80-92b4-d95f284133a8", "vulnerability": {"vulnId": "CVE-2026-28318", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-05T18:00:36+00:00"}, "gcve": {"object_uuid": "e2f4e4de-0fc1-4c80-92b4-d95f284133a8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-05T18:00:36+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-05T18:00:36+00:00"}, "scope": {"notes": "KEVIntel entry: SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability | Affected: SolarWinds / Serv-U | CVSS: 7.5 (HIGH) | EPSS: 0.01054 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-28318", "url": "https://www.cve.org/CVERecord?id=CVE-2026-28318"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-28318"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability", "vendor": "SolarWinds", "product": "Serv-U", "added_date": "2026-06-05T18:00:36.180Z", "cvss_score": 7.5, "epss_score": 0.01054, "cvss_severity": "HIGH", "epss_percentile": 0.59955, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "75f17fd9-5da3-4337-b9ce-6e1c6d072098", "vulnerability": {"vulnId": "CVE-2026-7473", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-05T16:40:23+00:00"}, "gcve": {"object_uuid": "75f17fd9-5da3-4337-b9ce-6e1c6d072098", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-05T16:40:23+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-05T16:40:23+00:00"}, "scope": {"notes": "KEVIntel entry: Arista EOS Unexpected Tunnel Protocol Decapsulation and Forwarding Bypass | Affected: Arista Networks / EOS | CVSS: 6.9 (MEDIUM) | EPSS: 0.00378 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-7473", "url": "https://www.cve.org/CVERecord?id=CVE-2026-7473"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-7473"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Arista EOS Unexpected Tunnel Protocol Decapsulation and Forwarding Bypass", "vendor": "Arista Networks", "product": "EOS", "added_date": "2026-06-05T16:40:23.554Z", "cvss_score": 6.9, "epss_score": 0.00378, "cvss_severity": "MEDIUM", "epss_percentile": 0.29461, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 4}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c20efae4-2b36-42a9-9ffa-97657146df9a", "vulnerability": {"vulnId": "CVE-2026-3300", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-05T09:20:13+00:00"}, "gcve": {"object_uuid": "c20efae4-2b36-42a9-9ffa-97657146df9a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-05T09:20:13+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-05T09:20:13+00:00"}, "scope": {"notes": "KEVIntel entry: Everest Forms Pro <= 1.9.12 - Unauthenticated Remote Code Execution via Calculation Field | Affected: WPEverest / Everest Forms Pro | CVSS: 9.8 (CRITICAL) | EPSS: 0.04756 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-3300", "url": "https://www.cve.org/CVERecord?id=CVE-2026-3300"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-3300"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Everest Forms Pro <= 1.9.12 - Unauthenticated Remote Code Execution via Calculation Field", "vendor": "WPEverest", "product": "Everest Forms Pro", "added_date": "2026-06-05T09:20:13.225Z", "cvss_score": 9.8, "epss_score": 0.04756, "cvss_severity": "CRITICAL", "epss_percentile": 0.90732, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "ba4d53ae-a786-4acb-9d93-47b721ca5d5b", "vulnerability": {"vulnId": "CVE-2026-20245", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-05T06:24:20+00:00"}, "gcve": {"object_uuid": "ba4d53ae-a786-4acb-9d93-47b721ca5d5b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-05T06:24:20+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-05T06:24:20+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco Catalyst SD-WAN Controller Authenticated Privilege Escalation Vulnerability | Affected: Cisco / Cisco Catalyst SD-WAN Controller, Cisco Catalyst SD-WAN Manager | CVSS: 7.8 (HIGH) | EPSS: 0.00952 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-20245", "url": "https://www.cve.org/CVERecord?id=CVE-2026-20245"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-20245"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco Catalyst SD-WAN Controller Authenticated Privilege Escalation Vulnerability", "vendor": "Cisco", "product": "Cisco Catalyst SD-WAN Controller, Cisco Catalyst SD-WAN Manager", "added_date": "2026-06-05T06:24:20.000Z", "cvss_score": 7.8, "epss_score": 0.00952, "cvss_severity": "HIGH", "epss_percentile": 0.56677, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 4}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "31c88694-9979-4b1f-bfa9-cfe99425f499", "vulnerability": {"vulnId": "CVE-2024-27564", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-05T00:00:00+00:00"}, "gcve": {"object_uuid": "31c88694-9979-4b1f-bfa9-cfe99425f499", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-05T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: pictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc allows SSRF via the url parameter. NOTE: the references section has an archived copy... | Affected: dirk1983 / mm1.ltd source code | CVSS: 5.8 (MEDIUM) | EPSS: 0.40637 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-27564", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27564"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-27564"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "pictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc allows SSRF via the url parameter. NOTE: the references section has an archived copy...", "vendor": "dirk1983", "product": "mm1.ltd source code", "added_date": "2026-06-05T00:00:00.000Z", "cvss_score": 5.8, "epss_score": 0.40637, "cvss_severity": "MEDIUM", "epss_percentile": 0.98474, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "5acde580-6a5c-4f7d-bedc-2e79e98a34b9", "vulnerability": {"vulnId": "CVE-2025-30567", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-05T00:00:00+00:00"}, "gcve": {"object_uuid": "5acde580-6a5c-4f7d-bedc-2e79e98a34b9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-05T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: WordPress WP01 plugin <= 2.6.2 - Arbitrary File Download Vulnerability | Affected: WP01 / WP01 | CVSS: 7.5 (HIGH) | EPSS: 0.02584 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-30567", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30567"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-30567"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WordPress WP01 plugin <= 2.6.2 - Arbitrary File Download Vulnerability", "vendor": "WP01", "product": "WP01", "added_date": "2026-06-05T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.02584, "cvss_severity": "HIGH", "epss_percentile": 0.83226, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "369d4ecc-0da9-4326-a96a-d6c6fc2cb51e", "vulnerability": {"vulnId": "CVE-2024-45309", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-05T00:00:00+00:00"}, "gcve": {"object_uuid": "369d4ecc-0da9-4326-a96a-d6c6fc2cb51e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-05T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: OneDev vulnerable to arbitrary file reading for unauthenticated user | Affected: theonedev / onedev | CVSS: 8.7 (HIGH) | EPSS: 0.24822 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-45309", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45309"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-45309"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "OneDev vulnerable to arbitrary file reading for unauthenticated user", "vendor": "theonedev", "product": "onedev", "added_date": "2026-06-05T00:00:00.000Z", "cvss_score": 8.7, "epss_score": 0.24822, "cvss_severity": "HIGH", "epss_percentile": 0.97627, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "bb8d8891-933e-4075-84e7-a19214a37ad1", "vulnerability": {"vulnId": "CVE-2024-6671", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-04T00:00:00+00:00"}, "gcve": {"object_uuid": "bb8d8891-933e-4075-84e7-a19214a37ad1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-04T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: WhatsUp Gold GetStatisticalMonitorList SQL Injection Authentication Bypass Vulnerability | Affected: Progress Software Corporation / WhatsUp Gold | CVSS: 9.8 (CRITICAL) | EPSS: 0.14886 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-6671", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6671"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-6671"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WhatsUp Gold GetStatisticalMonitorList SQL Injection Authentication Bypass Vulnerability", "vendor": "Progress Software Corporation", "product": "WhatsUp Gold", "added_date": "2026-06-04T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.14886, "cvss_severity": "CRITICAL", "epss_percentile": 0.96272, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "4656f0b0-7245-43f9-b74c-96f22feadbaf", "vulnerability": {"vulnId": "CVE-2020-13379", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-04T00:00:00+00:00"}, "gcve": {"object_uuid": "4656f0b0-7245-43f9-b74c-96f22feadbaf", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-04T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated... | Affected: Grafana / Grafana | CVSS: 8.2 (HIGH) | EPSS: 0.99856 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-13379", "url": "https://www.cve.org/CVERecord?id=CVE-2020-13379"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-13379"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated...", "vendor": "Grafana", "product": "Grafana", "added_date": "2026-06-04T00:00:00.000Z", "cvss_score": 8.2, "epss_score": 0.99856, "cvss_severity": "HIGH", "epss_percentile": 0.99959, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "dec5b753-1eb9-4a41-b361-5a6668a1e5a6", "vulnerability": {"vulnId": "CVE-2025-67303", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-04T00:00:00+00:00"}, "gcve": {"object_uuid": "dec5b753-1eb9-4a41-b361-5a6668a1e5a6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-04T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was... | Affected: Comfy-Org / ComfyUI-Manager | CVSS: 7.5 (HIGH) | EPSS: 0.01361 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-67303", "url": "https://www.cve.org/CVERecord?id=CVE-2025-67303"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-67303"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was...", "vendor": "Comfy-Org", "product": "ComfyUI-Manager", "added_date": "2026-06-04T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.01361, "cvss_severity": "HIGH", "epss_percentile": 0.68144, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "72daf2b9-a0b1-449f-a883-2a4091eb66ac", "vulnerability": {"vulnId": "CVE-2022-24716", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-04T00:00:00+00:00"}, "gcve": {"object_uuid": "72daf2b9-a0b1-449f-a883-2a4091eb66ac", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-04T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Path traversal in Icinga Web 2 | Affected: Icinga / icingaweb2 | CVSS: 7.5 (HIGH) | EPSS: 0.89378 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-24716", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24716"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-24716"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Path traversal in Icinga Web 2", "vendor": "Icinga", "product": "icingaweb2", "added_date": "2026-06-04T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.89378, "cvss_severity": "HIGH", "epss_percentile": 0.99767, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "76bafc4e-39af-4419-9eaa-6052d2de5027", "vulnerability": {"vulnId": "CVE-2023-6875", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-04T00:00:00+00:00"}, "gcve": {"object_uuid": "76bafc4e-39af-4419-9eaa-6052d2de5027", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-04T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The POST SMTP Mailer \u2013 Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to... | Affected: wpexpertsio / POST SMTP \u2013 The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications | CVSS: 9.8 (CRITICAL) | EPSS: 0.90339 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-6875", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6875"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-6875"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The POST SMTP Mailer \u2013 Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to...", "vendor": "wpexpertsio", "product": "POST SMTP \u2013 The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications", "added_date": "2026-06-04T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.90339, "cvss_severity": "CRITICAL", "epss_percentile": 0.99784, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "b4f6c125-eb5a-4978-8e6b-63dbd1ffe3bf", "vulnerability": {"vulnId": "CVE-2023-22620", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-04T00:00:00+00:00"}, "gcve": {"object_uuid": "b4f6c125-eb5a-4978-8e6b-63dbd1ffe3bf", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-04T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an... | Affected: SecurePoint / UTM | CVSS: 7.5 (HIGH) | EPSS: 0.03888 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-22620", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22620"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-22620"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an...", "vendor": "SecurePoint", "product": "UTM", "added_date": "2026-06-04T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.03888, "cvss_severity": "HIGH", "epss_percentile": 0.8888, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "e0933d36-025f-4922-89ae-5fe3cd385113", "vulnerability": {"vulnId": "CVE-2026-45247", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-03T18:00:21+00:00"}, "gcve": {"object_uuid": "e0933d36-025f-4922-89ae-5fe3cd385113", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-03T18:00:21+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-03T18:00:21+00:00"}, "scope": {"notes": "KEVIntel entry: Mirasvit Cache Warmer for Magento < 1.11.12 PHP Object Injection | Affected: Mirasvit / Full Page Cache Warmer for Magento 2 | CVSS: 9.3 (CRITICAL) | EPSS: 0.01502 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-45247", "url": "https://www.cve.org/CVERecord?id=CVE-2026-45247"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-45247"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Mirasvit Cache Warmer for Magento < 1.11.12 PHP Object Injection", "vendor": "Mirasvit", "product": "Full Page Cache Warmer for Magento 2", "added_date": "2026-06-03T18:00:21.829Z", "cvss_score": 9.3, "epss_score": 0.01502, "cvss_severity": "CRITICAL", "epss_percentile": 0.70972, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "81272b99-8d02-476a-83e6-2cfd3160135d", "vulnerability": {"vulnId": "CVE-2025-48827", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-03T10:06:54+00:00"}, "gcve": {"object_uuid": "81272b99-8d02-476a-83e6-2cfd3160135d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-03T10:06:54+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-03T10:06:54+00:00"}, "scope": {"notes": "KEVIntel entry: vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP... | Affected: vBulletin / vBulletin | CVSS: 10.0 (CRITICAL) | EPSS: 0.69649 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-48827", "url": "https://www.cve.org/CVERecord?id=CVE-2025-48827"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-48827"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP...", "vendor": "vBulletin", "product": "vBulletin", "added_date": "2026-06-03T10:06:54.268Z", "cvss_score": 10.0, "epss_score": 0.69649, "cvss_severity": "CRITICAL", "epss_percentile": 0.9928, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "c4f5a8c5-797b-4a85-a15f-45020b89c596", "vulnerability": {"vulnId": "CVE-2026-8206", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-03T08:20:48+00:00"}, "gcve": {"object_uuid": "c4f5a8c5-797b-4a85-a15f-45020b89c596", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-03T08:20:48+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-03T08:20:48+00:00"}, "scope": {"notes": "KEVIntel entry: Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password' | Affected: themeum / Kirki \u2013 Freeform Page Builder, Website Builder & Customizer | CVSS: 9.8 (CRITICAL) | EPSS: 0.00623 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-8206", "url": "https://www.cve.org/CVERecord?id=CVE-2026-8206"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-8206"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'", "vendor": "themeum", "product": "Kirki \u2013 Freeform Page Builder, Website Builder & Customizer", "added_date": "2026-06-03T08:20:48.478Z", "cvss_score": 9.8, "epss_score": 0.00623, "cvss_severity": "CRITICAL", "epss_percentile": 0.45121, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "14b605c4-9d49-490a-8762-9bd407e96f72", "vulnerability": {"vulnId": "CVE-2023-6909", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-03T00:00:00+00:00"}, "gcve": {"object_uuid": "14b605c4-9d49-490a-8762-9bd407e96f72", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-03T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Path Traversal: '\\..\\filename' in mlflow/mlflow | Affected: mlflow / mlflow/mlflow | CVSS: 7.5 (HIGH) | EPSS: 0.89716 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-6909", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6909"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-6909"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Path Traversal: '\\..\\filename' in mlflow/mlflow", "vendor": "mlflow", "product": "mlflow/mlflow", "added_date": "2026-06-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.89716, "cvss_severity": "HIGH", "epss_percentile": 0.99773, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "f8685c83-0de7-4b31-b0d8-9715cc2a94a6", "vulnerability": {"vulnId": "CVE-2022-4059", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-03T00:00:00+00:00"}, "gcve": {"object_uuid": "f8685c83-0de7-4b31-b0d8-9715cc2a94a6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-03T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cryptocurrency Widgets Pack < 2.0 - Unauthenticated SQLi | Affected: Unknown / Cryptocurrency Widgets Pack | CVSS: 9.8 (CRITICAL) | EPSS: 0.04756 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-4059", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4059"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-4059"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cryptocurrency Widgets Pack < 2.0 - Unauthenticated SQLi", "vendor": "Unknown", "product": "Cryptocurrency Widgets Pack", "added_date": "2026-06-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.04756, "cvss_severity": "CRITICAL", "epss_percentile": 0.90732, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "6a4cdf26-e033-4f06-b832-6597211e98d6", "vulnerability": {"vulnId": "CVE-2026-41176", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-03T00:00:00+00:00"}, "gcve": {"object_uuid": "6a4cdf26-e033-4f06-b832-6597211e98d6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-03T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution | Affected: rclone / rclone | CVSS: 9.2 (CRITICAL) | EPSS: 0.35437 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-41176", "url": "https://www.cve.org/CVERecord?id=CVE-2026-41176"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-41176"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution", "vendor": "rclone", "product": "rclone", "added_date": "2026-06-03T00:00:00.000Z", "cvss_score": 9.2, "epss_score": 0.35437, "cvss_severity": "CRITICAL", "epss_percentile": 0.98248, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "efcd9187-55cc-4a6c-9631-8811a726cc0e", "vulnerability": {"vulnId": "CVE-2025-9316", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-03T00:00:00+00:00"}, "gcve": {"object_uuid": "efcd9187-55cc-4a6c-9631-8811a726cc0e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-03T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: N-central unauthenticated sessionID generation | Affected: N-able / N-central | CVSS: 6.9 (MEDIUM) | EPSS: 0.36673 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-9316", "url": "https://www.cve.org/CVERecord?id=CVE-2025-9316"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-9316"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "N-central unauthenticated sessionID generation", "vendor": "N-able", "product": "N-central", "added_date": "2026-06-03T00:00:00.000Z", "cvss_score": 6.9, "epss_score": 0.36673, "cvss_severity": "MEDIUM", "epss_percentile": 0.98303, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "8b55ae87-2ae8-4c0b-a5ee-98fc4de49ae4", "vulnerability": {"vulnId": "CVE-2022-0492", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-02T18:00:02+00:00"}, "gcve": {"object_uuid": "8b55ae87-2ae8-4c0b-a5ee-98fc4de49ae4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-02T18:00:02+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-02T18:00:02+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability was found in the Linux kernel\u2019s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain... | Affected: Linux / kernel | CVSS: 7.8 (HIGH) | EPSS: 0.05495 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-0492", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0492"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-0492"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability was found in the Linux kernel\u2019s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain...", "vendor": "Linux", "product": "kernel", "added_date": "2026-06-02T18:00:02.476Z", "cvss_score": 7.8, "epss_score": 0.05495, "cvss_severity": "HIGH", "epss_percentile": 0.91767, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "hour", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "1b8ae0b1-dbb2-4423-b66f-6523bae273b4", "vulnerability": {"vulnId": "CVE-2025-48595", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-02T12:15:00+00:00"}, "gcve": {"object_uuid": "1b8ae0b1-dbb2-4423-b66f-6523bae273b4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-02T12:15:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-02T12:15:00+00:00"}, "scope": {"notes": "KEVIntel entry: In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of... | Affected: Google / Android | CVSS: 8.4 (HIGH) | EPSS: 0.0015 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-48595", "url": "https://www.cve.org/CVERecord?id=CVE-2025-48595"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-48595"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of...", "vendor": "Google", "product": "Android", "added_date": "2026-06-02T12:15:00.000Z", "cvss_score": 8.4, "epss_score": 0.0015, "cvss_severity": "HIGH", "epss_percentile": 0.04532, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "hour", "count": 6}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ab82db45-2875-4983-a9e7-cbc585531708", "vulnerability": {"vulnId": "CVE-2026-41089", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-02T11:06:00+00:00"}, "gcve": {"object_uuid": "ab82db45-2875-4983-a9e7-cbc585531708", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-02T11:06:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-02T11:06:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Netlogon Remote Code Execution Vulnerability | Affected: Microsoft / Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 9.8 (CRITICAL) | EPSS: 0.43788 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-41089", "url": "https://www.cve.org/CVERecord?id=CVE-2026-41089"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-41089"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Netlogon Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2026-06-02T11:06:00.000Z", "cvss_score": 9.8, "epss_score": 0.43788, "cvss_severity": "CRITICAL", "epss_percentile": 0.98582, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "5aff0473-e19d-48f9-bfcc-c851558aa827", "vulnerability": {"vulnId": "CVE-2024-21182", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T18:00:02+00:00"}, "gcve": {"object_uuid": "5aff0473-e19d-48f9-bfcc-c851558aa827", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T18:00:02+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T18:00:02+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).  Supported versions that are affected are... | Affected: Oracle Corporation / WebLogic Server | CVSS: 7.5 (HIGH) | EPSS: 0.48244 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-21182", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21182"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-21182"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).  Supported versions that are affected are...", "vendor": "Oracle Corporation", "product": "WebLogic Server", "added_date": "2026-06-01T18:00:02.554Z", "cvss_score": 7.5, "epss_score": 0.48244, "cvss_severity": "HIGH", "epss_percentile": 0.98715, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "hour", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "dd94cbdf-4857-4878-9948-f60f1226a873", "vulnerability": {"vulnId": "CVE-2023-43000", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:30:35+00:00"}, "gcve": {"object_uuid": "dd94cbdf-4857-4878-9948-f60f1226a873", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:30:35+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:30:35+00:00"}, "scope": {"notes": "KEVIntel entry: A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari... | Affected: Apple / macOS, iOS and iPadOS, Safari | CVSS: 8.8 (HIGH) | EPSS: 0.03817 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-43000", "url": "https://www.cve.org/CVERecord?id=CVE-2023-43000"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-43000"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari...", "vendor": "Apple", "product": "macOS, iOS and iPadOS, Safari", "added_date": "2026-06-01T13:30:35.576Z", "cvss_score": 8.8, "epss_score": 0.03817, "cvss_severity": "HIGH", "epss_percentile": 0.88691, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b25c662c-0db0-4b33-b890-bc2f49f8a9db", "vulnerability": {"vulnId": "CVE-2025-31277", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:30:35+00:00"}, "gcve": {"object_uuid": "b25c662c-0db0-4b33-b890-bc2f49f8a9db", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:30:35+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:30:35+00:00"}, "scope": {"notes": "KEVIntel entry: The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6,... | Affected: Apple / Safari, iOS and iPadOS, macOS, tvOS, visionOS, watchOS | CVSS: 8.8 (HIGH) | EPSS: 0.01428 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-31277", "url": "https://www.cve.org/CVERecord?id=CVE-2025-31277"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-31277"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6,...", "vendor": "Apple", "product": "Safari, iOS and iPadOS, macOS, tvOS, visionOS, watchOS", "added_date": "2026-06-01T13:30:35.304Z", "cvss_score": 8.8, "epss_score": 0.01428, "cvss_severity": "HIGH", "epss_percentile": 0.69516, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0b724562-30e4-487b-b9b7-ebfb311517f0", "vulnerability": {"vulnId": "CVE-2026-9082", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:29:38+00:00"}, "gcve": {"object_uuid": "0b724562-30e4-487b-b9b7-ebfb311517f0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:29:38+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:29:38+00:00"}, "scope": {"notes": "KEVIntel entry: Drupal core - Highly critical - SQL injection - SA-CORE-2026-004 | Affected: Drupal / Drupal core | CVSS: 9.8 (CRITICAL) | EPSS: 0.33665 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-9082", "url": "https://www.cve.org/CVERecord?id=CVE-2026-9082"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-9082"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Drupal core - Highly critical - SQL injection - SA-CORE-2026-004", "vendor": "Drupal", "product": "Drupal core", "added_date": "2026-06-01T13:29:38.047Z", "cvss_score": 9.8, "epss_score": 0.33665, "cvss_severity": "CRITICAL", "epss_percentile": 0.98171, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2cd4d0c8-e72c-4363-9dd5-0ac847120b2c", "vulnerability": {"vulnId": "CVE-2026-48172", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:29:31+00:00"}, "gcve": {"object_uuid": "2cd4d0c8-e72c-4363-9dd5-0ac847120b2c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:29:31+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:29:31+00:00"}, "scope": {"notes": "KEVIntel entry: LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is... | Affected: LiteSpeed Technologies / cPanel Plugin, WHM Plugin | CVSS: 10.0 (CRITICAL) | EPSS: 0.01233 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-48172", "url": "https://www.cve.org/CVERecord?id=CVE-2026-48172"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-48172"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is...", "vendor": "LiteSpeed Technologies", "product": "cPanel Plugin, WHM Plugin", "added_date": "2026-06-01T13:29:31.681Z", "cvss_score": 10.0, "epss_score": 0.01233, "cvss_severity": "CRITICAL", "epss_percentile": 0.65121, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3f34b1b2-ac5c-45d1-8cb7-63f44cae28f7", "vulnerability": {"vulnId": "CVE-2025-34291", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:29:30+00:00"}, "gcve": {"object_uuid": "3f34b1b2-ac5c-45d1-8cb7-63f44cae28f7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:29:30+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:29:30+00:00"}, "scope": {"notes": "KEVIntel entry: Langflow <= 1.6.9 CORS Misconfiguration to Token Hijack & RCE | Affected: Langflow / Langflow | CVSS: 9.4 (CRITICAL) | EPSS: 0.25153 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-34291", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34291"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-34291"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Langflow <= 1.6.9 CORS Misconfiguration to Token Hijack & RCE", "vendor": "Langflow", "product": "Langflow", "added_date": "2026-06-01T13:29:30.499Z", "cvss_score": 9.4, "epss_score": 0.25153, "cvss_severity": "CRITICAL", "epss_percentile": 0.9766, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e1bd0e0b-f3a9-4bb2-9bed-8b6977de00a8", "vulnerability": {"vulnId": "CVE-2026-34926", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:29:30+00:00"}, "gcve": {"object_uuid": "e1bd0e0b-f3a9-4bb2-9bed-8b6977de00a8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:29:30+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:29:30+00:00"}, "scope": {"notes": "KEVIntel entry: A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the... | Affected: Trend Micro, Inc. / TrendAI Apex One, TrendAI Apex One as a Service | CVSS: 6.7 (MEDIUM) | EPSS: 0.01112 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-34926", "url": "https://www.cve.org/CVERecord?id=CVE-2026-34926"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-34926"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the...", "vendor": "Trend Micro, Inc.", "product": "TrendAI Apex One, TrendAI Apex One as a Service", "added_date": "2026-06-01T13:29:30.761Z", "cvss_score": 6.7, "epss_score": 0.01112, "cvss_severity": "MEDIUM", "epss_percentile": 0.617, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3f3816f2-5c4c-4b0f-aa08-70390df76fa6", "vulnerability": {"vulnId": "CVE-2026-45498", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:29:26+00:00"}, "gcve": {"object_uuid": "3f3816f2-5c4c-4b0f-aa08-70390df76fa6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:29:26+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:29:26+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Defender Denial of Service Vulnerability | Affected: Microsoft / Microsoft Defender Antimalware Platform | CVSS: 4.0 (MEDIUM) | EPSS: 0.025 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-45498", "url": "https://www.cve.org/CVERecord?id=CVE-2026-45498"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-45498"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Defender Denial of Service Vulnerability", "vendor": "Microsoft", "product": "Microsoft Defender Antimalware Platform", "added_date": "2026-06-01T13:29:26.865Z", "cvss_score": 4.0, "epss_score": 0.025, "cvss_severity": "MEDIUM", "epss_percentile": 0.82641, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0d671665-f6d7-4bbd-a722-e6224391fd94", "vulnerability": {"vulnId": "CVE-2026-41091", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:29:26+00:00"}, "gcve": {"object_uuid": "0d671665-f6d7-4bbd-a722-e6224391fd94", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:29:26+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:29:26+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Defender Elevation of Privilege Vulnerability | Affected: Microsoft / Microsoft Malware Protection Engine | CVSS: 7.8 (HIGH) | EPSS: 0.01172 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-41091", "url": "https://www.cve.org/CVERecord?id=CVE-2026-41091"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-41091"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Defender Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Microsoft Malware Protection Engine", "added_date": "2026-06-01T13:29:26.114Z", "cvss_score": 7.8, "epss_score": 0.01172, "cvss_severity": "HIGH", "epss_percentile": 0.63386, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7f665a38-c1a9-453f-80d1-0936302d2a64", "vulnerability": {"vulnId": "CVE-2026-34234", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:29:18+00:00"}, "gcve": {"object_uuid": "7f665a38-c1a9-453f-80d1-0936302d2a64", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:29:18+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:29:18+00:00"}, "scope": {"notes": "KEVIntel entry: CtrlPanel: Unauthenticated RCE using installer script | Affected: Ctrlpanel-gg / panel | CVSS: 10.0 (CRITICAL) | EPSS: 0.00858 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-34234", "url": "https://www.cve.org/CVERecord?id=CVE-2026-34234"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-34234"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "CtrlPanel: Unauthenticated RCE using installer script", "vendor": "Ctrlpanel-gg", "product": "panel", "added_date": "2026-06-01T13:29:18.130Z", "cvss_score": 10.0, "epss_score": 0.00858, "cvss_severity": "CRITICAL", "epss_percentile": 0.53676, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "bb439849-ad12-4ae3-aa28-15fb8601fcde", "vulnerability": {"vulnId": "CVE-2026-42897", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:29:03+00:00"}, "gcve": {"object_uuid": "bb439849-ad12-4ae3-aa28-15fb8601fcde", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:29:03+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:29:03+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Exchange Server Spoofing Vulnerability | Affected: Microsoft / Microsoft Exchange Server 2016 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 14, Microsoft Exchange Server 2019 Cumulative Update 15, Microsoft Exchange Server Subscription Edition RTM | CVSS: 8.1 (HIGH) | EPSS: 0.02509 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-42897", "url": "https://www.cve.org/CVERecord?id=CVE-2026-42897"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-42897"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Exchange Server Spoofing Vulnerability", "vendor": "Microsoft", "product": "Microsoft Exchange Server 2016 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 14, Microsoft Exchange Server 2019 Cumulative Update 15, Microsoft Exchange Server Subscription Edition RTM", "added_date": "2026-06-01T13:29:03.497Z", "cvss_score": 8.1, "epss_score": 0.02509, "cvss_severity": "HIGH", "epss_percentile": 0.82703, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cadf27a7-c237-4a92-830e-610e8134166a", "vulnerability": {"vulnId": "CVE-2026-42208", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:26:37+00:00"}, "gcve": {"object_uuid": "cadf27a7-c237-4a92-830e-610e8134166a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:26:37+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:26:37+00:00"}, "scope": {"notes": "KEVIntel entry: LiteLLM: SQL injection in Proxy API key verification | Affected: BerriAI / litellm | CVSS: 9.3 (CRITICAL) | EPSS: 0.93107 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-42208", "url": "https://www.cve.org/CVERecord?id=CVE-2026-42208"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-42208"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "LiteLLM: SQL injection in Proxy API key verification", "vendor": "BerriAI", "product": "litellm", "added_date": "2026-06-01T13:26:37.184Z", "cvss_score": 9.3, "epss_score": 0.93107, "cvss_severity": "CRITICAL", "epss_percentile": 0.99819, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d7e6f14b-7370-4a53-981c-d1ed5b6dfef1", "vulnerability": {"vulnId": "CVE-2026-6973", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:26:33+00:00"}, "gcve": {"object_uuid": "d7e6f14b-7370-4a53-981c-d1ed5b6dfef1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:26:33+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:26:33+00:00"}, "scope": {"notes": "KEVIntel entry: An Improper Input Validation in Ivanti EPMM\u00a0before\u00a0versions 12.6.1.1, 12.7.0.1, and 12.8.0.1\u00a0allows\u00a0a remotely authenticated user... | Affected: Ivanti / Endpoint Manager Mobile | CVSS: 7.2 (HIGH) | EPSS: 0.20188 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-6973", "url": "https://www.cve.org/CVERecord?id=CVE-2026-6973"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-6973"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An Improper Input Validation in Ivanti EPMM\u00a0before\u00a0versions 12.6.1.1, 12.7.0.1, and 12.8.0.1\u00a0allows\u00a0a remotely authenticated user...", "vendor": "Ivanti", "product": "Endpoint Manager Mobile", "added_date": "2026-06-01T13:26:33.373Z", "cvss_score": 7.2, "epss_score": 0.20188, "cvss_severity": "HIGH", "epss_percentile": 0.97131, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "38f917a8-b57f-49c2-989e-ac05600dd3a5", "vulnerability": {"vulnId": "CVE-2026-44742", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:26:33+00:00"}, "gcve": {"object_uuid": "38f917a8-b57f-49c2-989e-ac05600dd3a5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:26:33+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:26:33+00:00"}, "scope": {"notes": "KEVIntel entry: Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May... | Affected: Postorius project / Postorius | CVSS: 7.2 (HIGH) | EPSS: 0.00237 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-44742", "url": "https://www.cve.org/CVERecord?id=CVE-2026-44742"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-44742"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May...", "vendor": "Postorius project", "product": "Postorius", "added_date": "2026-06-01T13:26:33.175Z", "cvss_score": 7.2, "epss_score": 0.00237, "cvss_severity": "HIGH", "epss_percentile": 0.1449, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "7ec91d13-337a-4ea7-9c01-b8b2edda9cec", "vulnerability": {"vulnId": "CVE-2026-0300", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:26:25+00:00"}, "gcve": {"object_uuid": "7ec91d13-337a-4ea7-9c01-b8b2edda9cec", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:26:25+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:26:25+00:00"}, "scope": {"notes": "KEVIntel entry: PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID\u2122 Authentication Portal | Affected: Palo Alto Networks / Cloud NGFW, PAN-OS, Prisma Access | CVSS: 9.3 (CRITICAL) | EPSS: 0.3176 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-0300", "url": "https://www.cve.org/CVERecord?id=CVE-2026-0300"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-0300"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID\u2122 Authentication Portal", "vendor": "Palo Alto Networks", "product": "Cloud NGFW, PAN-OS, Prisma Access", "added_date": "2026-06-01T13:26:25.457Z", "cvss_score": 9.3, "epss_score": 0.3176, "cvss_severity": "CRITICAL", "epss_percentile": 0.98072, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e45e0339-38f1-4159-9b3e-c9410b837dd6", "vulnerability": {"vulnId": "CVE-2026-31431", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:26:07+00:00"}, "gcve": {"object_uuid": "e45e0339-38f1-4159-9b3e-c9410b837dd6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:26:07+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:26:07+00:00"}, "scope": {"notes": "KEVIntel entry: crypto: algif_aead - Revert to operating out-of-place | Affected: Linux / Linux | CVSS: 7.8 (HIGH) | EPSS: 0.94016 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-31431", "url": "https://www.cve.org/CVERecord?id=CVE-2026-31431"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-31431"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "crypto: algif_aead - Revert to operating out-of-place", "vendor": "Linux", "product": "Linux", "added_date": "2026-06-01T13:26:07.375Z", "cvss_score": 7.8, "epss_score": 0.94016, "cvss_severity": "HIGH", "epss_percentile": 0.99836, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9f2d799e-ce06-41b4-833f-1e8208ffbebb", "vulnerability": {"vulnId": "CVE-2026-32202", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:25:49+00:00"}, "gcve": {"object_uuid": "9f2d799e-ce06-41b4-833f-1e8208ffbebb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:25:49+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:25:49+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Shell Spoofing Vulnerability | Affected: Microsoft / Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows 11 Version 25H2, Windows 11 version 26H1, Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 4.3 (MEDIUM) | EPSS: 0.19985 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-32202", "url": "https://www.cve.org/CVERecord?id=CVE-2026-32202"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-32202"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Shell Spoofing Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows 11 Version 25H2, Windows 11 version 26H1, Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2026-06-01T13:25:49.558Z", "cvss_score": 4.3, "epss_score": 0.19985, "cvss_severity": "MEDIUM", "epss_percentile": 0.97104, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c621cabd-3718-4731-bebd-aa709b8ba112", "vulnerability": {"vulnId": "CVE-2024-1708", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:24:35+00:00"}, "gcve": {"object_uuid": "c621cabd-3718-4731-bebd-aa709b8ba112", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:24:35+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:24:35+00:00"}, "scope": {"notes": "KEVIntel entry: Improper limitation of a pathname to a restricted directory (\u201cpath traversal\u201d) | Affected: ConnectWise / ScreenConnect | CVSS: 8.4 (HIGH) | EPSS: 0.87624 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-1708", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1708"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-1708"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Improper limitation of a pathname to a restricted directory (\u201cpath traversal\u201d)", "vendor": "ConnectWise", "product": "ScreenConnect", "added_date": "2026-06-01T13:24:35.769Z", "cvss_score": 8.4, "epss_score": 0.87624, "cvss_severity": "HIGH", "epss_percentile": 0.99735, "used_in_malware": "yes", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b9ebbb81-f59b-4432-99dc-907bf357bb44", "vulnerability": {"vulnId": "CVE-2024-7399", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:23:43+00:00"}, "gcve": {"object_uuid": "b9ebbb81-f59b-4432-99dc-907bf357bb44", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:23:43+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:23:43+00:00"}, "scope": {"notes": "KEVIntel entry: Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to... | Affected: Samsung Electronics / MagicINFO 9 Server | CVSS: 8.8 (HIGH) | EPSS: 0.91941 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-7399", "url": "https://www.cve.org/CVERecord?id=CVE-2024-7399"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-7399"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to...", "vendor": "Samsung Electronics", "product": "MagicINFO 9 Server", "added_date": "2026-06-01T13:23:43.436Z", "cvss_score": 8.8, "epss_score": 0.91941, "cvss_severity": "HIGH", "epss_percentile": 0.99806, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "19fe80f0-3d7e-48f4-bdf8-21bdd934e7f1", "vulnerability": {"vulnId": "CVE-2025-29635", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:23:43+00:00"}, "gcve": {"object_uuid": "19fe80f0-3d7e-48f4-bdf8-21bdd934e7f1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:23:43+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:23:43+00:00"}, "scope": {"notes": "KEVIntel entry: A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote... | Affected: D-Link / DIR-823X | CVSS: 7.2 (HIGH) | EPSS: 0.3515 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-29635", "url": "https://www.cve.org/CVERecord?id=CVE-2025-29635"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-29635"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote...", "vendor": "D-Link", "product": "DIR-823X", "added_date": "2026-06-01T13:23:43.718Z", "cvss_score": 7.2, "epss_score": 0.3515, "cvss_severity": "HIGH", "epss_percentile": 0.98236, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "1476962f-bae6-44fc-aaaf-53e7941d6fe2", "vulnerability": {"vulnId": "CVE-2024-57728", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:23:43+00:00"}, "gcve": {"object_uuid": "1476962f-bae6-44fc-aaaf-53e7941d6fe2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:23:43+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:23:43+00:00"}, "scope": {"notes": "KEVIntel entry: SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a... | Affected: SimpleHelp / SimpleHelp remote support software | CVSS: 7.2 (HIGH) | EPSS: 0.07549 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-57728", "url": "https://www.cve.org/CVERecord?id=CVE-2024-57728"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-57728"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a...", "vendor": "SimpleHelp", "product": "SimpleHelp remote support software", "added_date": "2026-06-01T13:23:43.404Z", "cvss_score": 7.2, "epss_score": 0.07549, "cvss_severity": "HIGH", "epss_percentile": 0.93736, "used_in_malware": "yes", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2e61ee7c-808f-4317-b98d-10bdb25ae25c", "vulnerability": {"vulnId": "CVE-2024-57726", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:23:43+00:00"}, "gcve": {"object_uuid": "2e61ee7c-808f-4317-b98d-10bdb25ae25c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:23:43+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:23:43+00:00"}, "scope": {"notes": "KEVIntel entry: SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive... | Affected: SimpleHelp / SimpleHelp remote support software | CVSS: 9.9 (CRITICAL) | EPSS: 0.09328 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-57726", "url": "https://www.cve.org/CVERecord?id=CVE-2024-57726"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-57726"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive...", "vendor": "SimpleHelp", "product": "SimpleHelp remote support software", "added_date": "2026-06-01T13:23:43.375Z", "cvss_score": 9.9, "epss_score": 0.09328, "cvss_severity": "CRITICAL", "epss_percentile": 0.94743, "used_in_malware": "yes", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6ad76ae1-b2e4-4544-902b-d98e43641092", "vulnerability": {"vulnId": "CVE-2026-39987", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:23:39+00:00"}, "gcve": {"object_uuid": "6ad76ae1-b2e4-4544-902b-d98e43641092", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:23:39+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:23:39+00:00"}, "scope": {"notes": "KEVIntel entry: marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass | Affected: marimo-team / marimo | CVSS: 9.3 (CRITICAL) | EPSS: 0.95645 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-39987", "url": "https://www.cve.org/CVERecord?id=CVE-2026-39987"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-39987"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass", "vendor": "marimo-team", "product": "marimo", "added_date": "2026-06-01T13:23:39.702Z", "cvss_score": 9.3, "epss_score": 0.95645, "cvss_severity": "CRITICAL", "epss_percentile": 0.99861, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c572a570-f365-44d2-a0ac-40661d41f282", "vulnerability": {"vulnId": "CVE-2026-33825", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:22:36+00:00"}, "gcve": {"object_uuid": "c572a570-f365-44d2-a0ac-40661d41f282", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:22:36+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:22:36+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Defender Elevation of Privilege Vulnerability | Affected: Microsoft / Microsoft Defender Antimalware Platform | CVSS: 7.8 (HIGH) | EPSS: 0.06216 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-33825", "url": "https://www.cve.org/CVERecord?id=CVE-2026-33825"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-33825"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Defender Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Microsoft Defender Antimalware Platform", "added_date": "2026-06-01T13:22:36.497Z", "cvss_score": 7.8, "epss_score": 0.06216, "cvss_severity": "HIGH", "epss_percentile": 0.92622, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4de00bbd-6a03-44f1-ac71-82c615e5e65e", "vulnerability": {"vulnId": "CVE-2025-32975", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:22:22+00:00"}, "gcve": {"object_uuid": "4de00bbd-6a03-44f1-ac71-82c615e5e65e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:22:22+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:22:22+00:00"}, "scope": {"notes": "KEVIntel entry: Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch... | Affected: Quest / KACE Systems Management Appliance | CVSS: 10.0 (CRITICAL) | EPSS: 0.02417 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-32975", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32975"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-32975"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch...", "vendor": "Quest", "product": "KACE Systems Management Appliance", "added_date": "2026-06-01T13:22:22.342Z", "cvss_score": 10.0, "epss_score": 0.02417, "cvss_severity": "CRITICAL", "epss_percentile": 0.82019, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8744b00f-6311-4e6c-a8a8-6b84e9cbc2dc", "vulnerability": {"vulnId": "CVE-2026-20128", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:22:22+00:00"}, "gcve": {"object_uuid": "8744b00f-6311-4e6c-a8a8-6b84e9cbc2dc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:22:22+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:22:22+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability | Affected: Cisco / Cisco Catalyst SD-WAN Manager | CVSS: 7.5 (HIGH) | EPSS: 0.046 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-20128", "url": "https://www.cve.org/CVERecord?id=CVE-2026-20128"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-20128"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability", "vendor": "Cisco", "product": "Cisco Catalyst SD-WAN Manager", "added_date": "2026-06-01T13:22:22.629Z", "cvss_score": 7.5, "epss_score": 0.046, "cvss_severity": "HIGH", "epss_percentile": 0.90459, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a5fff8d8-fe5b-4c6d-af70-5dc62cb8ce4a", "vulnerability": {"vulnId": "CVE-2023-27351", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:22:22+00:00"}, "gcve": {"object_uuid": "a5fff8d8-fe5b-4c6d-af70-5dc62cb8ce4a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:22:22+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:22:22+00:00"}, "scope": {"notes": "KEVIntel entry: This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication... | Affected: PaperCut / NG | CVSS: 7.5 (HIGH) | EPSS: 0.7842 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-27351", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27351"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-27351"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication...", "vendor": "PaperCut", "product": "NG", "added_date": "2026-06-01T13:22:22.013Z", "cvss_score": 7.5, "epss_score": 0.7842, "cvss_severity": "HIGH", "epss_percentile": 0.99527, "used_in_malware": "yes", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c2a2921c-a1b4-47a2-9e80-3dd6f0f8e68d", "vulnerability": {"vulnId": "CVE-2026-20133", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:22:22+00:00"}, "gcve": {"object_uuid": "c2a2921c-a1b4-47a2-9e80-3dd6f0f8e68d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:22:22+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:22:22+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in Cisco Catalyst SD-WAN Software could allow an unauthenticated, remote attacker to view sensitive information on an affected... | Affected: Cisco / Cisco Catalyst SD-WAN Manager | CVSS: 6.5 (MEDIUM) | EPSS: 0.08965 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-20133", "url": "https://www.cve.org/CVERecord?id=CVE-2026-20133"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-20133"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in Cisco Catalyst SD-WAN Software could allow an unauthenticated, remote attacker to view sensitive information on an affected...", "vendor": "Cisco", "product": "Cisco Catalyst SD-WAN Manager", "added_date": "2026-06-01T13:22:22.662Z", "cvss_score": 6.5, "epss_score": 0.08965, "cvss_severity": "MEDIUM", "epss_percentile": 0.94592, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4568d7fe-6470-4495-ba88-0e73d52c031c", "vulnerability": {"vulnId": "CVE-2025-2749", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:22:22+00:00"}, "gcve": {"object_uuid": "4568d7fe-6470-4495-ba88-0e73d52c031c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:22:22+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:22:22+00:00"}, "scope": {"notes": "KEVIntel entry: Kentico Xperience <= 13.0.178 Staging Media File Upload Authenticated RCE | Affected: Kentico / Xperience | CVSS: 7.2 (HIGH) | EPSS: 0.03809 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-2749", "url": "https://www.cve.org/CVERecord?id=CVE-2025-2749"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-2749"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Kentico Xperience <= 13.0.178 Staging Media File Upload Authenticated RCE", "vendor": "Kentico", "product": "Xperience", "added_date": "2026-06-01T13:22:22.312Z", "cvss_score": 7.2, "epss_score": 0.03809, "cvss_severity": "HIGH", "epss_percentile": 0.88657, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9174104f-281b-4e61-abb0-e91d902f2b4b", "vulnerability": {"vulnId": "CVE-2026-20122", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:22:22+00:00"}, "gcve": {"object_uuid": "9174104f-281b-4e61-abb0-e91d902f2b4b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:22:22+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:22:22+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite Vulnerability | Affected: Cisco / Cisco Catalyst SD-WAN Manager | CVSS: 5.4 (MEDIUM) | EPSS: 0.0613 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-20122", "url": "https://www.cve.org/CVERecord?id=CVE-2026-20122"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-20122"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite Vulnerability", "vendor": "Cisco", "product": "Cisco Catalyst SD-WAN Manager", "added_date": "2026-06-01T13:22:22.601Z", "cvss_score": 5.4, "epss_score": 0.0613, "cvss_severity": "MEDIUM", "epss_percentile": 0.9253, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d7a170e0-901b-4d16-a69d-0f1ce63b3fa1", "vulnerability": {"vulnId": "CVE-2025-48700", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:22:22+00:00"}, "gcve": {"object_uuid": "d7a170e0-901b-4d16-a69d-0f1ce63b3fa1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:22:22+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:22:22+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting (XSS) vulnerability in the Zimbra... | Affected: Zimbra / Zimbra Collaboration (ZCS) | CVSS: 6.1 (MEDIUM) | EPSS: 0.01761 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-48700", "url": "https://www.cve.org/CVERecord?id=CVE-2025-48700"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-48700"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting (XSS) vulnerability in the Zimbra...", "vendor": "Zimbra", "product": "Zimbra Collaboration (ZCS)", "added_date": "2026-06-01T13:22:22.416Z", "cvss_score": 6.1, "epss_score": 0.01761, "cvss_severity": "MEDIUM", "epss_percentile": 0.75102, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "97c84822-c6e4-43d1-95cc-384f46b6920d", "vulnerability": {"vulnId": "CVE-2026-32201", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:07:19+00:00"}, "gcve": {"object_uuid": "97c84822-c6e4-43d1-95cc-384f46b6920d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:07:19+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:07:19+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft SharePoint Server Spoofing Vulnerability | Affected: Microsoft / Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition | CVSS: 6.5 (MEDIUM) | EPSS: 0.24172 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-32201", "url": "https://www.cve.org/CVERecord?id=CVE-2026-32201"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-32201"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft SharePoint Server Spoofing Vulnerability", "vendor": "Microsoft", "product": "Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition", "added_date": "2026-06-01T13:07:19.548Z", "cvss_score": 6.5, "epss_score": 0.24172, "cvss_severity": "MEDIUM", "epss_percentile": 0.97571, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8d0fd6cd-faa0-4cda-ade0-1d0a71e142c6", "vulnerability": {"vulnId": "CVE-2026-34621", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:07:13+00:00"}, "gcve": {"object_uuid": "8d0fd6cd-faa0-4cda-ade0-1d0a71e142c6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:07:13+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:07:13+00:00"}, "scope": {"notes": "KEVIntel entry: Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321) | Affected: Adobe / Acrobat Reader | CVSS: 8.6 (HIGH) | EPSS: 0.07086 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-34621", "url": "https://www.cve.org/CVERecord?id=CVE-2026-34621"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-34621"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)", "vendor": "Adobe", "product": "Acrobat Reader", "added_date": "2026-06-01T13:07:13.584Z", "cvss_score": 8.6, "epss_score": 0.07086, "cvss_severity": "HIGH", "epss_percentile": 0.93407, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2902dc81-c364-4404-a22b-8f3b6788121e", "vulnerability": {"vulnId": "CVE-2023-21529", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:07:10+00:00"}, "gcve": {"object_uuid": "2902dc81-c364-4404-a22b-8f3b6788121e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:07:10+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:07:10+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Exchange Server Remote Code Execution Vulnerability | Affected: Microsoft / Microsoft Exchange Server 2019 Cumulative Update 12, Microsoft Exchange Server 2019 Cumulative Update 11, Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2016 Cumulative Update 23 | CVSS: 8.8 (HIGH) | EPSS: 0.62104 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-21529", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21529"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-21529"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Exchange Server Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Microsoft Exchange Server 2019 Cumulative Update 12, Microsoft Exchange Server 2019 Cumulative Update 11, Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2016 Cumulative Update 23", "added_date": "2026-06-01T13:07:10.012Z", "cvss_score": 8.8, "epss_score": 0.62104, "cvss_severity": "HIGH", "epss_percentile": 0.99072, "used_in_malware": "yes", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f81cdcc3-97e9-4c9b-bfe5-60b25963b0d7", "vulnerability": {"vulnId": "CVE-2023-36424", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:07:10+00:00"}, "gcve": {"object_uuid": "f81cdcc3-97e9-4c9b-bfe5-60b25963b0d7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:07:10+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:07:10+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Common Log File System Driver Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 11 version 22H3, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 23H2, Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.8 (HIGH) | EPSS: 0.12184 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-36424", "url": "https://www.cve.org/CVERecord?id=CVE-2023-36424"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-36424"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 11 version 22H3, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 23H2, Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2026-06-01T13:07:10.027Z", "cvss_score": 7.8, "epss_score": 0.12184, "cvss_severity": "HIGH", "epss_percentile": 0.95636, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5f1f56ba-40ba-48ac-88f1-633fc47cf686", "vulnerability": {"vulnId": "CVE-2025-60710", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:07:10+00:00"}, "gcve": {"object_uuid": "5f1f56ba-40ba-48ac-88f1-633fc47cf686", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:07:10+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:07:10+00:00"}, "scope": {"notes": "KEVIntel entry: Host Process for Windows Tasks Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 11 Version 24H2, Windows 11 Version 25H2, Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 7.8 (HIGH) | EPSS: 0.04601 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-60710", "url": "https://www.cve.org/CVERecord?id=CVE-2025-60710"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-60710"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Host Process for Windows Tasks Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 11 Version 24H2, Windows 11 Version 25H2, Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2026-06-01T13:07:10.908Z", "cvss_score": 7.8, "epss_score": 0.04601, "cvss_severity": "HIGH", "epss_percentile": 0.9046, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c2b30089-7abf-4d62-911f-e4de42090396", "vulnerability": {"vulnId": "CVE-2020-9715", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:07:09+00:00"}, "gcve": {"object_uuid": "c2b30089-7abf-4d62-911f-e4de42090396", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:07:09+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:07:09+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an... | Affected: Adobe / Adobe Acrobat and Reader | CVSS: 7.8 (HIGH) | EPSS: 0.48441 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-9715", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9715"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-9715"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an...", "vendor": "Adobe", "product": "Adobe Acrobat and Reader", "added_date": "2026-06-01T13:07:09.997Z", "cvss_score": 7.8, "epss_score": 0.48441, "cvss_severity": "HIGH", "epss_percentile": 0.98719, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2899ffd6-744a-41ff-b7b2-2025a9e2d0d4", "vulnerability": {"vulnId": "CVE-2026-1340", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:06:56+00:00"}, "gcve": {"object_uuid": "2899ffd6-744a-41ff-b7b2-2025a9e2d0d4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T13:06:56+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:06:56+00:00"}, "scope": {"notes": "KEVIntel entry: A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution. | Affected: Ivanti / Endpoint Manager Mobile | CVSS: 9.8 (CRITICAL) | EPSS: 0.82002 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-1340", "url": "https://www.cve.org/CVERecord?id=CVE-2026-1340"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-1340"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.", "vendor": "Ivanti", "product": "Endpoint Manager Mobile", "added_date": "2026-06-01T13:06:56.355Z", "cvss_score": 9.8, "epss_score": 0.82002, "cvss_severity": "CRITICAL", "epss_percentile": 0.9961, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a3f6055c-c77e-4d0c-bcc0-db9cc2d74098", "vulnerability": {"vulnId": "CVE-2026-3502", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T12:42:57+00:00"}, "gcve": {"object_uuid": "a3f6055c-c77e-4d0c-bcc0-db9cc2d74098", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T12:42:57+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T12:42:57+00:00"}, "scope": {"notes": "KEVIntel entry: TrueConf Client Update Integrity Verification Bypass | Affected: TrueConf / TrueConf Client | CVSS: 7.8 (HIGH) | EPSS: 0.0575 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-3502", "url": "https://www.cve.org/CVERecord?id=CVE-2026-3502"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-3502"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "TrueConf Client Update Integrity Verification Bypass", "vendor": "TrueConf", "product": "TrueConf Client", "added_date": "2026-06-01T12:42:57.616Z", "cvss_score": 7.8, "epss_score": 0.0575, "cvss_severity": "HIGH", "epss_percentile": 0.92089, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "733a6556-2dd3-4067-8eda-89f8bad0f1ec", "vulnerability": {"vulnId": "CVE-2026-5281", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T12:42:47+00:00"}, "gcve": {"object_uuid": "733a6556-2dd3-4067-8eda-89f8bad0f1ec", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T12:42:47+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T12:42:47+00:00"}, "scope": {"notes": "KEVIntel entry: Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | EPSS: 0.05492 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-5281", "url": "https://www.cve.org/CVERecord?id=CVE-2026-5281"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-5281"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute...", "vendor": "Google", "product": "Chrome", "added_date": "2026-06-01T12:42:47.145Z", "cvss_score": 8.8, "epss_score": 0.05492, "cvss_severity": "HIGH", "epss_percentile": 0.91764, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c29027b0-eac7-41df-9e12-1fcb9b078087", "vulnerability": {"vulnId": "CVE-2025-53521", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T12:26:16+00:00"}, "gcve": {"object_uuid": "c29027b0-eac7-41df-9e12-1fcb9b078087", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T12:26:16+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T12:26:16+00:00"}, "scope": {"notes": "KEVIntel entry: BigIP APM Vulnerability | Affected: F5 / BIG-IP | CVSS: 9.3 (CRITICAL) | EPSS: 0.02246 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-53521", "url": "https://www.cve.org/CVERecord?id=CVE-2025-53521"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-53521"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "BigIP APM Vulnerability", "vendor": "F5", "product": "BIG-IP", "added_date": "2026-06-01T12:26:16.067Z", "cvss_score": 9.3, "epss_score": 0.02246, "cvss_severity": "CRITICAL", "epss_percentile": 0.80595, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "090b4936-1cda-4fd7-a7fc-45776a93c7ca", "vulnerability": {"vulnId": "CVE-2026-33634", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T12:26:13+00:00"}, "gcve": {"object_uuid": "090b4936-1cda-4fd7-a7fc-45776a93c7ca", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T12:26:13+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T12:26:13+00:00"}, "scope": {"notes": "KEVIntel entry: Trivy ecosystem supply chain briefly compromised | Affected: aquasecurity, BerriAI, team-telnyx / setup-trivy, trivy-action, trivy, LiteLLM, telnyx | CVSS: 9.4 (CRITICAL) | EPSS: 0.60368 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-33634", "url": "https://www.cve.org/CVERecord?id=CVE-2026-33634"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-33634"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Trivy ecosystem supply chain briefly compromised", "vendor": "aquasecurity, BerriAI, team-telnyx", "product": "setup-trivy, trivy-action, trivy, LiteLLM, telnyx", "added_date": "2026-06-01T12:26:13.195Z", "cvss_score": 9.4, "epss_score": 0.60368, "cvss_severity": "CRITICAL", "epss_percentile": 0.99025, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e9e52983-c63b-46cc-a7e1-3a2160cd1ec6", "vulnerability": {"vulnId": "CVE-2026-33017", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T12:26:07+00:00"}, "gcve": {"object_uuid": "e9e52983-c63b-46cc-a7e1-3a2160cd1ec6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T12:26:07+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T12:26:07+00:00"}, "scope": {"notes": "KEVIntel entry: Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint | Affected: langflow-ai / langflow | CVSS: 9.3 (CRITICAL) | EPSS: 0.98412 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-33017", "url": "https://www.cve.org/CVERecord?id=CVE-2026-33017"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-33017"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint", "vendor": "langflow-ai", "product": "langflow", "added_date": "2026-06-01T12:26:07.241Z", "cvss_score": 9.3, "epss_score": 0.98412, "cvss_severity": "CRITICAL", "epss_percentile": 0.99912, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "83b8fa0f-1374-4827-8749-c25683d972b1", "vulnerability": {"vulnId": "CVE-2025-43510", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T12:25:49+00:00"}, "gcve": {"object_uuid": "83b8fa0f-1374-4827-8749-c25683d972b1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T12:25:49+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T12:25:49+00:00"}, "scope": {"notes": "KEVIntel entry: A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS... | Affected: Apple / iOS and iPadOS, macOS, tvOS, visionOS, watchOS | CVSS: 7.8 (HIGH) | EPSS: 0.00348 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-43510", "url": "https://www.cve.org/CVERecord?id=CVE-2025-43510"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-43510"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS...", "vendor": "Apple", "product": "iOS and iPadOS, macOS, tvOS, visionOS, watchOS", "added_date": "2026-06-01T12:25:49.900Z", "cvss_score": 7.8, "epss_score": 0.00348, "cvss_severity": "HIGH", "epss_percentile": 0.26554, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "87769c55-657e-4dd3-856d-b4a2739f22c9", "vulnerability": {"vulnId": "CVE-2025-54068", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T12:25:49+00:00"}, "gcve": {"object_uuid": "87769c55-657e-4dd3-856d-b4a2739f22c9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T12:25:49+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T12:25:49+00:00"}, "scope": {"notes": "KEVIntel entry: Livewire vulnerable to remote command execution during property update hydration | Affected: livewire / livewire | CVSS: 9.2 (CRITICAL) | EPSS: 0.9203 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-54068", "url": "https://www.cve.org/CVERecord?id=CVE-2025-54068"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-54068"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Livewire vulnerable to remote command execution during property update hydration", "vendor": "livewire", "product": "livewire", "added_date": "2026-06-01T12:25:49.925Z", "cvss_score": 9.2, "epss_score": 0.9203, "cvss_severity": "CRITICAL", "epss_percentile": 0.99807, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "47c101dd-815e-4b53-9195-f08422f9de81", "vulnerability": {"vulnId": "CVE-2025-43520", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T12:25:49+00:00"}, "gcve": {"object_uuid": "47c101dd-815e-4b53-9195-f08422f9de81", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T12:25:49+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T12:25:49+00:00"}, "scope": {"notes": "KEVIntel entry: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS... | Affected: Apple / iOS and iPadOS, macOS, tvOS, visionOS, watchOS | CVSS: 5.5 (MEDIUM) | EPSS: 0.00401 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-43520", "url": "https://www.cve.org/CVERecord?id=CVE-2025-43520"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-43520"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS...", "vendor": "Apple", "product": "iOS and iPadOS, macOS, tvOS, visionOS, watchOS", "added_date": "2026-06-01T12:25:49.913Z", "cvss_score": 5.5, "epss_score": 0.00401, "cvss_severity": "MEDIUM", "epss_percentile": 0.31744, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "70a5a813-49f2-4cbf-80bb-a69929ec9f0c", "vulnerability": {"vulnId": "CVE-2025-32432", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T12:10:33+00:00"}, "gcve": {"object_uuid": "70a5a813-49f2-4cbf-80bb-a69929ec9f0c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T12:10:33+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T12:10:33+00:00"}, "scope": {"notes": "KEVIntel entry: Craft CMS Allows Remote Code Execution | Affected: craftcms / cms | CVSS: 10.0 (CRITICAL) | EPSS: 0.99734 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-32432", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32432"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-32432"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Craft CMS Allows Remote Code Execution", "vendor": "craftcms", "product": "cms", "added_date": "2026-06-01T12:10:33.975Z", "cvss_score": 10.0, "epss_score": 0.99734, "cvss_severity": "CRITICAL", "epss_percentile": 0.99952, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2dcb06a9-424d-4331-bbab-3f0ae88aaeaa", "vulnerability": {"vulnId": "CVE-2026-20131", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T12:10:30+00:00"}, "gcve": {"object_uuid": "2dcb06a9-424d-4331-bbab-3f0ae88aaeaa", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T12:10:30+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T12:10:30+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco Secure Firewall Management Center Software Remote Code Execution Vulnerability | Affected: Cisco / Cisco Secure Firewall Management Center (FMC) | CVSS: 10.0 (CRITICAL) | EPSS: 0.27551 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-20131", "url": "https://www.cve.org/CVERecord?id=CVE-2026-20131"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-20131"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco Secure Firewall Management Center Software Remote Code Execution Vulnerability", "vendor": "Cisco", "product": "Cisco Secure Firewall Management Center (FMC)", "added_date": "2026-06-01T12:10:30.171Z", "cvss_score": 10.0, "epss_score": 0.27551, "cvss_severity": "CRITICAL", "epss_percentile": 0.97825, "used_in_malware": "yes", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "24fe058e-2182-4108-85fe-5bf86f09d45b", "vulnerability": {"vulnId": "CVE-2025-66376", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T12:10:26+00:00"}, "gcve": {"object_uuid": "24fe058e-2182-4108-85fe-5bf86f09d45b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T12:10:26+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T12:10:26+00:00"}, "scope": {"notes": "KEVIntel entry: Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets (CSS) @import... | Affected: Zimbra / Collaboration | CVSS: 7.2 (HIGH) | EPSS: 0.12009 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-66376", "url": "https://www.cve.org/CVERecord?id=CVE-2025-66376"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-66376"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets (CSS) @import...", "vendor": "Zimbra", "product": "Collaboration", "added_date": "2026-06-01T12:10:26.616Z", "cvss_score": 7.2, "epss_score": 0.12009, "cvss_severity": "HIGH", "epss_percentile": 0.95597, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8031b5e8-b964-40ed-aaa2-407583d0506f", "vulnerability": {"vulnId": "CVE-2026-20963", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T12:10:26+00:00"}, "gcve": {"object_uuid": "8031b5e8-b964-40ed-aaa2-407583d0506f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T12:10:26+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T12:10:26+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft SharePoint Remote Code Execution Vulnerability | Affected: Microsoft / Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition | CVSS: 9.8 (CRITICAL) | EPSS: 0.31109 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-20963", "url": "https://www.cve.org/CVERecord?id=CVE-2026-20963"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-20963"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft SharePoint Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition", "added_date": "2026-06-01T12:10:26.788Z", "cvss_score": 9.8, "epss_score": 0.31109, "cvss_severity": "CRITICAL", "epss_percentile": 0.98038, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2253515d-aca0-487d-9bdb-fdfc9c521030", "vulnerability": {"vulnId": "CVE-2025-47813", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T12:10:18+00:00"}, "gcve": {"object_uuid": "2253515d-aca0-487d-9bdb-fdfc9c521030", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T12:10:18+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T12:10:18+00:00"}, "scope": {"notes": "KEVIntel entry: loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie. | Affected: wftpserver / Wing FTP Server | CVSS: 4.3 (MEDIUM) | EPSS: 0.56366 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-47813", "url": "https://www.cve.org/CVERecord?id=CVE-2025-47813"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-47813"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.", "vendor": "wftpserver", "product": "Wing FTP Server", "added_date": "2026-06-01T12:10:18.847Z", "cvss_score": 4.3, "epss_score": 0.56366, "cvss_severity": "MEDIUM", "epss_percentile": 0.98929, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c1d288c0-47d0-48f6-9aa4-7a97b6f68103", "vulnerability": {"vulnId": "CVE-2026-3909", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T12:10:11+00:00"}, "gcve": {"object_uuid": "c1d288c0-47d0-48f6-9aa4-7a97b6f68103", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T12:10:11+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T12:10:11+00:00"}, "scope": {"notes": "KEVIntel entry: Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | EPSS: 0.01629 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-3909", "url": "https://www.cve.org/CVERecord?id=CVE-2026-3909"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-3909"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted...", "vendor": "Google", "product": "Chrome", "added_date": "2026-06-01T12:10:11.478Z", "cvss_score": 8.8, "epss_score": 0.01629, "cvss_severity": "HIGH", "epss_percentile": 0.73114, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e8a586fa-0dd8-41de-9d13-d619431c11c6", "vulnerability": {"vulnId": "CVE-2026-3910", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T12:10:11+00:00"}, "gcve": {"object_uuid": "e8a586fa-0dd8-41de-9d13-d619431c11c6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T12:10:11+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T12:10:11+00:00"}, "scope": {"notes": "KEVIntel entry: Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | EPSS: 0.02082 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-3910", "url": "https://www.cve.org/CVERecord?id=CVE-2026-3910"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-3910"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via...", "vendor": "Google", "product": "Chrome", "added_date": "2026-06-01T12:10:11.496Z", "cvss_score": 8.8, "epss_score": 0.02082, "cvss_severity": "HIGH", "epss_percentile": 0.79096, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9cb33d25-fa55-48f8-a6fb-32bb26728f25", "vulnerability": {"vulnId": "CVE-2025-68613", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T12:09:59+00:00"}, "gcve": {"object_uuid": "9cb33d25-fa55-48f8-a6fb-32bb26728f25", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T12:09:59+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T12:09:59+00:00"}, "scope": {"notes": "KEVIntel entry: n8n Vulnerable to Remote Code Execution via Expression Injection | Affected: n8n-io / n8n | CVSS: 9.9 (CRITICAL) | EPSS: 0.98011 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-68613", "url": "https://www.cve.org/CVERecord?id=CVE-2025-68613"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-68613"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "n8n Vulnerable to Remote Code Execution via Expression Injection", "vendor": "n8n-io", "product": "n8n", "added_date": "2026-06-01T12:09:59.340Z", "cvss_score": 9.9, "epss_score": 0.98011, "cvss_severity": "CRITICAL", "epss_percentile": 0.99902, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ea264ddb-cf6a-4107-a83f-8f019231319b", "vulnerability": {"vulnId": "CVE-2026-20118", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T12:09:59+00:00"}, "gcve": {"object_uuid": "ea264ddb-cf6a-4107-a83f-8f019231319b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T12:09:59+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T12:09:59+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco IOS-XR NCS 5500 and NCS 5700 Egress Packet Network Interfaces Aligner Interrupt Denial of Service Vulnerability | Affected: Cisco / Cisco IOS XR Software | CVSS: 6.8 (MEDIUM) | EPSS: 0.00318 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-20118", "url": "https://www.cve.org/CVERecord?id=CVE-2026-20118"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-20118"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco IOS-XR NCS 5500 and NCS 5700 Egress Packet Network Interfaces Aligner Interrupt Denial of Service Vulnerability", "vendor": "Cisco", "product": "Cisco IOS XR Software", "added_date": "2026-06-01T12:09:59.739Z", "cvss_score": 6.8, "epss_score": 0.00318, "cvss_severity": "MEDIUM", "epss_percentile": 0.23412, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "40e40db6-c0a2-42dd-92de-45321fd5e43e", "vulnerability": {"vulnId": "CVE-2026-1603", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T12:09:49+00:00"}, "gcve": {"object_uuid": "40e40db6-c0a2-42dd-92de-45321fd5e43e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T12:09:49+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T12:09:49+00:00"}, "scope": {"notes": "KEVIntel entry: An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored... | Affected: Ivanti / Endpoint Manager | CVSS: 8.6 (HIGH) | EPSS: 0.81089 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-1603", "url": "https://www.cve.org/CVERecord?id=CVE-2026-1603"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-1603"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored...", "vendor": "Ivanti", "product": "Endpoint Manager", "added_date": "2026-06-01T12:09:49.879Z", "cvss_score": 8.6, "epss_score": 0.81089, "cvss_severity": "HIGH", "epss_percentile": 0.99585, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "df61c420-9c67-4319-a8dc-225df33b8f88", "vulnerability": {"vulnId": "CVE-2025-26399", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T12:09:49+00:00"}, "gcve": {"object_uuid": "df61c420-9c67-4319-a8dc-225df33b8f88", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T12:09:49+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T12:09:49+00:00"}, "scope": {"notes": "KEVIntel entry: SolarWinds Web Help Desk Deserialization of Untrusted Data Privilege Escalation Vulnerability | Affected: SolarWinds / Web Help Desk | CVSS: 9.8 (CRITICAL) | EPSS: 0.88527 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-26399", "url": "https://www.cve.org/CVERecord?id=CVE-2025-26399"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-26399"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SolarWinds Web Help Desk Deserialization of Untrusted Data Privilege Escalation Vulnerability", "vendor": "SolarWinds", "product": "Web Help Desk", "added_date": "2026-06-01T12:09:49.246Z", "cvss_score": 9.8, "epss_score": 0.88527, "cvss_severity": "CRITICAL", "epss_percentile": 0.99753, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "fbc21e5a-6a3d-46b5-b296-33cee6f751a4", "vulnerability": {"vulnId": "CVE-2021-22054", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T12:09:48+00:00"}, "gcve": {"object_uuid": "fbc21e5a-6a3d-46b5-b296-33cee6f751a4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T12:09:48+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T12:09:48+00:00"}, "scope": {"notes": "KEVIntel entry: VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37... | Affected: VMware / Workspace ONE UEM | CVSS: 7.5 (HIGH) | EPSS: 0.97713 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-22054", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22054"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-22054"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37...", "vendor": "VMware", "product": "Workspace ONE UEM", "added_date": "2026-06-01T12:09:48.998Z", "cvss_score": 7.5, "epss_score": 0.97713, "cvss_severity": "HIGH", "epss_percentile": 0.99897, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "1280d2a7-047d-471e-8a77-89167f5bd5f0", "vulnerability": {"vulnId": "CVE-2021-22681", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T11:38:00+00:00"}, "gcve": {"object_uuid": "1280d2a7-047d-471e-8a77-89167f5bd5f0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T11:38:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T11:38:00+00:00"}, "scope": {"notes": "KEVIntel entry: Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers... | Affected: Rockwell Automation / Studio 5000 Logix Designer, RSLogix 5000 | CVSS: 9.8 (CRITICAL) | EPSS: 0.25455 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-22681", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22681"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-22681"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers...", "vendor": "Rockwell Automation", "product": "Studio 5000 Logix Designer, RSLogix 5000", "added_date": "2026-06-01T11:38:00.140Z", "cvss_score": 9.8, "epss_score": 0.25455, "cvss_severity": "CRITICAL", "epss_percentile": 0.97681, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "169f0b2b-a41c-4b0d-bce5-91bfeb994908", "vulnerability": {"vulnId": "CVE-2023-41974", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T11:38:00+00:00"}, "gcve": {"object_uuid": "169f0b2b-a41c-4b0d-bce5-91bfeb994908", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T11:38:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T11:38:00+00:00"}, "scope": {"notes": "KEVIntel entry: A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, iOS 15.8.7 and iPadOS 15.8.7. An... | Affected: Apple / iOS and iPadOS | CVSS: 7.8 (HIGH) | EPSS: 0.0141 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-41974", "url": "https://www.cve.org/CVERecord?id=CVE-2023-41974"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-41974"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, iOS 15.8.7 and iPadOS 15.8.7. An...", "vendor": "Apple", "product": "iOS and iPadOS", "added_date": "2026-06-01T11:38:00.681Z", "cvss_score": 7.8, "epss_score": 0.0141, "cvss_severity": "HIGH", "epss_percentile": 0.69162, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "68ebf761-647e-47a4-b63a-d2a5696e8acd", "vulnerability": {"vulnId": "CVE-2021-30952", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T11:38:00+00:00"}, "gcve": {"object_uuid": "68ebf761-647e-47a4-b63a-d2a5696e8acd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T11:38:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T11:38:00+00:00"}, "scope": {"notes": "KEVIntel entry: An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and... | Affected: Apple / watchOS, iOS and iPadOS, macOS | CVSS: 7.8 (HIGH) | EPSS: 0.07617 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-30952", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30952"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-30952"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and...", "vendor": "Apple", "product": "watchOS, iOS and iPadOS, macOS", "added_date": "2026-06-01T11:38:00.160Z", "cvss_score": 7.8, "epss_score": 0.07617, "cvss_severity": "HIGH", "epss_percentile": 0.93784, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "50e65a03-c8d1-4f51-bfc4-16b8751aedc4", "vulnerability": {"vulnId": "CVE-2017-7921", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T11:37:59+00:00"}, "gcve": {"object_uuid": "50e65a03-c8d1-4f51-bfc4-16b8751aedc4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T11:37:59+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T11:37:59+00:00"}, "scope": {"notes": "KEVIntel entry: An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series... | Affected: Hikvision / DS-2CD2xx2F-I Series, DS-2CD2xx0F-I Series, DS-2CD2xx2FWD Series, DS-2CD4x2xFWD Series, DS-2CD4xx5 Series, DS-2DFx Series, DS-2CD63xx Series | CVSS: 9.8 (CRITICAL) | EPSS: 0.99998 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-7921", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7921"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-7921"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series...", "vendor": "Hikvision", "product": "DS-2CD2xx2F-I Series, DS-2CD2xx0F-I Series, DS-2CD2xx2FWD Series, DS-2CD4x2xFWD Series, DS-2CD4xx5 Series, DS-2DFx Series, DS-2CD63xx Series", "added_date": "2026-06-01T11:37:59.079Z", "cvss_score": 9.8, "epss_score": 0.99998, "cvss_severity": "CRITICAL", "epss_percentile": 0.99989, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "482e6de3-050f-42c4-8a17-8a367f6f0f8c", "vulnerability": {"vulnId": "CVE-2026-21385", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T11:37:52+00:00"}, "gcve": {"object_uuid": "482e6de3-050f-42c4-8a17-8a367f6f0f8c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T11:37:52+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T11:37:52+00:00"}, "scope": {"notes": "KEVIntel entry: Integer Overflow or Wraparound in Graphics | Affected: Qualcomm, Inc. / Snapdragon | CVSS: 7.8 (HIGH) | EPSS: 0.01068 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-21385", "url": "https://www.cve.org/CVERecord?id=CVE-2026-21385"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-21385"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Integer Overflow or Wraparound in Graphics", "vendor": "Qualcomm, Inc.", "product": "Snapdragon", "added_date": "2026-06-01T11:37:52.823Z", "cvss_score": 7.8, "epss_score": 0.01068, "cvss_severity": "HIGH", "epss_percentile": 0.60412, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7ecffd3c-bdc7-47d7-8ce8-bd9f32585ac2", "vulnerability": {"vulnId": "CVE-2026-22719", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T11:37:52+00:00"}, "gcve": {"object_uuid": "7ecffd3c-bdc7-47d7-8ce8-bd9f32585ac2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T11:37:52+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T11:37:52+00:00"}, "scope": {"notes": "KEVIntel entry: VMware Aria Operations command injection vulnerability | Affected: VMware / VMware Aria Operations, VMware Cloud Foundation Operations, Telco Cloud Platform, Telco Cloud Infrastructure | CVSS: 8.1 (HIGH) | EPSS: 0.17424 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-22719", "url": "https://www.cve.org/CVERecord?id=CVE-2026-22719"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-22719"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "VMware Aria Operations command injection vulnerability", "vendor": "VMware", "product": "VMware Aria Operations, VMware Cloud Foundation Operations, Telco Cloud Platform, Telco Cloud Infrastructure", "added_date": "2026-06-01T11:37:52.871Z", "cvss_score": 8.1, "epss_score": 0.17424, "cvss_severity": "HIGH", "epss_percentile": 0.96739, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2d956365-1903-4b95-a69a-ad02fff10c06", "vulnerability": {"vulnId": "CVE-2026-20051", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T11:10:29+00:00"}, "gcve": {"object_uuid": "2d956365-1903-4b95-a69a-ad02fff10c06", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T11:10:29+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T11:10:29+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco Nexus 3600-R and 9500-R Series Switching Platforms Layer 2 Loop Denial of Service Vulnerability | Affected: Cisco / Cisco NX-OS Software | CVSS: 7.4 (HIGH) | EPSS: 0.00156 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-20051", "url": "https://www.cve.org/CVERecord?id=CVE-2026-20051"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-20051"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco Nexus 3600-R and 9500-R Series Switching Platforms Layer 2 Loop Denial of Service Vulnerability", "vendor": "Cisco", "product": "Cisco NX-OS Software", "added_date": "2026-06-01T11:10:29.371Z", "cvss_score": 7.4, "epss_score": 0.00156, "cvss_severity": "HIGH", "epss_percentile": 0.05104, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a6e68f29-e3bd-4f8e-bc88-1fd37eba8239", "vulnerability": {"vulnId": "CVE-2026-20127", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T11:10:29+00:00"}, "gcve": {"object_uuid": "a6e68f29-e3bd-4f8e-bc88-1fd37eba8239", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T11:10:29+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T11:10:29+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability | Affected: Cisco / Cisco Catalyst SD-WAN Manager | CVSS: 10.0 (CRITICAL) | EPSS: 0.48158 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-20127", "url": "https://www.cve.org/CVERecord?id=CVE-2026-20127"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-20127"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability", "vendor": "Cisco", "product": "Cisco Catalyst SD-WAN Manager", "added_date": "2026-06-01T11:10:29.431Z", "cvss_score": 10.0, "epss_score": 0.48158, "cvss_severity": "CRITICAL", "epss_percentile": 0.98711, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3aae0ead-a17c-408a-ba8c-74c372317d42", "vulnerability": {"vulnId": "CVE-2022-20775", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T11:08:34+00:00"}, "gcve": {"object_uuid": "3aae0ead-a17c-408a-ba8c-74c372317d42", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T11:08:34+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T11:08:34+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco SD-WAN Software Privilege Escalation Vulnerability | Affected: Cisco / Cisco Catalyst SD-WAN, Cisco Catalyst SD-WAN Manager, Cisco SD-WAN vContainer, Cisco SD-WAN vEdge Cloud, Cisco SD-WAN vEdge Router | CVSS: 7.8 (HIGH) | EPSS: 0.12475 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-20775", "url": "https://www.cve.org/CVERecord?id=CVE-2022-20775"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-20775"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco SD-WAN Software Privilege Escalation Vulnerability", "vendor": "Cisco", "product": "Cisco Catalyst SD-WAN, Cisco Catalyst SD-WAN Manager, Cisco SD-WAN vContainer, Cisco SD-WAN vEdge Cloud, Cisco SD-WAN vEdge Router", "added_date": "2026-06-01T11:08:34.723Z", "cvss_score": 7.8, "epss_score": 0.12475, "cvss_severity": "HIGH", "epss_percentile": 0.95705, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "63c92bc2-db8a-4d3d-8d39-5fc9749bca64", "vulnerability": {"vulnId": "CVE-2026-25108", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T11:08:28+00:00"}, "gcve": {"object_uuid": "63c92bc2-db8a-4d3d-8d39-5fc9749bca64", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T11:08:28+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T11:08:28+00:00"}, "scope": {"notes": "KEVIntel entry: FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially... | Affected: Soliton Systems K.K. / FileZen | CVSS: 8.7 (HIGH) | EPSS: 0.04974 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-25108", "url": "https://www.cve.org/CVERecord?id=CVE-2026-25108"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-25108"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially...", "vendor": "Soliton Systems K.K.", "product": "FileZen", "added_date": "2026-06-01T11:08:28.984Z", "cvss_score": 8.7, "epss_score": 0.04974, "cvss_severity": "HIGH", "epss_percentile": 0.91091, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ddcc9030-d1f4-469d-8645-59a99b7cb5eb", "vulnerability": {"vulnId": "CVE-2025-68461", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T11:03:59+00:00"}, "gcve": {"object_uuid": "ddcc9030-d1f4-469d-8645-59a99b7cb5eb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T11:03:59+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T11:03:59+00:00"}, "scope": {"notes": "KEVIntel entry: Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document. | Affected: Roundcube / Webmail | CVSS: 7.2 (HIGH) | EPSS: 0.19769 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-68461", "url": "https://www.cve.org/CVERecord?id=CVE-2025-68461"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-68461"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document.", "vendor": "Roundcube", "product": "Webmail", "added_date": "2026-06-01T11:03:59.125Z", "cvss_score": 7.2, "epss_score": 0.19769, "cvss_severity": "HIGH", "epss_percentile": 0.97069, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c3f2a2b0-a7cb-47b1-82de-790dc949e8a3", "vulnerability": {"vulnId": "CVE-2025-49113", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T11:03:57+00:00"}, "gcve": {"object_uuid": "c3f2a2b0-a7cb-47b1-82de-790dc949e8a3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T11:03:57+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T11:03:57+00:00"}, "scope": {"notes": "KEVIntel entry: Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is... | Affected: Roundcube / Webmail | CVSS: 9.9 (CRITICAL) | EPSS: 0.89163 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-49113", "url": "https://www.cve.org/CVERecord?id=CVE-2025-49113"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-49113"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is...", "vendor": "Roundcube", "product": "Webmail", "added_date": "2026-06-01T11:03:57.946Z", "cvss_score": 9.9, "epss_score": 0.89163, "cvss_severity": "CRITICAL", "epss_percentile": 0.99763, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "42354f10-1bd8-4c07-9583-57370a548343", "vulnerability": {"vulnId": "CVE-2026-22769", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:59:33+00:00"}, "gcve": {"object_uuid": "42354f10-1bd8-4c07-9583-57370a548343", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:59:33+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:59:33+00:00"}, "scope": {"notes": "KEVIntel entry: Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as... | Affected: Dell / RecoverPoint for Virtual Machines | CVSS: 10.0 (CRITICAL) | EPSS: 0.13131 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-22769", "url": "https://www.cve.org/CVERecord?id=CVE-2026-22769"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-22769"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as...", "vendor": "Dell", "product": "RecoverPoint for Virtual Machines", "added_date": "2026-06-01T10:59:33.007Z", "cvss_score": 10.0, "epss_score": 0.13131, "cvss_severity": "CRITICAL", "epss_percentile": 0.95867, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "1f354fcd-c842-43c4-9ee3-4ceca2071969", "vulnerability": {"vulnId": "CVE-2021-22175", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:59:30+00:00"}, "gcve": {"object_uuid": "1f354fcd-c842-43c4-9ee3-4ceca2071969", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:59:30+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:59:30+00:00"}, "scope": {"notes": "KEVIntel entry: When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions... | Affected: GitLab / GitLab | CVSS: 6.8 (MEDIUM) | EPSS: 0.53372 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-22175", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22175"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-22175"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions...", "vendor": "GitLab", "product": "GitLab", "added_date": "2026-06-01T10:59:30.940Z", "cvss_score": 6.8, "epss_score": 0.53372, "cvss_severity": "MEDIUM", "epss_percentile": 0.9885, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f551385a-d53e-41e4-9731-1b7a1113eee1", "vulnerability": {"vulnId": "CVE-2026-2441", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:57:11+00:00"}, "gcve": {"object_uuid": "f551385a-d53e-41e4-9731-1b7a1113eee1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:57:11+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:57:11+00:00"}, "scope": {"notes": "KEVIntel entry: Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | EPSS: 0.2202 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-2441", "url": "https://www.cve.org/CVERecord?id=CVE-2026-2441"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-2441"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted...", "vendor": "Google", "product": "Chrome", "added_date": "2026-06-01T10:57:11.873Z", "cvss_score": 8.8, "epss_score": 0.2202, "cvss_severity": "HIGH", "epss_percentile": 0.97357, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "db5528ad-d6d6-4acf-839d-8d6a1362e4dc", "vulnerability": {"vulnId": "CVE-2024-7694", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:57:09+00:00"}, "gcve": {"object_uuid": "db5528ad-d6d6-4acf-839d-8d6a1362e4dc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:57:09+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:57:09+00:00"}, "scope": {"notes": "KEVIntel entry: TeamT5 ThreatSonar Anti-Ransomware - Arbitrary File Upload | Affected: TeamT5 / ThreatSonar Anti-Ransomware | CVSS: 7.2 (HIGH) | EPSS: 0.01807 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-7694", "url": "https://www.cve.org/CVERecord?id=CVE-2024-7694"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-7694"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "TeamT5 ThreatSonar Anti-Ransomware - Arbitrary File Upload", "vendor": "TeamT5", "product": "ThreatSonar Anti-Ransomware", "added_date": "2026-06-01T10:57:09.931Z", "cvss_score": 7.2, "epss_score": 0.01807, "cvss_severity": "HIGH", "epss_percentile": 0.75762, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "bfb67ce2-aaa5-465d-b570-1335b781f055", "vulnerability": {"vulnId": "CVE-2026-1731", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:51:06+00:00"}, "gcve": {"object_uuid": "bfb67ce2-aaa5-465d-b570-1335b781f055", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:51:06+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:51:06+00:00"}, "scope": {"notes": "KEVIntel entry: Remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) | Affected: BeyondTrust / Remote Support(RS) & Privileged Remote Access(PRA) | CVSS: 9.9 (CRITICAL) | EPSS: 0.86091 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-1731", "url": "https://www.cve.org/CVERecord?id=CVE-2026-1731"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-1731"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)", "vendor": "BeyondTrust", "product": "Remote Support(RS) & Privileged Remote Access(PRA)", "added_date": "2026-06-01T10:51:06.572Z", "cvss_score": 9.9, "epss_score": 0.86091, "cvss_severity": "CRITICAL", "epss_percentile": 0.99703, "used_in_malware": "yes", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "98fb4f1f-3794-4bce-a07b-99f67356b161", "vulnerability": {"vulnId": "CVE-2025-15556", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:50:56+00:00"}, "gcve": {"object_uuid": "98fb4f1f-3794-4bce-a07b-99f67356b161", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:50:56+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:50:56+00:00"}, "scope": {"notes": "KEVIntel entry: Notepad++ < 8.8.9 WinGUp Updater Lacks Update Integrity Verification | Affected: notepad-plus-plus / notepad-plus-plus | CVSS: 7.7 (HIGH) | EPSS: 0.01268 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-15556", "url": "https://www.cve.org/CVERecord?id=CVE-2025-15556"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-15556"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Notepad++ < 8.8.9 WinGUp Updater Lacks Update Integrity Verification", "vendor": "notepad-plus-plus", "product": "notepad-plus-plus", "added_date": "2026-06-01T10:50:56.130Z", "cvss_score": 7.7, "epss_score": 0.01268, "cvss_severity": "HIGH", "epss_percentile": 0.65955, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "46de1236-43b1-4b08-989c-061856e7a618", "vulnerability": {"vulnId": "CVE-2024-43468", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:50:56+00:00"}, "gcve": {"object_uuid": "46de1236-43b1-4b08-989c-061856e7a618", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:50:56+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:50:56+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Configuration Manager Remote Code Execution Vulnerability | Affected: Microsoft / Microsoft Configuration Manager | CVSS: 9.8 (CRITICAL) | EPSS: 0.60661 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-43468", "url": "https://www.cve.org/CVERecord?id=CVE-2024-43468"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-43468"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Configuration Manager Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Microsoft Configuration Manager", "added_date": "2026-06-01T10:50:56.032Z", "cvss_score": 9.8, "epss_score": 0.60661, "cvss_severity": "CRITICAL", "epss_percentile": 0.99032, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "773c946c-7f43-44c8-add3-266c8e2a559b", "vulnerability": {"vulnId": "CVE-2025-40536", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:50:56+00:00"}, "gcve": {"object_uuid": "773c946c-7f43-44c8-add3-266c8e2a559b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:50:56+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:50:56+00:00"}, "scope": {"notes": "KEVIntel entry: SolarWinds Web Help Desk Security Control Bypass Vulnerability | Affected: SolarWinds / Web Help Desk | CVSS: 8.1 (HIGH) | EPSS: 0.81624 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-40536", "url": "https://www.cve.org/CVERecord?id=CVE-2025-40536"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-40536"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SolarWinds Web Help Desk Security Control Bypass Vulnerability", "vendor": "SolarWinds", "product": "Web Help Desk", "added_date": "2026-06-01T10:50:56.244Z", "cvss_score": 8.1, "epss_score": 0.81624, "cvss_severity": "HIGH", "epss_percentile": 0.99599, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ef76c049-cddc-4062-b210-cf9d4776a952", "vulnerability": {"vulnId": "CVE-2026-20700", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:50:52+00:00"}, "gcve": {"object_uuid": "ef76c049-cddc-4062-b210-cf9d4776a952", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:50:52+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:50:52+00:00"}, "scope": {"notes": "KEVIntel entry: A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS... | Affected: Apple / iOS and iPadOS, macOS, tvOS, visionOS, watchOS | CVSS: 7.8 (HIGH) | EPSS: 0.01319 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-20700", "url": "https://www.cve.org/CVERecord?id=CVE-2026-20700"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-20700"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS...", "vendor": "Apple", "product": "iOS and iPadOS, macOS, tvOS, visionOS, watchOS", "added_date": "2026-06-01T10:50:52.423Z", "cvss_score": 7.8, "epss_score": 0.01319, "cvss_severity": "HIGH", "epss_percentile": 0.67128, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a757b9a1-d201-4adf-a1b4-72ecdc10ab16", "vulnerability": {"vulnId": "CVE-2026-21510", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:50:47+00:00"}, "gcve": {"object_uuid": "a757b9a1-d201-4adf-a1b4-72ecdc10ab16", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:50:47+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:50:47+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Shell Security Feature Bypass Vulnerability | Affected: Microsoft / Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows 11 Version 25H2, Windows 11 version 26H1, Windows 11 Version 26H1, Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 8.8 (HIGH) | EPSS: 0.25835 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-21510", "url": "https://www.cve.org/CVERecord?id=CVE-2026-21510"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-21510"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Shell Security Feature Bypass Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows 11 Version 25H2, Windows 11 version 26H1, Windows 11 Version 26H1, Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2026-06-01T10:50:47.605Z", "cvss_score": 8.8, "epss_score": 0.25835, "cvss_severity": "HIGH", "epss_percentile": 0.97711, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3ef1b11c-350b-4125-a022-ca9ff77267ce", "vulnerability": {"vulnId": "CVE-2026-21519", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:50:47+00:00"}, "gcve": {"object_uuid": "3ef1b11c-350b-4125-a022-ca9ff77267ce", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:50:47+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:50:47+00:00"}, "scope": {"notes": "KEVIntel entry: Desktop Window Manager Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows 11 Version 25H2, Windows 11 version 26H1, Windows 11 Version 26H1, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 7.8 (HIGH) | EPSS: 0.0242 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-21519", "url": "https://www.cve.org/CVERecord?id=CVE-2026-21519"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-21519"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Desktop Window Manager Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows 11 Version 25H2, Windows 11 version 26H1, Windows 11 Version 26H1, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2026-06-01T10:50:47.687Z", "cvss_score": 7.8, "epss_score": 0.0242, "cvss_severity": "HIGH", "epss_percentile": 0.82035, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3b3ea0c5-061a-485e-9e96-2d5a8b4a6553", "vulnerability": {"vulnId": "CVE-2026-21533", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:50:47+00:00"}, "gcve": {"object_uuid": "3b3ea0c5-061a-485e-9e96-2d5a8b4a6553", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:50:47+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:50:47+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Remote Desktop Services Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows 11 Version 25H2, Windows 11 version 26H1, Windows 11 Version 26H1, Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 7.8 (HIGH) | EPSS: 0.03846 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-21533", "url": "https://www.cve.org/CVERecord?id=CVE-2026-21533"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-21533"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Remote Desktop Services Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows 11 Version 25H2, Windows 11 version 26H1, Windows 11 Version 26H1, Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2026-06-01T10:50:47.778Z", "cvss_score": 7.8, "epss_score": 0.03846, "cvss_severity": "HIGH", "epss_percentile": 0.88768, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ce6b4b3e-6318-4b61-b9b1-c4a13fb4846e", "vulnerability": {"vulnId": "CVE-2026-21525", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:50:47+00:00"}, "gcve": {"object_uuid": "ce6b4b3e-6318-4b61-b9b1-c4a13fb4846e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:50:47+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:50:47+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Remote Access Connection Manager Denial of Service Vulnerability | Affected: Microsoft / Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows 11 Version 25H2, Windows 11 version 26H1, Windows 11 Version 26H1, Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 6.2 (MEDIUM) | EPSS: 0.04956 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-21525", "url": "https://www.cve.org/CVERecord?id=CVE-2026-21525"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-21525"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Remote Access Connection Manager Denial of Service Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows 11 Version 25H2, Windows 11 version 26H1, Windows 11 Version 26H1, Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2026-06-01T10:50:47.728Z", "cvss_score": 6.2, "epss_score": 0.04956, "cvss_severity": "MEDIUM", "epss_percentile": 0.91064, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6fd22ce1-77c1-452e-9608-d90d2428eb3e", "vulnerability": {"vulnId": "CVE-2026-21513", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:50:47+00:00"}, "gcve": {"object_uuid": "6fd22ce1-77c1-452e-9608-d90d2428eb3e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:50:47+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:50:47+00:00"}, "scope": {"notes": "KEVIntel entry: MSHTML Framework Security Feature Bypass Vulnerability | Affected: Microsoft / Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows 11 Version 25H2, Windows 11 version 26H1, Windows 11 Version 26H1, Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 8.8 (HIGH) | EPSS: 0.15384 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-21513", "url": "https://www.cve.org/CVERecord?id=CVE-2026-21513"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-21513"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "MSHTML Framework Security Feature Bypass Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows 11 Version 25H2, Windows 11 version 26H1, Windows 11 Version 26H1, Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2026-06-01T10:50:47.633Z", "cvss_score": 8.8, "epss_score": 0.15384, "cvss_severity": "HIGH", "epss_percentile": 0.96366, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "dd4e214c-9c18-4583-9465-0cd74063f16e", "vulnerability": {"vulnId": "CVE-2026-21514", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:50:47+00:00"}, "gcve": {"object_uuid": "dd4e214c-9c18-4583-9465-0cd74063f16e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:50:47+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:50:47+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Word Security Feature Bypass Vulnerability | Affected: Microsoft / Microsoft 365 Apps for Enterprise, Microsoft Office LTSC 2021, Microsoft Office LTSC 2024, Microsoft Office LTSC for Mac 2021, Microsoft Office LTSC for Mac 2024 | CVSS: 7.8 (HIGH) | EPSS: 0.01517 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-21514", "url": "https://www.cve.org/CVERecord?id=CVE-2026-21514"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-21514"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Word Security Feature Bypass Vulnerability", "vendor": "Microsoft", "product": "Microsoft 365 Apps for Enterprise, Microsoft Office LTSC 2021, Microsoft Office LTSC 2024, Microsoft Office LTSC for Mac 2021, Microsoft Office LTSC for Mac 2024", "added_date": "2026-06-01T10:50:47.655Z", "cvss_score": 7.8, "epss_score": 0.01517, "cvss_severity": "HIGH", "epss_percentile": 0.7126, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6c2d6e28-d1cc-4a43-8740-5834e4cd7a1e", "vulnerability": {"vulnId": "CVE-2026-24423", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:50:28+00:00"}, "gcve": {"object_uuid": "6c2d6e28-d1cc-4a43-8740-5834e4cd7a1e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:50:28+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:50:28+00:00"}, "scope": {"notes": "KEVIntel entry: SmarterTools SmarterMail < Build 9511 Unauthenticated RCE via ConnectToHub API | Affected: SmarterTools / SmarterMail | CVSS: 9.3 (CRITICAL) | EPSS: 0.87693 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-24423", "url": "https://www.cve.org/CVERecord?id=CVE-2026-24423"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-24423"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SmarterTools SmarterMail < Build 9511 Unauthenticated RCE via ConnectToHub API", "vendor": "SmarterTools", "product": "SmarterMail", "added_date": "2026-06-01T10:50:28.476Z", "cvss_score": 9.3, "epss_score": 0.87693, "cvss_severity": "CRITICAL", "epss_percentile": 0.99737, "used_in_malware": "yes", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5ba08d98-27ac-4f70-a941-d3a77bd785e7", "vulnerability": {"vulnId": "CVE-2026-25815", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:50:28+00:00"}, "gcve": {"object_uuid": "5ba08d98-27ac-4f70-a941-d3a77bd785e7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:50:28+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:50:28+00:00"}, "scope": {"notes": "KEVIntel entry: Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from... | Affected: Fortinet / FortiOS | CVSS: 3.2 (LOW) | EPSS: 0.00094 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-25815", "url": "https://www.cve.org/CVERecord?id=CVE-2026-25815"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-25815"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from...", "vendor": "Fortinet", "product": "FortiOS", "added_date": "2026-06-01T10:50:28.686Z", "cvss_score": 3.2, "epss_score": 0.00094, "cvss_severity": "LOW", "epss_percentile": 0.00778, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "277301b5-59f8-4d20-881c-b854a013782d", "vulnerability": {"vulnId": "CVE-2025-11953", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:50:27+00:00"}, "gcve": {"object_uuid": "277301b5-59f8-4d20-881c-b854a013782d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:50:27+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:50:27+00:00"}, "scope": {"notes": "KEVIntel entry: Command injection in React Native Community CLI allows remote attackers to perform remote code execution by sending HTTP requests | CVSS: 9.8 (CRITICAL) | EPSS: 0.61938 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-11953", "url": "https://www.cve.org/CVERecord?id=CVE-2025-11953"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-11953"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Command injection in React Native Community CLI allows remote attackers to perform remote code execution by sending HTTP requests", "vendor": "", "product": "", "added_date": "2026-06-01T10:50:27.842Z", "cvss_score": 9.8, "epss_score": 0.61938, "cvss_severity": "CRITICAL", "epss_percentile": 0.99067, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "259620fd-ac31-48ed-8267-ee37fca58639", "vulnerability": {"vulnId": "CVE-2025-64328", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:50:19+00:00"}, "gcve": {"object_uuid": "259620fd-ac31-48ed-8267-ee37fca58639", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:50:19+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:50:19+00:00"}, "scope": {"notes": "KEVIntel entry: FreePBX Administration GUI is Vulnerable to Authenticated Command Injection | Affected: FreePBX / filestore | CVSS: 8.6 (HIGH) | EPSS: 0.84052 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-64328", "url": "https://www.cve.org/CVERecord?id=CVE-2025-64328"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-64328"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "FreePBX Administration GUI is Vulnerable to Authenticated Command Injection", "vendor": "FreePBX", "product": "filestore", "added_date": "2026-06-01T10:50:19.182Z", "cvss_score": 8.6, "epss_score": 0.84052, "cvss_severity": "HIGH", "epss_percentile": 0.99661, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e7992832-7e18-4a56-a0a8-6d180dbc42fe", "vulnerability": {"vulnId": "CVE-2025-40551", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:50:18+00:00"}, "gcve": {"object_uuid": "e7992832-7e18-4a56-a0a8-6d180dbc42fe", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:50:18+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:50:18+00:00"}, "scope": {"notes": "KEVIntel entry: SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability | Affected: SolarWinds / Web Help Desk | CVSS: 9.8 (CRITICAL) | EPSS: 0.8413 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-40551", "url": "https://www.cve.org/CVERecord?id=CVE-2025-40551"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-40551"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability", "vendor": "SolarWinds", "product": "Web Help Desk", "added_date": "2026-06-01T10:50:18.579Z", "cvss_score": 9.8, "epss_score": 0.8413, "cvss_severity": "CRITICAL", "epss_percentile": 0.99662, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0835e80d-f6d2-42cc-8d3c-2694abc2d8c4", "vulnerability": {"vulnId": "CVE-2021-39935", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:50:18+00:00"}, "gcve": {"object_uuid": "0835e80d-f6d2-42cc-8d3c-2694abc2d8c4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:50:18+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:50:18+00:00"}, "scope": {"notes": "KEVIntel entry: An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before... | Affected: GitLab / GitLab | CVSS: 6.8 (MEDIUM) | EPSS: 0.30496 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-39935", "url": "https://www.cve.org/CVERecord?id=CVE-2021-39935"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-39935"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before...", "vendor": "GitLab", "product": "GitLab", "added_date": "2026-06-01T10:50:18.236Z", "cvss_score": 6.8, "epss_score": 0.30496, "cvss_severity": "MEDIUM", "epss_percentile": 0.98, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "20e58005-08a8-428b-a2c9-2c19d60b88e0", "vulnerability": {"vulnId": "CVE-2019-19006", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:50:17+00:00"}, "gcve": {"object_uuid": "20e58005-08a8-428b-a2c9-2c19d60b88e0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:50:17+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:50:17+00:00"}, "scope": {"notes": "KEVIntel entry: Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control. | Affected: Sangoma / FreePBX | CVSS: 9.8 (CRITICAL) | EPSS: 0.35791 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-19006", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19006"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-19006"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.", "vendor": "Sangoma", "product": "FreePBX", "added_date": "2026-06-01T10:50:17.725Z", "cvss_score": 9.8, "epss_score": 0.35791, "cvss_severity": "CRITICAL", "epss_percentile": 0.98264, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d076a972-8345-4a78-987c-a8de7a5eaa75", "vulnerability": {"vulnId": "CVE-2026-25137", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:50:15+00:00"}, "gcve": {"object_uuid": "d076a972-8345-4a78-987c-a8de7a5eaa75", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:50:15+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:50:15+00:00"}, "scope": {"notes": "KEVIntel entry: NixOs Odoo database and filestore publicly accessible with default odoo configuration | Affected: NixOS / nixpkgs | CVSS: 9.1 (CRITICAL) | EPSS: 0.1008 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-25137", "url": "https://www.cve.org/CVERecord?id=CVE-2026-25137"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-25137"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "NixOs Odoo database and filestore publicly accessible with default odoo configuration", "vendor": "NixOS", "product": "nixpkgs", "added_date": "2026-06-01T10:50:15.873Z", "cvss_score": 9.1, "epss_score": 0.1008, "cvss_severity": "CRITICAL", "epss_percentile": 0.95038, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "147103f3-4ba9-473d-9805-210faf043d0f", "vulnerability": {"vulnId": "CVE-2026-1281", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:50:03+00:00"}, "gcve": {"object_uuid": "147103f3-4ba9-473d-9805-210faf043d0f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:50:03+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:50:03+00:00"}, "scope": {"notes": "KEVIntel entry: A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution. | Affected: Ivanti / Endpoint Manager Mobile | CVSS: 9.8 (CRITICAL) | EPSS: 0.81231 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-1281", "url": "https://www.cve.org/CVERecord?id=CVE-2026-1281"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-1281"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.", "vendor": "Ivanti", "product": "Endpoint Manager Mobile", "added_date": "2026-06-01T10:50:03.087Z", "cvss_score": 9.8, "epss_score": 0.81231, "cvss_severity": "CRITICAL", "epss_percentile": 0.99589, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "16f53288-424f-4458-b1fd-66324eaff5cc", "vulnerability": {"vulnId": "CVE-2026-24858", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:49:56+00:00"}, "gcve": {"object_uuid": "16f53288-424f-4458-b1fd-66324eaff5cc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:49:56+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:49:56+00:00"}, "scope": {"notes": "KEVIntel entry: An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5,... | Affected: Fortinet / FortiWeb, FortiNAC-F, FortiOS, FortiAnalyzer, FortiProxy, FortiManager | CVSS: 9.4 (CRITICAL) | EPSS: 0.55125 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-24858", "url": "https://www.cve.org/CVERecord?id=CVE-2026-24858"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-24858"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5,...", "vendor": "Fortinet", "product": "FortiWeb, FortiNAC-F, FortiOS, FortiAnalyzer, FortiProxy, FortiManager", "added_date": "2026-06-01T10:49:56.043Z", "cvss_score": 9.4, "epss_score": 0.55125, "cvss_severity": "CRITICAL", "epss_percentile": 0.98901, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f8a20284-afc4-46e9-b242-2d85a54d53bd", "vulnerability": {"vulnId": "CVE-2026-24061", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:49:50+00:00"}, "gcve": {"object_uuid": "f8a20284-afc4-46e9-b242-2d85a54d53bd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:49:50+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:49:50+00:00"}, "scope": {"notes": "KEVIntel entry: telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a \"-f root\" value for the USER environment variable. | Affected: GNU / Inetutils | CVSS: 9.8 (CRITICAL) | EPSS: 0.98871 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-24061", "url": "https://www.cve.org/CVERecord?id=CVE-2026-24061"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-24061"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a \"-f root\" value for the USER environment variable.", "vendor": "GNU", "product": "Inetutils", "added_date": "2026-06-01T10:49:50.064Z", "cvss_score": 9.8, "epss_score": 0.98871, "cvss_severity": "CRITICAL", "epss_percentile": 0.99921, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f60c5f80-e8a5-41d3-b70d-3de93bda7c25", "vulnerability": {"vulnId": "CVE-2026-21509", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:49:49+00:00"}, "gcve": {"object_uuid": "f60c5f80-e8a5-41d3-b70d-3de93bda7c25", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:49:49+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:49:49+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Office Security Feature Bypass Vulnerability | Affected: Microsoft / Microsoft 365 Apps for Enterprise, Microsoft Office 2016, Microsoft Office 2019, Microsoft Office LTSC 2021, Microsoft Office LTSC 2024 | CVSS: 7.8 (HIGH) | EPSS: 0.72152 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-21509", "url": "https://www.cve.org/CVERecord?id=CVE-2026-21509"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-21509"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Office Security Feature Bypass Vulnerability", "vendor": "Microsoft", "product": "Microsoft 365 Apps for Enterprise, Microsoft Office 2016, Microsoft Office 2019, Microsoft Office LTSC 2021, Microsoft Office LTSC 2024", "added_date": "2026-06-01T10:49:49.668Z", "cvss_score": 7.8, "epss_score": 0.72152, "cvss_severity": "HIGH", "epss_percentile": 0.99358, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d7fc8bad-997a-46dd-a1ca-429b21ffd5b0", "vulnerability": {"vulnId": "CVE-2026-23760", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:49:49+00:00"}, "gcve": {"object_uuid": "d7fc8bad-997a-46dd-a1ca-429b21ffd5b0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:49:49+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:49:49+00:00"}, "scope": {"notes": "KEVIntel entry: SmarterTools SmarterMail < Build 9511 Authentication Bypass via Password Reset API | Affected: SmarterTools / SmarterMail | CVSS: 9.3 (CRITICAL) | EPSS: 0.96268 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-23760", "url": "https://www.cve.org/CVERecord?id=CVE-2026-23760"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-23760"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SmarterTools SmarterMail < Build 9511 Authentication Bypass via Password Reset API", "vendor": "SmarterTools", "product": "SmarterMail", "added_date": "2026-06-01T10:49:49.943Z", "cvss_score": 9.3, "epss_score": 0.96268, "cvss_severity": "CRITICAL", "epss_percentile": 0.99872, "used_in_malware": "yes", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "32cbd4ac-9580-466f-ad98-37c17fa74f68", "vulnerability": {"vulnId": "CVE-2018-14634", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:49:47+00:00"}, "gcve": {"object_uuid": "32cbd4ac-9580-466f-ad98-37c17fa74f68", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:49:47+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:49:47+00:00"}, "scope": {"notes": "KEVIntel entry: An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise... | Affected: The Linux Foundation / kernel | CVSS: 7.8 (HIGH) | EPSS: 0.14806 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-14634", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14634"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-14634"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise...", "vendor": "The Linux Foundation", "product": "kernel", "added_date": "2026-06-01T10:49:47.154Z", "cvss_score": 7.8, "epss_score": 0.14806, "cvss_severity": "HIGH", "epss_percentile": 0.96258, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4583fd57-c0ba-4d7f-9e38-ddee28358051", "vulnerability": {"vulnId": "CVE-2025-52691", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:49:47+00:00"}, "gcve": {"object_uuid": "4583fd57-c0ba-4d7f-9e38-ddee28358051", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:49:47+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:49:47+00:00"}, "scope": {"notes": "KEVIntel entry: Upload Arbitrary Files | Affected: SmarterTools / SmarterMail | CVSS: 10.0 (CRITICAL) | EPSS: 0.85457 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-52691", "url": "https://www.cve.org/CVERecord?id=CVE-2025-52691"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-52691"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Upload Arbitrary Files", "vendor": "SmarterTools", "product": "SmarterMail", "added_date": "2026-06-01T10:49:47.987Z", "cvss_score": 10.0, "epss_score": 0.85457, "cvss_severity": "CRITICAL", "epss_percentile": 0.99692, "used_in_malware": "yes", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "33a1806b-4447-42ac-b7a1-b139dedf44fd", "vulnerability": {"vulnId": "CVE-2024-37079", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:49:38+00:00"}, "gcve": {"object_uuid": "33a1806b-4447-42ac-b7a1-b139dedf44fd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:49:38+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:49:38+00:00"}, "scope": {"notes": "KEVIntel entry: vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to... | Affected: VMware / vCenter Server | CVSS: 9.8 (CRITICAL) | EPSS: 0.22377 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-37079", "url": "https://www.cve.org/CVERecord?id=CVE-2024-37079"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-37079"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to...", "vendor": "VMware", "product": "vCenter Server", "added_date": "2026-06-01T10:49:38.439Z", "cvss_score": 9.8, "epss_score": 0.22377, "cvss_severity": "CRITICAL", "epss_percentile": 0.97393, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a4ece307-17b6-4061-ac8f-14c9145c9540", "vulnerability": {"vulnId": "CVE-2025-54313", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:49:32+00:00"}, "gcve": {"object_uuid": "a4ece307-17b6-4061-ac8f-14c9145c9540", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:49:32+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:49:32+00:00"}, "scope": {"notes": "KEVIntel entry: eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package... | Affected: prettier / eslint-config-prettier | CVSS: 7.5 (HIGH) | EPSS: 0.04105 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-54313", "url": "https://www.cve.org/CVERecord?id=CVE-2025-54313"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-54313"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package...", "vendor": "prettier", "product": "eslint-config-prettier", "added_date": "2026-06-01T10:49:32.926Z", "cvss_score": 7.5, "epss_score": 0.04105, "cvss_severity": "HIGH", "epss_percentile": 0.89457, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8408e86e-3523-493d-a6c8-716fb0814922", "vulnerability": {"vulnId": "CVE-2025-31125", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:49:32+00:00"}, "gcve": {"object_uuid": "8408e86e-3523-493d-a6c8-716fb0814922", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:49:32+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:49:32+00:00"}, "scope": {"notes": "KEVIntel entry: Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query | Affected: vitejs / vite | CVSS: 5.3 (MEDIUM) | EPSS: 0.59585 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-31125", "url": "https://www.cve.org/CVERecord?id=CVE-2025-31125"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-31125"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query", "vendor": "vitejs", "product": "vite", "added_date": "2026-06-01T10:49:32.672Z", "cvss_score": 5.3, "epss_score": 0.59585, "cvss_severity": "MEDIUM", "epss_percentile": 0.99007, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3b70e122-72dc-41b4-abb5-c72499aad920", "vulnerability": {"vulnId": "CVE-2025-34026", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:49:32+00:00"}, "gcve": {"object_uuid": "3b70e122-72dc-41b4-abb5-c72499aad920", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:49:32+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:49:32+00:00"}, "scope": {"notes": "KEVIntel entry: Versa Concerto Actuator Authentication Bypass Information Leak | Affected: Versa / Concerto | CVSS: 9.2 (CRITICAL) | EPSS: 0.83381 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-34026", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34026"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-34026"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Versa Concerto Actuator Authentication Bypass Information Leak", "vendor": "Versa", "product": "Concerto", "added_date": "2026-06-01T10:49:32.706Z", "cvss_score": 9.2, "epss_score": 0.83381, "cvss_severity": "CRITICAL", "epss_percentile": 0.99644, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5d7ff07d-8b41-439d-bc19-b8a91a3e3795", "vulnerability": {"vulnId": "CVE-2026-20045", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:49:29+00:00"}, "gcve": {"object_uuid": "5d7ff07d-8b41-439d-bc19-b8a91a3e3795", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:49:29+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:49:29+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco Unified Communications Products Remote Code Execution Vulnerability | Affected: Cisco / Cisco Unified Communications Manager, Cisco Unified Communications Manager IM and Presence Service, Cisco Unity Connection | CVSS: 8.2 (HIGH) | EPSS: 0.04307 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-20045", "url": "https://www.cve.org/CVERecord?id=CVE-2026-20045"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-20045"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco Unified Communications Products Remote Code Execution Vulnerability", "vendor": "Cisco", "product": "Cisco Unified Communications Manager, Cisco Unified Communications Manager IM and Presence Service, Cisco Unity Connection", "added_date": "2026-06-01T10:49:29.465Z", "cvss_score": 8.2, "epss_score": 0.04307, "cvss_severity": "HIGH", "epss_percentile": 0.89883, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "859f60ae-8fa9-4184-a7df-805288608ebd", "vulnerability": {"vulnId": "CVE-2026-20805", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:48:47+00:00"}, "gcve": {"object_uuid": "859f60ae-8fa9-4184-a7df-805288608ebd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:48:47+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:48:47+00:00"}, "scope": {"notes": "KEVIntel entry: Desktop Window Manager Information Disclosure Vulnerability | Affected: Microsoft / Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows 11 Version 25H2, Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 5.5 (MEDIUM) | EPSS: 0.05028 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-20805", "url": "https://www.cve.org/CVERecord?id=CVE-2026-20805"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-20805"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Desktop Window Manager Information Disclosure Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows 11 Version 25H2, Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2026-06-01T10:48:47.515Z", "cvss_score": 5.5, "epss_score": 0.05028, "cvss_severity": "MEDIUM", "epss_percentile": 0.91157, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d5989f94-198e-4bc1-8433-2caad530eef2", "vulnerability": {"vulnId": "CVE-2025-70974", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:48:34+00:00"}, "gcve": {"object_uuid": "d5989f94-198e-4bc1-8433-2caad530eef2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:48:34+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:48:34+00:00"}, "scope": {"notes": "KEVIntel entry: Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class,... | Affected: Alibaba / Fastjson | CVSS: 10.0 (CRITICAL) | EPSS: 0.00571 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-70974", "url": "https://www.cve.org/CVERecord?id=CVE-2025-70974"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-70974"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class,...", "vendor": "Alibaba", "product": "Fastjson", "added_date": "2026-06-01T10:48:34.862Z", "cvss_score": 10.0, "epss_score": 0.00571, "cvss_severity": "CRITICAL", "epss_percentile": 0.42726, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "dd1d2861-b6d5-4226-97b1-f9addbf3c001", "vulnerability": {"vulnId": "CVE-2025-37164", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:48:30+00:00"}, "gcve": {"object_uuid": "dd1d2861-b6d5-4226-97b1-f9addbf3c001", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:48:30+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:48:30+00:00"}, "scope": {"notes": "KEVIntel entry: A remote code execution issue exists in HPE OneView. | Affected: Hewlett Packard Enterprise (HPE) / HPE OneView | CVSS: 10.0 (CRITICAL) | EPSS: 0.89733 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-37164", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37164"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-37164"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A remote code execution issue exists in HPE OneView.", "vendor": "Hewlett Packard Enterprise (HPE)", "product": "HPE OneView", "added_date": "2026-06-01T10:48:30.125Z", "cvss_score": 10.0, "epss_score": 0.89733, "cvss_severity": "CRITICAL", "epss_percentile": 0.99773, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "48710485-cc37-4687-8063-09c1f5872cfe", "vulnerability": {"vulnId": "CVE-2026-0625", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:47:41+00:00"}, "gcve": {"object_uuid": "48710485-cc37-4687-8063-09c1f5872cfe", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:47:41+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:47:41+00:00"}, "scope": {"notes": "KEVIntel entry: D-Link DSL/DIR/DNS Authentication Bypass via DNS Configuration Endpoint | Affected: D-Link / DSL-2640B, DSL-2740R, DSL-2780B, DSL-526B, DSL-2640T, DSL-500, DSL-500G, DSL-502G, DIR-905L, DIR-600, DIR-608, DIR-610, DIR-611, DIR-615, DNS-320, DNS-325, DNS-345 | CVSS: 9.3 (CRITICAL) | EPSS: 0.00964 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-0625", "url": "https://www.cve.org/CVERecord?id=CVE-2026-0625"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-0625"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "D-Link DSL/DIR/DNS Authentication Bypass via DNS Configuration Endpoint", "vendor": "D-Link", "product": "DSL-2640B, DSL-2740R, DSL-2780B, DSL-526B, DSL-2640T, DSL-500, DSL-500G, DSL-502G, DIR-905L, DIR-600, DIR-608, DIR-610, DIR-611, DIR-615, DNS-320, DNS-325, DNS-345", "added_date": "2026-06-01T10:47:41.999Z", "cvss_score": 9.3, "epss_score": 0.00964, "cvss_severity": "CRITICAL", "epss_percentile": 0.57021, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "1ef96ebd-2685-4dd4-a684-e1d2f2eb90a4", "vulnerability": {"vulnId": "CVE-2025-14847", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:47:16+00:00"}, "gcve": {"object_uuid": "1ef96ebd-2685-4dd4-a684-e1d2f2eb90a4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:47:16+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:47:16+00:00"}, "scope": {"notes": "KEVIntel entry: Zlib compressed protocol header length confusion may allow memory read | Affected: MongoDB Inc. / MongoDB Server | CVSS: 8.7 (HIGH) | EPSS: 0.83007 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-14847", "url": "https://www.cve.org/CVERecord?id=CVE-2025-14847"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-14847"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Zlib compressed protocol header length confusion may allow memory read", "vendor": "MongoDB Inc.", "product": "MongoDB Server", "added_date": "2026-06-01T10:47:16.660Z", "cvss_score": 8.7, "epss_score": 0.83007, "cvss_severity": "HIGH", "epss_percentile": 0.99634, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "32f002c5-40fc-4e00-afa4-5e3e9781bcdc", "vulnerability": {"vulnId": "CVE-2023-52163", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:46:47+00:00"}, "gcve": {"object_uuid": "32f002c5-40fc-4e00-afa4-5e3e9781bcdc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:46:47+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:46:47+00:00"}, "scope": {"notes": "KEVIntel entry: Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no... | Affected: Digiever / DS-2105 Pro | CVSS: 8.8 (HIGH) | EPSS: 0.96285 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-52163", "url": "https://www.cve.org/CVERecord?id=CVE-2023-52163"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-52163"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no...", "vendor": "Digiever", "product": "DS-2105 Pro", "added_date": "2026-06-01T10:46:47.886Z", "cvss_score": 8.8, "epss_score": 0.96285, "cvss_severity": "HIGH", "epss_percentile": 0.99873, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "16167f2c-ed43-48f9-9e7f-bc5d956e0d92", "vulnerability": {"vulnId": "CVE-2025-14733", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:46:40+00:00"}, "gcve": {"object_uuid": "16167f2c-ed43-48f9-9e7f-bc5d956e0d92", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:46:40+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:46:40+00:00"}, "scope": {"notes": "KEVIntel entry: WatchGuard Firebox iked Out of Bounds Write Vulnerability | Affected: WatchGuard / Fireware OS | CVSS: 9.3 (CRITICAL) | EPSS: 0.17469 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-14733", "url": "https://www.cve.org/CVERecord?id=CVE-2025-14733"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-14733"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WatchGuard Firebox iked Out of Bounds Write Vulnerability", "vendor": "WatchGuard", "product": "Fireware OS", "added_date": "2026-06-01T10:46:40.736Z", "cvss_score": 9.3, "epss_score": 0.17469, "cvss_severity": "CRITICAL", "epss_percentile": 0.96747, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "bd12518c-2b2a-4cce-8ede-c2c93a67e7f8", "vulnerability": {"vulnId": "CVE-2025-40602", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:46:36+00:00"}, "gcve": {"object_uuid": "bd12518c-2b2a-4cce-8ede-c2c93a67e7f8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:46:36+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:46:36+00:00"}, "scope": {"notes": "KEVIntel entry: A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC). | Affected: SonicWall / SMA1000 | CVSS: 6.6 (MEDIUM) | EPSS: 0.0191 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-40602", "url": "https://www.cve.org/CVERecord?id=CVE-2025-40602"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-40602"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).", "vendor": "SonicWall", "product": "SMA1000", "added_date": "2026-06-01T10:46:36.396Z", "cvss_score": 6.6, "epss_score": 0.0191, "cvss_severity": "MEDIUM", "epss_percentile": 0.77115, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "db64f141-155a-4f20-8fe2-6c0289cf8ca8", "vulnerability": {"vulnId": "CVE-2025-59374", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:46:31+00:00"}, "gcve": {"object_uuid": "db64f141-155a-4f20-8fe2-6c0289cf8ca8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:46:31+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:46:31+00:00"}, "scope": {"notes": "KEVIntel entry: \"UNSUPPORTED WHEN ASSIGNED\"\u00a0Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced... | Affected: ASUS / live update | CVSS: 9.3 (CRITICAL) | EPSS: 0.01084 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-59374", "url": "https://www.cve.org/CVERecord?id=CVE-2025-59374"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-59374"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "\"UNSUPPORTED WHEN ASSIGNED\"\u00a0Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced...", "vendor": "ASUS", "product": "live update", "added_date": "2026-06-01T10:46:31.422Z", "cvss_score": 9.3, "epss_score": 0.01084, "cvss_severity": "CRITICAL", "epss_percentile": 0.60893, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "77dcda63-cbc6-4836-893b-a151ce36323c", "vulnerability": {"vulnId": "CVE-2025-43529", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:46:30+00:00"}, "gcve": {"object_uuid": "77dcda63-cbc6-4836-893b-a151ce36323c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:46:30+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:46:30+00:00"}, "scope": {"notes": "KEVIntel entry: A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2... | Affected: Apple / Safari, iOS and iPadOS, macOS, tvOS, visionOS, watchOS | CVSS: 8.8 (HIGH) | EPSS: 0.07997 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-43529", "url": "https://www.cve.org/CVERecord?id=CVE-2025-43529"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-43529"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2...", "vendor": "Apple", "product": "Safari, iOS and iPadOS, macOS, tvOS, visionOS, watchOS", "added_date": "2026-06-01T10:46:30.893Z", "cvss_score": 8.8, "epss_score": 0.07997, "cvss_severity": "HIGH", "epss_percentile": 0.94022, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5484c3a8-21b3-442b-b8c2-a481c5f50606", "vulnerability": {"vulnId": "CVE-2025-20393", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:46:29+00:00"}, "gcve": {"object_uuid": "5484c3a8-21b3-442b-b8c2-a481c5f50606", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:46:29+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:46:29+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco Secure Email Gateway and Cisco Secure Email and Web Manager Remote Command Execution Vulnerability | Affected: Cisco / Cisco Secure Email, Cisco Secure Email and Web Manager | CVSS: 10.0 (CRITICAL) | EPSS: 0.2906 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-20393", "url": "https://www.cve.org/CVERecord?id=CVE-2025-20393"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-20393"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco Secure Email Gateway and Cisco Secure Email and Web Manager Remote Command Execution Vulnerability", "vendor": "Cisco", "product": "Cisco Secure Email, Cisco Secure Email and Web Manager", "added_date": "2026-06-01T10:46:29.170Z", "cvss_score": 10.0, "epss_score": 0.2906, "cvss_severity": "CRITICAL", "epss_percentile": 0.97916, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "fcdf2e9e-b666-4c5e-841f-e45d9a44de94", "vulnerability": {"vulnId": "CVE-2025-59718", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:46:24+00:00"}, "gcve": {"object_uuid": "fcdf2e9e-b666-4c5e-841f-e45d9a44de94", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:46:24+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:46:24+00:00"}, "scope": {"notes": "KEVIntel entry: A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS... | Affected: Fortinet / FortiSwitchManager, FortiOS, FortiProxy | CVSS: 9.1 (CRITICAL) | EPSS: 0.63476 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-59718", "url": "https://www.cve.org/CVERecord?id=CVE-2025-59718"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-59718"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS...", "vendor": "Fortinet", "product": "FortiSwitchManager, FortiOS, FortiProxy", "added_date": "2026-06-01T10:46:24.196Z", "cvss_score": 9.1, "epss_score": 0.63476, "cvss_severity": "CRITICAL", "epss_percentile": 0.99107, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "68a83d16-37d9-45d4-a796-0febf8136815", "vulnerability": {"vulnId": "CVE-2025-14611", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:46:18+00:00"}, "gcve": {"object_uuid": "68a83d16-37d9-45d4-a796-0febf8136815", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:46:18+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:46:18+00:00"}, "scope": {"notes": "KEVIntel entry: Gladinet CentreStack and TrioFox Hard Coded AES Keys | Affected: Gladinet / CentreStack and TrioFox | CVSS: 7.1 (HIGH) | EPSS: 0.50949 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-14611", "url": "https://www.cve.org/CVERecord?id=CVE-2025-14611"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-14611"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Gladinet CentreStack and TrioFox Hard Coded AES Keys", "vendor": "Gladinet", "product": "CentreStack and TrioFox", "added_date": "2026-06-01T10:46:18.575Z", "cvss_score": 7.1, "epss_score": 0.50949, "cvss_severity": "HIGH", "epss_percentile": 0.98788, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "110f27da-3a20-4630-99e7-b3aa57e14a46", "vulnerability": {"vulnId": "CVE-2025-14174", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:46:09+00:00"}, "gcve": {"object_uuid": "110f27da-3a20-4630-99e7-b3aa57e14a46", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:46:09+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:46:09+00:00"}, "scope": {"notes": "KEVIntel entry: Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | EPSS: 0.22216 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-14174", "url": "https://www.cve.org/CVERecord?id=CVE-2025-14174"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-14174"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory...", "vendor": "Google", "product": "Chrome", "added_date": "2026-06-01T10:46:09.100Z", "cvss_score": 8.8, "epss_score": 0.22216, "cvss_severity": "HIGH", "epss_percentile": 0.97377, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3e69b44f-d6d0-4970-aa38-ce7488babba2", "vulnerability": {"vulnId": "CVE-2018-4063", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:46:08+00:00"}, "gcve": {"object_uuid": "3e69b44f-d6d0-4970-aa38-ce7488babba2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:46:08+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:46:08+00:00"}, "scope": {"notes": "KEVIntel entry: An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially... | Affected: Sierra Wireless / Sierra Wireless | CVSS: 8.8 (HIGH) | EPSS: 0.28056 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-4063", "url": "https://www.cve.org/CVERecord?id=CVE-2018-4063"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-4063"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially...", "vendor": "Sierra Wireless", "product": "Sierra Wireless", "added_date": "2026-06-01T10:46:08.186Z", "cvss_score": 8.8, "epss_score": 0.28056, "cvss_severity": "HIGH", "epss_percentile": 0.97855, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "07f0ec99-e607-403e-b196-9bae89aa2d1c", "vulnerability": {"vulnId": "CVE-2025-8110", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:46:00+00:00"}, "gcve": {"object_uuid": "07f0ec99-e607-403e-b196-9bae89aa2d1c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:46:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:46:00+00:00"}, "scope": {"notes": "KEVIntel entry: File overwrite in file update API in Gogs | Affected: Gogs / Gogs | CVSS: 8.7 (HIGH) | EPSS: 0.7694 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-8110", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8110"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-8110"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "File overwrite in file update API in Gogs", "vendor": "Gogs", "product": "Gogs", "added_date": "2026-06-01T10:46:00.080Z", "cvss_score": 8.7, "epss_score": 0.7694, "cvss_severity": "HIGH", "epss_percentile": 0.99491, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "dcc57549-0cfd-4131-85b7-0bea1b70f58f", "vulnerability": {"vulnId": "CVE-2025-62221", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:45:52+00:00"}, "gcve": {"object_uuid": "dcc57549-0cfd-4131-85b7-0bea1b70f58f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:45:52+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:45:52+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows 11 Version 25H2, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 7.8 (HIGH) | EPSS: 0.02342 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-62221", "url": "https://www.cve.org/CVERecord?id=CVE-2025-62221"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-62221"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows 11 Version 25H2, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2026-06-01T10:45:52.438Z", "cvss_score": 7.8, "epss_score": 0.02342, "cvss_severity": "HIGH", "epss_percentile": 0.81422, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "800d33ff-f775-4c3a-a615-ccc5adc51339", "vulnerability": {"vulnId": "CVE-2025-6218", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:45:52+00:00"}, "gcve": {"object_uuid": "800d33ff-f775-4c3a-a615-ccc5adc51339", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:45:52+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:45:52+00:00"}, "scope": {"notes": "KEVIntel entry: RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability | Affected: RARLAB / WinRAR | CVSS: 7.8 (HIGH) | EPSS: 0.81491 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-6218", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6218"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-6218"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability", "vendor": "RARLAB", "product": "WinRAR", "added_date": "2026-06-01T10:45:52.319Z", "cvss_score": 7.8, "epss_score": 0.81491, "cvss_severity": "HIGH", "epss_percentile": 0.99594, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d4561977-e616-44a3-8c35-7827e61213bc", "vulnerability": {"vulnId": "CVE-2025-48633", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:45:51+00:00"}, "gcve": {"object_uuid": "d4561977-e616-44a3-8c35-7827e61213bc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:45:51+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:45:51+00:00"}, "scope": {"notes": "KEVIntel entry: In hasAccountsOnAnyUser of DevicePolicyManagerService.java, there is a possible way to add a Device Owner after provisioning due to a logic error... | Affected: Google / Android | CVSS: 5.5 (MEDIUM) | EPSS: 0.00231 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-48633", "url": "https://www.cve.org/CVERecord?id=CVE-2025-48633"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-48633"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In hasAccountsOnAnyUser of DevicePolicyManagerService.java, there is a possible way to add a Device Owner after provisioning due to a logic error...", "vendor": "Google", "product": "Android", "added_date": "2026-06-01T10:45:51.594Z", "cvss_score": 5.5, "epss_score": 0.00231, "cvss_severity": "MEDIUM", "epss_percentile": 0.13755, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "930a6f19-6069-415a-a1e7-4603f66ce974", "vulnerability": {"vulnId": "CVE-2025-48572", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:45:45+00:00"}, "gcve": {"object_uuid": "930a6f19-6069-415a-a1e7-4603f66ce974", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:45:45+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:45:45+00:00"}, "scope": {"notes": "KEVIntel entry: In multiple locations, there is a possible way to launch activities from the background due to a permissions bypass. This could lead to local... | Affected: Google / Android | CVSS: 7.8 (HIGH) | EPSS: 0.00215 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-48572", "url": "https://www.cve.org/CVERecord?id=CVE-2025-48572"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-48572"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In multiple locations, there is a possible way to launch activities from the background due to a permissions bypass. This could lead to local...", "vendor": "Google", "product": "Android", "added_date": "2026-06-01T10:45:45.287Z", "cvss_score": 7.8, "epss_score": 0.00215, "cvss_severity": "HIGH", "epss_percentile": 0.11787, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "08170e76-e461-44d3-b6ed-d970e64c52aa", "vulnerability": {"vulnId": "CVE-2022-37055", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:45:43+00:00"}, "gcve": {"object_uuid": "08170e76-e461-44d3-b6ed-d970e64c52aa", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:45:43+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:45:43+00:00"}, "scope": {"notes": "KEVIntel entry: D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main, | Affected: D-Link / Go-RT-AC750 | CVSS: 9.8 (CRITICAL) | EPSS: 0.57037 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-37055", "url": "https://www.cve.org/CVERecord?id=CVE-2022-37055"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-37055"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main,", "vendor": "D-Link", "product": "Go-RT-AC750", "added_date": "2026-06-01T10:45:43.741Z", "cvss_score": 9.8, "epss_score": 0.57037, "cvss_severity": "CRITICAL", "epss_percentile": 0.98945, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a09dc00e-32ca-421a-8440-e4590c166e61", "vulnerability": {"vulnId": "CVE-2025-66644", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:45:37+00:00"}, "gcve": {"object_uuid": "a09dc00e-32ca-421a-8440-e4590c166e61", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:45:37+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:45:37+00:00"}, "scope": {"notes": "KEVIntel entry: Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025. | Affected: Array Networks / ArrayOS AG | CVSS: 7.2 (HIGH) | EPSS: 0.03046 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-66644", "url": "https://www.cve.org/CVERecord?id=CVE-2025-66644"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-66644"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025.", "vendor": "Array Networks", "product": "ArrayOS AG", "added_date": "2026-06-01T10:45:37.791Z", "cvss_score": 7.2, "epss_score": 0.03046, "cvss_severity": "HIGH", "epss_percentile": 0.85835, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e98a4e98-1105-4fec-8461-0327ea86d121", "vulnerability": {"vulnId": "CVE-2021-26828", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:45:29+00:00"}, "gcve": {"object_uuid": "e98a4e98-1105-4fec-8461-0327ea86d121", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:45:29+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:45:29+00:00"}, "scope": {"notes": "KEVIntel entry: OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files... | Affected: OpenPLC / ScadaBR | CVSS: 8.8 (HIGH) | EPSS: 0.39356 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-26828", "url": "https://www.cve.org/CVERecord?id=CVE-2021-26828"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-26828"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files...", "vendor": "OpenPLC", "product": "ScadaBR", "added_date": "2026-06-01T10:45:29.301Z", "cvss_score": 8.8, "epss_score": 0.39356, "cvss_severity": "HIGH", "epss_percentile": 0.98423, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f5e03e3d-6736-4f89-bb46-c1ad58c1437f", "vulnerability": {"vulnId": "CVE-2021-26829", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:45:14+00:00"}, "gcve": {"object_uuid": "f5e03e3d-6736-4f89-bb46-c1ad58c1437f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:45:14+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:45:14+00:00"}, "scope": {"notes": "KEVIntel entry: OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm. | Affected: OpenPLC / ScadaBR | CVSS: 5.4 (MEDIUM) | EPSS: 0.4805 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-26829", "url": "https://www.cve.org/CVERecord?id=CVE-2021-26829"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-26829"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.", "vendor": "OpenPLC", "product": "ScadaBR", "added_date": "2026-06-01T10:45:14.727Z", "cvss_score": 5.4, "epss_score": 0.4805, "cvss_severity": "MEDIUM", "epss_percentile": 0.98709, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9d8e5dfa-cd6b-4d67-be18-91c4abf4bb7a", "vulnerability": {"vulnId": "CVE-2025-61757", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:44:54+00:00"}, "gcve": {"object_uuid": "9d8e5dfa-cd6b-4d67-be18-91c4abf4bb7a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:44:54+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:44:54+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices).  Supported versions that are affected are... | Affected: Oracle Corporation / Identity Manager | CVSS: 9.8 (CRITICAL) | EPSS: 0.88312 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-61757", "url": "https://www.cve.org/CVERecord?id=CVE-2025-61757"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-61757"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices).  Supported versions that are affected are...", "vendor": "Oracle Corporation", "product": "Identity Manager", "added_date": "2026-06-01T10:44:54.382Z", "cvss_score": 9.8, "epss_score": 0.88312, "cvss_severity": "CRITICAL", "epss_percentile": 0.99749, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ab2dbe9d-1861-4c71-ae4d-8a7bc32a8806", "vulnerability": {"vulnId": "CVE-2025-13223", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:44:40+00:00"}, "gcve": {"object_uuid": "ab2dbe9d-1861-4c71-ae4d-8a7bc32a8806", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:44:40+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:44:40+00:00"}, "scope": {"notes": "KEVIntel entry: Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | EPSS: 0.04835 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-13223", "url": "https://www.cve.org/CVERecord?id=CVE-2025-13223"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-13223"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...", "vendor": "Google", "product": "Chrome", "added_date": "2026-06-01T10:44:40.499Z", "cvss_score": 8.8, "epss_score": 0.04835, "cvss_severity": "HIGH", "epss_percentile": 0.90861, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6358f07c-ed73-4765-b9e4-8d783368230e", "vulnerability": {"vulnId": "CVE-2025-58034", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:44:37+00:00"}, "gcve": {"object_uuid": "6358f07c-ed73-4765-b9e4-8d783368230e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:44:37+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:44:37+00:00"}, "scope": {"notes": "KEVIntel entry: An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet... | Affected: Fortinet / FortiWeb | CVSS: 7.2 (HIGH) | EPSS: 0.54376 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-58034", "url": "https://www.cve.org/CVERecord?id=CVE-2025-58034"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-58034"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet...", "vendor": "Fortinet", "product": "FortiWeb", "added_date": "2026-06-01T10:44:37.322Z", "cvss_score": 7.2, "epss_score": 0.54376, "cvss_severity": "HIGH", "epss_percentile": 0.98881, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "27869bc2-c218-49f7-a80f-eca4adf56069", "vulnerability": {"vulnId": "CVE-2025-64446", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:44:27+00:00"}, "gcve": {"object_uuid": "27869bc2-c218-49f7-a80f-eca4adf56069", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:44:27+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:44:27+00:00"}, "scope": {"notes": "KEVIntel entry: A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9,... | Affected: Fortinet / FortiWeb | CVSS: 9.8 (CRITICAL) | EPSS: 0.89526 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-64446", "url": "https://www.cve.org/CVERecord?id=CVE-2025-64446"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-64446"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9,...", "vendor": "Fortinet", "product": "FortiWeb", "added_date": "2026-06-01T10:44:27.410Z", "cvss_score": 9.8, "epss_score": 0.89526, "cvss_severity": "CRITICAL", "epss_percentile": 0.9977, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cad9cb56-6235-4153-bbc2-d31860b467da", "vulnerability": {"vulnId": "CVE-2025-62215", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:44:18+00:00"}, "gcve": {"object_uuid": "cad9cb56-6235-4153-bbc2-d31860b467da", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:44:18+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:44:18+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Kernel Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows 11 Version 25H2, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 7.0 (HIGH) | EPSS: 0.061 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-62215", "url": "https://www.cve.org/CVERecord?id=CVE-2025-62215"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-62215"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Kernel Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows 11 Version 25H2, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2026-06-01T10:44:18.788Z", "cvss_score": 7.0, "epss_score": 0.061, "cvss_severity": "HIGH", "epss_percentile": 0.92501, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9d7ce5df-e8d6-4e4b-b3e6-62ae10d58d37", "vulnerability": {"vulnId": "CVE-2025-9242", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:44:15+00:00"}, "gcve": {"object_uuid": "9d7ce5df-e8d6-4e4b-b3e6-62ae10d58d37", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:44:15+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:44:15+00:00"}, "scope": {"notes": "KEVIntel entry: WatchGuard Firebox iked Out of Bounds Write Vulnerability | Affected: WatchGuard / Fireware OS | CVSS: 9.3 (CRITICAL) | EPSS: 0.8637 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-9242", "url": "https://www.cve.org/CVERecord?id=CVE-2025-9242"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-9242"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WatchGuard Firebox iked Out of Bounds Write Vulnerability", "vendor": "WatchGuard", "product": "Fireware OS", "added_date": "2026-06-01T10:44:15.178Z", "cvss_score": 9.3, "epss_score": 0.8637, "cvss_severity": "CRITICAL", "epss_percentile": 0.99709, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "63488ac0-7a6d-44e2-bd42-f57dd4edf1af", "vulnerability": {"vulnId": "CVE-2025-12480", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:44:14+00:00"}, "gcve": {"object_uuid": "63488ac0-7a6d-44e2-bd42-f57dd4edf1af", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:44:14+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:44:14+00:00"}, "scope": {"notes": "KEVIntel entry: Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after... | Affected: TrioFox / TrioFox | CVSS: 9.1 (CRITICAL) | EPSS: 0.90355 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-12480", "url": "https://www.cve.org/CVERecord?id=CVE-2025-12480"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-12480"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after...", "vendor": "TrioFox", "product": "TrioFox", "added_date": "2026-06-01T10:44:14.076Z", "cvss_score": 9.1, "epss_score": 0.90355, "cvss_severity": "CRITICAL", "epss_percentile": 0.99785, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "723095e6-f495-4fdb-9766-4d0cc8abb650", "vulnerability": {"vulnId": "CVE-2025-21042", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:44:11+00:00"}, "gcve": {"object_uuid": "723095e6-f495-4fdb-9766-4d0cc8abb650", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:44:11+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:44:11+00:00"}, "scope": {"notes": "KEVIntel entry: Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code. | Affected: Samsung Mobile / Samsung Mobile Devices | CVSS: 8.8 (HIGH) | EPSS: 0.11606 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-21042", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21042"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-21042"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code.", "vendor": "Samsung Mobile", "product": "Samsung Mobile Devices", "added_date": "2026-06-01T10:44:11.029Z", "cvss_score": 8.8, "epss_score": 0.11606, "cvss_severity": "HIGH", "epss_percentile": 0.95493, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b02a5fd7-512c-4b0a-902c-23446e806cf0", "vulnerability": {"vulnId": "CVE-2023-7305", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:44:04+00:00"}, "gcve": {"object_uuid": "b02a5fd7-512c-4b0a-902c-23446e806cf0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:44:04+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:44:04+00:00"}, "scope": {"notes": "KEVIntel entry: SmartBI RMIServlet Unrestricted File Upload RCE | Affected: Guangzhou Smart Software Co., Ltd. / SmartBI | CVSS: 9.2 (CRITICAL) | EPSS: 0.00485 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-7305", "url": "https://www.cve.org/CVERecord?id=CVE-2023-7305"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-7305"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SmartBI RMIServlet Unrestricted File Upload RCE", "vendor": "Guangzhou Smart Software Co., Ltd.", "product": "SmartBI", "added_date": "2026-06-01T10:44:04.051Z", "cvss_score": 9.2, "epss_score": 0.00485, "cvss_severity": "CRITICAL", "epss_percentile": 0.37911, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "d7c3f8c1-5da5-45a9-88cb-658578942e6c", "vulnerability": {"vulnId": "CVE-2025-9491", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:43:58+00:00"}, "gcve": {"object_uuid": "d7c3f8c1-5da5-45a9-88cb-658578942e6c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:43:58+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:43:58+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability | Affected: Microsoft / Windows | CVSS: 4.6 (MEDIUM) | EPSS: 0.63102 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-9491", "url": "https://www.cve.org/CVERecord?id=CVE-2025-9491"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-9491"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Windows", "added_date": "2026-06-01T10:43:58.121Z", "cvss_score": 4.6, "epss_score": 0.63102, "cvss_severity": "MEDIUM", "epss_percentile": 0.99096, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "cfca501f-d082-4e16-b6e9-6aa8ebcabd6d", "vulnerability": {"vulnId": "CVE-2025-48703", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:43:53+00:00"}, "gcve": {"object_uuid": "cfca501f-d082-4e16-b6e9-6aa8ebcabd6d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:43:53+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:43:53+00:00"}, "scope": {"notes": "KEVIntel entry: CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the... | Affected: centos-webpanel / CentOS Web Panel | CVSS: 9.0 (CRITICAL) | EPSS: 0.99589 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-48703", "url": "https://www.cve.org/CVERecord?id=CVE-2025-48703"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-48703"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the...", "vendor": "centos-webpanel", "product": "CentOS Web Panel", "added_date": "2026-06-01T10:43:53.018Z", "cvss_score": 9.0, "epss_score": 0.99589, "cvss_severity": "CRITICAL", "epss_percentile": 0.99943, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "351ab36b-0ff4-4309-a575-3484c246a7ba", "vulnerability": {"vulnId": "CVE-2025-11371", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:43:51+00:00"}, "gcve": {"object_uuid": "351ab36b-0ff4-4309-a575-3484c246a7ba", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:43:51+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:43:51+00:00"}, "scope": {"notes": "KEVIntel entry: Gladinet CentreStack and TrioFox Local File Inclusion Flaw | Affected: Gladinet / CentreStack and TrioFox | CVSS: 7.5 (HIGH) | EPSS: 0.92094 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-11371", "url": "https://www.cve.org/CVERecord?id=CVE-2025-11371"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-11371"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Gladinet CentreStack and TrioFox Local File Inclusion Flaw", "vendor": "Gladinet", "product": "CentreStack and TrioFox", "added_date": "2026-06-01T10:43:51.348Z", "cvss_score": 7.5, "epss_score": 0.92094, "cvss_severity": "HIGH", "epss_percentile": 0.99808, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cd84c83e-7886-4c4b-9039-16bdc1e51e4f", "vulnerability": {"vulnId": "CVE-2024-13991", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:43:25+00:00"}, "gcve": {"object_uuid": "cd84c83e-7886-4c4b-9039-16bdc1e51e4f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:43:25+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:43:25+00:00"}, "scope": {"notes": "KEVIntel entry: Huijietong Cloud Video Platform fileDownload Arbitrary File Read | Affected: Huijietong / Cloud Video Platform | CVSS: 8.7 (HIGH) | EPSS: 0.00418 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-13991", "url": "https://www.cve.org/CVERecord?id=CVE-2024-13991"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-13991"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Huijietong Cloud Video Platform fileDownload Arbitrary File Read", "vendor": "Huijietong", "product": "Cloud Video Platform", "added_date": "2026-06-01T10:43:25.122Z", "cvss_score": 8.7, "epss_score": 0.00418, "cvss_severity": "HIGH", "epss_percentile": 0.33296, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "b5a5c214-48ed-4ff3-a734-c536eee99ec4", "vulnerability": {"vulnId": "CVE-2025-43027", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:43:11+00:00"}, "gcve": {"object_uuid": "b5a5c214-48ed-4ff3-a734-c536eee99ec4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:43:11+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:43:11+00:00"}, "scope": {"notes": "KEVIntel entry: A critical severity vulnerability has been identified in the ALPR Manager role of Security Center that could allow attackers to gain administrative... | Affected: Genetec Inc. / Genetec Security Center | CVSS: 9.8 (CRITICAL) | EPSS: 0.00302 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-43027", "url": "https://www.cve.org/CVERecord?id=CVE-2025-43027"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-43027"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A critical severity vulnerability has been identified in the ALPR Manager role of Security Center that could allow attackers to gain administrative...", "vendor": "Genetec Inc.", "product": "Genetec Security Center", "added_date": "2026-06-01T10:43:11.614Z", "cvss_score": 9.8, "epss_score": 0.00302, "cvss_severity": "CRITICAL", "epss_percentile": 0.2167, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "9b7abdea-f8d8-49af-abbe-91d0c91f39b2", "vulnerability": {"vulnId": "CVE-2025-41244", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:43:11+00:00"}, "gcve": {"object_uuid": "9b7abdea-f8d8-49af-abbe-91d0c91f39b2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:43:11+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:43:11+00:00"}, "scope": {"notes": "KEVIntel entry: VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246) | Affected: VMware / VCF operations, VMware tools, VMware Aria Operations, VMware Cloud Foundation, VMware Telco Cloud Platform, VMware Telco Cloud Infrastructure | CVSS: 7.8 (HIGH) | EPSS: 0.07606 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-41244", "url": "https://www.cve.org/CVERecord?id=CVE-2025-41244"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-41244"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)", "vendor": "VMware", "product": "VCF operations, VMware tools, VMware Aria Operations, VMware Cloud Foundation, VMware Telco Cloud Platform, VMware Telco Cloud Infrastructure", "added_date": "2026-06-01T10:43:11.593Z", "cvss_score": 7.8, "epss_score": 0.07606, "cvss_severity": "HIGH", "epss_percentile": 0.93776, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "06d57e76-aa95-42f0-9fb1-3d0572311812", "vulnerability": {"vulnId": "CVE-2021-4461", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:43:10+00:00"}, "gcve": {"object_uuid": "06d57e76-aa95-42f0-9fb1-3d0572311812", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:43:10+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:43:10+00:00"}, "scope": {"notes": "KEVIntel entry: Seeyon Zhiyuan OA Web Application System < 7.0 SP1 Authentication Bypass | Affected: Seeyon / Zhiyuan OA Web Application System | CVSS: 9.3 (CRITICAL) | EPSS: 0.00551 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-4461", "url": "https://www.cve.org/CVERecord?id=CVE-2021-4461"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-4461"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Seeyon Zhiyuan OA Web Application System < 7.0 SP1 Authentication Bypass", "vendor": "Seeyon", "product": "Zhiyuan OA Web Application System", "added_date": "2026-06-01T10:43:10.427Z", "cvss_score": 9.3, "epss_score": 0.00551, "cvss_severity": "CRITICAL", "epss_percentile": 0.41663, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "3d483c3f-74ac-468f-b3fc-f75a013535ea", "vulnerability": {"vulnId": "CVE-2023-7325", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:43:10+00:00"}, "gcve": {"object_uuid": "3d483c3f-74ac-468f-b3fc-f75a013535ea", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:43:10+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:43:10+00:00"}, "scope": {"notes": "KEVIntel entry: Mingyu Operations and Maintenance Audit and Risk Control System xmlrpc.sock SSRF | Affected: Anheng Information (Hangzhou DBAPP Security Information Technology Co., Ltd.) / Mingyu Operations and Maintenance Audit and Risk Control System | CVSS: 9.3 (CRITICAL) | EPSS: 0.00338 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-7325", "url": "https://www.cve.org/CVERecord?id=CVE-2023-7325"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-7325"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Mingyu Operations and Maintenance Audit and Risk Control System xmlrpc.sock SSRF", "vendor": "Anheng Information (Hangzhou DBAPP Security Information Technology Co., Ltd.)", "product": "Mingyu Operations and Maintenance Audit and Risk Control System", "added_date": "2026-06-01T10:43:10.889Z", "cvss_score": 9.3, "epss_score": 0.00338, "cvss_severity": "CRITICAL", "epss_percentile": 0.25466, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "91be62ac-b77a-4cc2-9e61-4b4dddc58663", "vulnerability": {"vulnId": "CVE-2025-6204", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:43:05+00:00"}, "gcve": {"object_uuid": "91be62ac-b77a-4cc2-9e61-4b4dddc58663", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:43:05+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:43:05+00:00"}, "scope": {"notes": "KEVIntel entry: Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 | Affected: Dassault Syst\u00e8mes / DELMIA Apriso | CVSS: 8.0 (HIGH) | EPSS: 0.75306 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-6204", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6204"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-6204"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025", "vendor": "Dassault Syst\u00e8mes", "product": "DELMIA Apriso", "added_date": "2026-06-01T10:43:05.088Z", "cvss_score": 8.0, "epss_score": 0.75306, "cvss_severity": "HIGH", "epss_percentile": 0.99453, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a9bcc20d-8afb-4655-bdde-f4f10bec83e7", "vulnerability": {"vulnId": "CVE-2025-59287", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:42:54+00:00"}, "gcve": {"object_uuid": "a9bcc20d-8afb-4655-bdde-f4f10bec83e7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:42:54+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:42:54+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Server Update Service (WSUS) Remote Code Execution Vulnerability | Affected: Microsoft / Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 9.8 (CRITICAL) | EPSS: 0.99962 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-59287", "url": "https://www.cve.org/CVERecord?id=CVE-2025-59287"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-59287"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Server Update Service (WSUS) Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2026-06-01T10:42:54.681Z", "cvss_score": 9.8, "epss_score": 0.99962, "cvss_severity": "CRITICAL", "epss_percentile": 0.99976, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3479a804-a0f0-48dd-8632-e11c3e218a71", "vulnerability": {"vulnId": "CVE-2025-54236", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:42:53+00:00"}, "gcve": {"object_uuid": "3479a804-a0f0-48dd-8632-e11c3e218a71", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:42:53+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:42:53+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe Commerce | Improper Input Validation (CWE-20) | Affected: Adobe / Adobe Commerce | CVSS: 9.1 (CRITICAL) | EPSS: 0.96742 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-54236", "url": "https://www.cve.org/CVERecord?id=CVE-2025-54236"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-54236"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe Commerce | Improper Input Validation (CWE-20)", "vendor": "Adobe", "product": "Adobe Commerce", "added_date": "2026-06-01T10:42:53.943Z", "cvss_score": 9.1, "epss_score": 0.96742, "cvss_severity": "CRITICAL", "epss_percentile": 0.99879, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "85e0e0ef-d425-4b2b-8009-016b9bea656e", "vulnerability": {"vulnId": "CVE-2025-61932", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:42:47+00:00"}, "gcve": {"object_uuid": "85e0e0ef-d425-4b2b-8009-016b9bea656e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:42:47+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:42:47+00:00"}, "scope": {"notes": "KEVIntel entry: Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests,... | Affected: MOTEX Inc. / Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) | CVSS: 9.3 (CRITICAL) | EPSS: 0.02689 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-61932", "url": "https://www.cve.org/CVERecord?id=CVE-2025-61932"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-61932"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests,...", "vendor": "MOTEX Inc.", "product": "Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA))", "added_date": "2026-06-01T10:42:47.391Z", "cvss_score": 9.3, "epss_score": 0.02689, "cvss_severity": "CRITICAL", "epss_percentile": 0.8393, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "89db0583-27f0-488f-8c79-cc9aa83d3081", "vulnerability": {"vulnId": "CVE-2024-58274", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:42:46+00:00"}, "gcve": {"object_uuid": "89db0583-27f0-488f-8c79-cc9aa83d3081", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:42:46+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:42:46+00:00"}, "scope": {"notes": "KEVIntel entry: Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2024-08-01 allows execution of a command within $( ) in... | Affected: Hikvision / CSMP iSecure Center | CVSS: 8.3 (HIGH) | EPSS: 0.16093 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-58274", "url": "https://www.cve.org/CVERecord?id=CVE-2024-58274"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-58274"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2024-08-01 allows execution of a command within $( ) in...", "vendor": "Hikvision", "product": "CSMP iSecure Center", "added_date": "2026-06-01T10:42:46.061Z", "cvss_score": 8.3, "epss_score": 0.16093, "cvss_severity": "HIGH", "epss_percentile": 0.96509, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "99a5c9a2-997e-47e0-9faa-408f729e9ede", "vulnerability": {"vulnId": "CVE-2016-15048", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:42:45+00:00"}, "gcve": {"object_uuid": "99a5c9a2-997e-47e0-9faa-408f729e9ede", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:42:45+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:42:45+00:00"}, "scope": {"notes": "KEVIntel entry: AMTT HiBOS Command Injection RCE via server_ping.php | Affected: Anmei Century (Beijing) Technology Co., Ltd. / Hotel Broadband Operation System (HiBOS) | CVSS: 10.0 (CRITICAL) | EPSS: 0.06562 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2016-15048", "url": "https://www.cve.org/CVERecord?id=CVE-2016-15048"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-15048"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "AMTT HiBOS Command Injection RCE via server_ping.php", "vendor": "Anmei Century (Beijing) Technology Co., Ltd.", "product": "Hotel Broadband Operation System (HiBOS)", "added_date": "2026-06-01T10:42:45.689Z", "cvss_score": 10.0, "epss_score": 0.06562, "cvss_severity": "CRITICAL", "epss_percentile": 0.92952, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "d72dbe6a-2a63-45cf-8f72-e5facbc95f31", "vulnerability": {"vulnId": "CVE-2023-53691", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:42:45+00:00"}, "gcve": {"object_uuid": "d72dbe6a-2a63-45cf-8f72-e5facbc95f31", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:42:45+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:42:45+00:00"}, "scope": {"notes": "KEVIntel entry: Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2023-06-25 allows file upload via /center/api/files directory... | Affected: Hikvision / CSMP iSecure Center | CVSS: 8.3 (HIGH) | EPSS: 0.01072 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-53691", "url": "https://www.cve.org/CVERecord?id=CVE-2023-53691"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-53691"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2023-06-25 allows file upload via /center/api/files directory...", "vendor": "Hikvision", "product": "CSMP iSecure Center", "added_date": "2026-06-01T10:42:45.843Z", "cvss_score": 8.3, "epss_score": 0.01072, "cvss_severity": "HIGH", "epss_percentile": 0.60533, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "f2399f54-33dd-42b1-a8e5-586940bbc80b", "vulnerability": {"vulnId": "CVE-2025-33073", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:42:30+00:00"}, "gcve": {"object_uuid": "f2399f54-33dd-42b1-a8e5-586940bbc80b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:42:30+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:42:30+00:00"}, "scope": {"notes": "KEVIntel entry: Windows SMB Client Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 8.8 (HIGH) | EPSS: 0.64315 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-33073", "url": "https://www.cve.org/CVERecord?id=CVE-2025-33073"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-33073"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows SMB Client Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2026-06-01T10:42:30.561Z", "cvss_score": 8.8, "epss_score": 0.64315, "cvss_severity": "HIGH", "epss_percentile": 0.9913, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e233a60f-fb88-4b35-bd45-81d5c416f239", "vulnerability": {"vulnId": "CVE-2025-2746", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:42:30+00:00"}, "gcve": {"object_uuid": "e233a60f-fb88-4b35-bd45-81d5c416f239", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:42:30+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:42:30+00:00"}, "scope": {"notes": "KEVIntel entry: Kentico Xperience <= 13.0.172 Staging Sync Server Digest Password Authentication Bypass | Affected: Kentico / Xperience | CVSS: 9.8 (CRITICAL) | EPSS: 0.57992 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-2746", "url": "https://www.cve.org/CVERecord?id=CVE-2025-2746"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-2746"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Kentico Xperience <= 13.0.172 Staging Sync Server Digest Password Authentication Bypass", "vendor": "Kentico", "product": "Xperience", "added_date": "2026-06-01T10:42:30.527Z", "cvss_score": 9.8, "epss_score": 0.57992, "cvss_severity": "CRITICAL", "epss_percentile": 0.9897, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0abcaaa6-ee1b-41db-903d-969e73f49fce", "vulnerability": {"vulnId": "CVE-2025-2747", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:42:30+00:00"}, "gcve": {"object_uuid": "0abcaaa6-ee1b-41db-903d-969e73f49fce", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:42:30+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:42:30+00:00"}, "scope": {"notes": "KEVIntel entry: Kentico Xperience <= 13.0.178 Staging Sync Server None Password Type Authentication Bypass | Affected: Kentico / Xperience | CVSS: 9.8 (CRITICAL) | EPSS: 0.91284 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-2747", "url": "https://www.cve.org/CVERecord?id=CVE-2025-2747"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-2747"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Kentico Xperience <= 13.0.178 Staging Sync Server None Password Type Authentication Bypass", "vendor": "Kentico", "product": "Xperience", "added_date": "2026-06-01T10:42:30.542Z", "cvss_score": 9.8, "epss_score": 0.91284, "cvss_severity": "CRITICAL", "epss_percentile": 0.99796, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c71e87d2-5faa-4cf4-ad52-73b88c8d93b3", "vulnerability": {"vulnId": "CVE-2022-48503", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:42:30+00:00"}, "gcve": {"object_uuid": "c71e87d2-5faa-4cf4-ad52-73b88c8d93b3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:42:30+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:42:30+00:00"}, "scope": {"notes": "KEVIntel entry: The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5,... | Affected: Apple / macOS, tvOS, Safari, watchOS, iOS and iPadOS | CVSS: 8.8 (HIGH) | EPSS: 0.02879 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-48503", "url": "https://www.cve.org/CVERecord?id=CVE-2022-48503"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-48503"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5,...", "vendor": "Apple", "product": "macOS, tvOS, Safari, watchOS, iOS and iPadOS", "added_date": "2026-06-01T10:42:30.268Z", "cvss_score": 8.8, "epss_score": 0.02879, "cvss_severity": "HIGH", "epss_percentile": 0.85026, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f1d5564a-7087-494b-bbbf-444204686384", "vulnerability": {"vulnId": "CVE-2018-25118", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:42:30+00:00"}, "gcve": {"object_uuid": "f1d5564a-7087-494b-bbbf-444204686384", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:42:30+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:42:30+00:00"}, "scope": {"notes": "KEVIntel entry: GeoVision Command Injection RCE via /PictureCatch.cgi | Affected: GeoVision Inc. / GV-BX1500, GV-MFD1501, GeoVision embedded IP devices | CVSS: 10.0 (CRITICAL) | EPSS: 0.01318 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-25118", "url": "https://www.cve.org/CVERecord?id=CVE-2018-25118"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-25118"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "GeoVision Command Injection RCE via /PictureCatch.cgi", "vendor": "GeoVision Inc.", "product": "GV-BX1500, GV-MFD1501, GeoVision embedded IP devices", "added_date": "2026-06-01T10:42:30.164Z", "cvss_score": 10.0, "epss_score": 0.01318, "cvss_severity": "CRITICAL", "epss_percentile": 0.67109, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "6ed71c4b-f3a5-4921-94ba-52aba2b088a6", "vulnerability": {"vulnId": "CVE-2017-20206", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:42:26+00:00"}, "gcve": {"object_uuid": "6ed71c4b-f3a5-4921-94ba-52aba2b088a6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:42:26+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:42:26+00:00"}, "scope": {"notes": "KEVIntel entry: Appointments <= 2.2.1 - Unauthenticated PHP Object Injection | Affected: wpmudev / Appointments | CVSS: 9.8 (CRITICAL) | EPSS: 0.0067 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2017-20206", "url": "https://www.cve.org/CVERecord?id=CVE-2017-20206"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-20206"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Appointments <= 2.2.1 - Unauthenticated PHP Object Injection", "vendor": "wpmudev", "product": "Appointments", "added_date": "2026-06-01T10:42:26.109Z", "cvss_score": 9.8, "epss_score": 0.0067, "cvss_severity": "CRITICAL", "epss_percentile": 0.47115, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "1f2fdc23-5ae6-495e-8a5e-5912d9b00d36", "vulnerability": {"vulnId": "CVE-2017-20207", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:42:26+00:00"}, "gcve": {"object_uuid": "1f2fdc23-5ae6-495e-8a5e-5912d9b00d36", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:42:26+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:42:26+00:00"}, "scope": {"notes": "KEVIntel entry: Flickr Gallery <= 1.5.2 - Unauthenticated PHP Object Injection | Affected: Dan Coulter / Flickr Gallery | CVSS: 9.8 (CRITICAL) | EPSS: 0.0067 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2017-20207", "url": "https://www.cve.org/CVERecord?id=CVE-2017-20207"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-20207"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Flickr Gallery <= 1.5.2 - Unauthenticated PHP Object Injection", "vendor": "Dan Coulter", "product": "Flickr Gallery", "added_date": "2026-06-01T10:42:26.138Z", "cvss_score": 9.8, "epss_score": 0.0067, "cvss_severity": "CRITICAL", "epss_percentile": 0.47116, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "eb377fae-65a2-40e3-a620-f47e4ea39bf0", "vulnerability": {"vulnId": "CVE-2025-61884", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:42:20+00:00"}, "gcve": {"object_uuid": "eb377fae-65a2-40e3-a620-f47e4ea39bf0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:42:20+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:42:20+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI).  Supported versions that are affected are... | Affected: Oracle Corporation / Oracle Configurator | CVSS: 7.5 (HIGH) | EPSS: 0.97582 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-61884", "url": "https://www.cve.org/CVERecord?id=CVE-2025-61884"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-61884"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI).  Supported versions that are affected are...", "vendor": "Oracle Corporation", "product": "Oracle Configurator", "added_date": "2026-06-01T10:42:20.696Z", "cvss_score": 7.5, "epss_score": 0.97582, "cvss_severity": "HIGH", "epss_percentile": 0.99894, "used_in_malware": "yes", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e7ed63d6-3ef2-4ddc-8725-9a95b4611b10", "vulnerability": {"vulnId": "CVE-2025-54253", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:42:16+00:00"}, "gcve": {"object_uuid": "e7ed63d6-3ef2-4ddc-8725-9a95b4611b10", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:42:16+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:42:16+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe Experience Manager | Incorrect Authorization (CWE-863) | Affected: Adobe / Adobe Experience Manager | CVSS: 10.0 (CRITICAL) | EPSS: 0.89824 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-54253", "url": "https://www.cve.org/CVERecord?id=CVE-2025-54253"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-54253"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe Experience Manager | Incorrect Authorization (CWE-863)", "vendor": "Adobe", "product": "Adobe Experience Manager", "added_date": "2026-06-01T10:42:16.439Z", "cvss_score": 10.0, "epss_score": 0.89824, "cvss_severity": "CRITICAL", "epss_percentile": 0.99775, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a08d13e0-590f-49f8-b56c-e3f8090a5813", "vulnerability": {"vulnId": "CVE-2011-10033", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:42:14+00:00"}, "gcve": {"object_uuid": "a08d13e0-590f-49f8-b56c-e3f8090a5813", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:42:14+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:42:14+00:00"}, "scope": {"notes": "KEVIntel entry: WordPress Plugin is-human <= v1.4.2 Eval Injection RCE | Affected: is-human WordPress Plugin / is-human WordPress Plugin | CVSS: 9.3 (CRITICAL) | EPSS: 0.00436 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2011-10033", "url": "https://www.cve.org/CVERecord?id=CVE-2011-10033"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2011-10033"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WordPress Plugin is-human <= v1.4.2 Eval Injection RCE", "vendor": "is-human WordPress Plugin", "product": "is-human WordPress Plugin", "added_date": "2026-06-01T10:42:14.248Z", "cvss_score": 9.3, "epss_score": 0.00436, "cvss_severity": "CRITICAL", "epss_percentile": 0.34734, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "c6e1998c-27ff-4126-8982-b1f5a73f39ee", "vulnerability": {"vulnId": "CVE-2025-6264", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:42:11+00:00"}, "gcve": {"object_uuid": "c6e1998c-27ff-4126-8982-b1f5a73f39ee", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:42:11+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:42:11+00:00"}, "scope": {"notes": "KEVIntel entry: Velociraptor priviledge escalation via UpdateConfig artifact | Affected: Rapid7 / Velociraptor | CVSS: 5.5 (MEDIUM) | EPSS: 0.00963 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-6264", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6264"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-6264"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Velociraptor priviledge escalation via UpdateConfig artifact", "vendor": "Rapid7", "product": "Velociraptor", "added_date": "2026-06-01T10:42:11.831Z", "cvss_score": 5.5, "epss_score": 0.00963, "cvss_severity": "MEDIUM", "epss_percentile": 0.57016, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "0425117e-368e-4d6a-9382-cd0a27773ae5", "vulnerability": {"vulnId": "CVE-2025-59230", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:42:11+00:00"}, "gcve": {"object_uuid": "0425117e-368e-4d6a-9382-cd0a27773ae5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:42:11+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:42:11+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows 11 Version 25H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 7.8 (HIGH) | EPSS: 0.02615 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-59230", "url": "https://www.cve.org/CVERecord?id=CVE-2025-59230"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-59230"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Remote Access Connection Manager Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows 11 Version 25H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2026-06-01T10:42:11.329Z", "cvss_score": 7.8, "epss_score": 0.02615, "cvss_severity": "HIGH", "epss_percentile": 0.83429, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b6cf1183-79f3-407b-a499-4a85e1ba6bf1", "vulnerability": {"vulnId": "CVE-2025-47827", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:42:10+00:00"}, "gcve": {"object_uuid": "b6cf1183-79f3-407b-a499-4a85e1ba6bf1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:42:10+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:42:10+00:00"}, "scope": {"notes": "KEVIntel entry: In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a... | Affected: IGEL Technology / IGEL OS | CVSS: 4.6 (MEDIUM) | EPSS: 0.03528 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-47827", "url": "https://www.cve.org/CVERecord?id=CVE-2025-47827"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-47827"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a...", "vendor": "IGEL Technology", "product": "IGEL OS", "added_date": "2026-06-01T10:42:10.399Z", "cvss_score": 4.6, "epss_score": 0.03528, "cvss_severity": "MEDIUM", "epss_percentile": 0.87747, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "65b499bb-2ffe-4959-b952-6e22f5704a44", "vulnerability": {"vulnId": "CVE-2025-24990", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:42:09+00:00"}, "gcve": {"object_uuid": "65b499bb-2ffe-4959-b952-6e22f5704a44", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:42:09+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:42:09+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Agere Modem Driver Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows 11 Version 25H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 7.8 (HIGH) | EPSS: 0.05793 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-24990", "url": "https://www.cve.org/CVERecord?id=CVE-2025-24990"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-24990"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Agere Modem Driver Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows 11 Version 25H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2026-06-01T10:42:09.927Z", "cvss_score": 7.8, "epss_score": 0.05793, "cvss_severity": "HIGH", "epss_percentile": 0.92138, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "22f12f37-70c2-48e9-a509-74924624c7a9", "vulnerability": {"vulnId": "CVE-2016-7836", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:42:08+00:00"}, "gcve": {"object_uuid": "22f12f37-70c2-48e9-a509-74924624c7a9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:42:08+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:42:08+00:00"}, "scope": {"notes": "KEVIntel entry: SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the... | Affected: Sky Co., LTD. / SKYSEA Client View | CVSS: 9.8 (CRITICAL) | EPSS: 0.1938 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-7836", "url": "https://www.cve.org/CVERecord?id=CVE-2016-7836"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-7836"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the...", "vendor": "Sky Co., LTD.", "product": "SKYSEA Client View", "added_date": "2026-06-01T10:42:08.181Z", "cvss_score": 9.8, "epss_score": 0.1938, "cvss_severity": "CRITICAL", "epss_percentile": 0.97009, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "161c82ac-aeb8-49df-8648-8f12570caed4", "vulnerability": {"vulnId": "CVE-2021-43798", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:41:56+00:00"}, "gcve": {"object_uuid": "161c82ac-aeb8-49df-8648-8f12570caed4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:41:56+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:41:56+00:00"}, "scope": {"notes": "KEVIntel entry: Grafana path traversal | Affected: grafana / grafana | CVSS: 7.5 (HIGH) | EPSS: 0.88849 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-43798", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43798"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-43798"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Grafana path traversal", "vendor": "grafana", "product": "grafana", "added_date": "2026-06-01T10:41:56.485Z", "cvss_score": 7.5, "epss_score": 0.88849, "cvss_severity": "HIGH", "epss_percentile": 0.99758, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "76bdb6ff-b6a3-4f57-a29b-3da1f7145d2f", "vulnerability": {"vulnId": "CVE-2025-27915", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:41:51+00:00"}, "gcve": {"object_uuid": "76bdb6ff-b6a3-4f57-a29b-3da1f7145d2f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:41:51+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:41:51+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the... | Affected: Zimbra / Zimbra Collaboration (ZCS) | CVSS: 5.4 (MEDIUM) | EPSS: 0.04241 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-27915", "url": "https://www.cve.org/CVERecord?id=CVE-2025-27915"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-27915"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the...", "vendor": "Zimbra", "product": "Zimbra Collaboration (ZCS)", "added_date": "2026-06-01T10:41:51.425Z", "cvss_score": 5.4, "epss_score": 0.04241, "cvss_severity": "MEDIUM", "epss_percentile": 0.8975, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "002bf58c-dafa-4918-9d5e-16290292328f", "vulnerability": {"vulnId": "CVE-2021-43226", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:41:42+00:00"}, "gcve": {"object_uuid": "002bf58c-dafa-4918-9d5e-16290292328f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:41:42+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:41:42+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Common Log File System Driver Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.8 (HIGH) | EPSS: 0.03072 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-43226", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43226"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-43226"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2026-06-01T10:41:42.845Z", "cvss_score": 7.8, "epss_score": 0.03072, "cvss_severity": "HIGH", "epss_percentile": 0.85949, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3c0e7899-8b97-4308-b5c9-71f739bb1736", "vulnerability": {"vulnId": "CVE-2021-22555", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:41:42+00:00"}, "gcve": {"object_uuid": "3c0e7899-8b97-4308-b5c9-71f739bb1736", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:41:42+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:41:42+00:00"}, "scope": {"notes": "KEVIntel entry: Heap Out-Of-Bounds Write in Netfilter IP6T_SO_SET_REPLACE | Affected: Linux / Linux Kernel | CVSS: 8.3 (HIGH) | EPSS: 0.78684 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-22555", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22555"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-22555"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Heap Out-Of-Bounds Write in Netfilter IP6T_SO_SET_REPLACE", "vendor": "Linux", "product": "Linux Kernel", "added_date": "2026-06-01T10:41:42.825Z", "cvss_score": 8.3, "epss_score": 0.78684, "cvss_severity": "HIGH", "epss_percentile": 0.99536, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "386f2c7d-3fa2-4b1e-8205-225617fcc137", "vulnerability": {"vulnId": "CVE-2014-6278", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:41:37+00:00"}, "gcve": {"object_uuid": "386f2c7d-3fa2-4b1e-8205-225617fcc137", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:41:37+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:41:37+00:00"}, "scope": {"notes": "KEVIntel entry: GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers... | Affected: GNU / Bash | CVSS: 8.8 (HIGH) | EPSS: 0.99621 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2014-6278", "url": "https://www.cve.org/CVERecord?id=CVE-2014-6278"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-6278"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers...", "vendor": "GNU", "product": "Bash", "added_date": "2026-06-01T10:41:37.382Z", "cvss_score": 8.8, "epss_score": 0.99621, "cvss_severity": "HIGH", "epss_percentile": 0.99946, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "492a9b6f-180c-4fc1-ae79-adfc4c5c59e2", "vulnerability": {"vulnId": "CVE-2025-21043", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:41:37+00:00"}, "gcve": {"object_uuid": "492a9b6f-180c-4fc1-ae79-adfc4c5c59e2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:41:37+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:41:37+00:00"}, "scope": {"notes": "KEVIntel entry: Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code. | Affected: Samsung Mobile / Samsung Mobile Devices | CVSS: 8.8 (HIGH) | EPSS: 0.01435 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-21043", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21043"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-21043"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code.", "vendor": "Samsung Mobile", "product": "Samsung Mobile Devices", "added_date": "2026-06-01T10:41:37.610Z", "cvss_score": 8.8, "epss_score": 0.01435, "cvss_severity": "HIGH", "epss_percentile": 0.69647, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "12f80f4c-1513-4651-a109-62ef330c6554", "vulnerability": {"vulnId": "CVE-2017-1000353", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:41:37+00:00"}, "gcve": {"object_uuid": "12f80f4c-1513-4651-a109-62ef330c6554", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:41:37+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:41:37+00:00"}, "scope": {"notes": "KEVIntel entry: Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated... | Affected: Jenkins / Jenkins | CVSS: 9.8 (CRITICAL) | EPSS: 0.99686 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-1000353", "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000353"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-1000353"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated...", "vendor": "Jenkins", "product": "Jenkins", "added_date": "2026-06-01T10:41:37.417Z", "cvss_score": 9.8, "epss_score": 0.99686, "cvss_severity": "CRITICAL", "epss_percentile": 0.99949, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2e4b5466-ca3a-4b1a-896b-de35875e849a", "vulnerability": {"vulnId": "CVE-2025-4008", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:41:37+00:00"}, "gcve": {"object_uuid": "2e4b5466-ca3a-4b1a-896b-de35875e849a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:41:37+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:41:37+00:00"}, "scope": {"notes": "KEVIntel entry: Arbitrary Command Injection in Smartbedded MeteoBridge | Affected: Smartbedded / MeteoBridge | CVSS: 8.7 (HIGH) | EPSS: 0.93864 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-4008", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4008"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-4008"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Arbitrary Command Injection in Smartbedded MeteoBridge", "vendor": "Smartbedded", "product": "MeteoBridge", "added_date": "2026-06-01T10:41:37.811Z", "cvss_score": 8.7, "epss_score": 0.93864, "cvss_severity": "HIGH", "epss_percentile": 0.99832, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8d49e3e3-753a-4f3c-9caa-d7b6a5c7c937", "vulnerability": {"vulnId": "CVE-2015-7755", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:41:37+00:00"}, "gcve": {"object_uuid": "8d49e3e3-753a-4f3c-9caa-d7b6a5c7c937", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:41:37+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:41:37+00:00"}, "scope": {"notes": "KEVIntel entry: Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before... | Affected: Juniper Networks / ScreenOS | CVSS: 9.8 (CRITICAL) | EPSS: 0.614 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-7755", "url": "https://www.cve.org/CVERecord?id=CVE-2015-7755"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-7755"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before...", "vendor": "Juniper Networks", "product": "ScreenOS", "added_date": "2026-06-01T10:41:37.403Z", "cvss_score": 9.8, "epss_score": 0.614, "cvss_severity": "CRITICAL", "epss_percentile": 0.99052, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4a357b57-b686-4ff1-8e0e-2c53f40e2dec", "vulnerability": {"vulnId": "CVE-2025-59689", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:41:17+00:00"}, "gcve": {"object_uuid": "4a357b57-b686-4ff1-8e0e-2c53f40e2dec", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:41:17+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:41:17+00:00"}, "scope": {"notes": "KEVIntel entry: Libraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail attachment. For ESG 5.0 a fix has been released in... | Affected: Libraesva / Email Security Gateway | CVSS: 6.1 (MEDIUM) | EPSS: 0.01929 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-59689", "url": "https://www.cve.org/CVERecord?id=CVE-2025-59689"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-59689"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Libraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail attachment. For ESG 5.0 a fix has been released in...", "vendor": "Libraesva", "product": "Email Security Gateway", "added_date": "2026-06-01T10:41:17.159Z", "cvss_score": 6.1, "epss_score": 0.01929, "cvss_severity": "MEDIUM", "epss_percentile": 0.77348, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cdefdd88-2cfb-4a6d-999f-50ca3ff7d0ce", "vulnerability": {"vulnId": "CVE-2025-20352", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:41:17+00:00"}, "gcve": {"object_uuid": "cdefdd88-2cfb-4a6d-999f-50ca3ff7d0ce", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:41:17+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:41:17+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the... | Affected: Cisco / IOS, Cisco IOS XE Software, Cisco IOS XE Catalyst SD-WAN | CVSS: 7.7 (HIGH) | EPSS: 0.37613 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-20352", "url": "https://www.cve.org/CVERecord?id=CVE-2025-20352"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-20352"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the...", "vendor": "Cisco", "product": "IOS, Cisco IOS XE Software, Cisco IOS XE Catalyst SD-WAN", "added_date": "2026-06-01T10:41:17.122Z", "cvss_score": 7.7, "epss_score": 0.37613, "cvss_severity": "HIGH", "epss_percentile": 0.98349, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "617b9246-886b-4946-b278-1501fa254e8e", "vulnerability": {"vulnId": "CVE-2025-32463", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:41:17+00:00"}, "gcve": {"object_uuid": "617b9246-886b-4946-b278-1501fa254e8e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:41:17+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:41:17+00:00"}, "scope": {"notes": "KEVIntel entry: Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot... | Affected: Sudo project / Sudo | CVSS: 9.3 (CRITICAL) | EPSS: 0.48008 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-32463", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32463"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-32463"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot...", "vendor": "Sudo project", "product": "Sudo", "added_date": "2026-06-01T10:41:17.141Z", "cvss_score": 9.3, "epss_score": 0.48008, "cvss_severity": "CRITICAL", "epss_percentile": 0.98708, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "32d22b9d-1a82-4de6-85a4-32f895a68267", "vulnerability": {"vulnId": "CVE-2021-21311", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:41:16+00:00"}, "gcve": {"object_uuid": "32d22b9d-1a82-4de6-85a4-32f895a68267", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:41:16+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:41:16+00:00"}, "scope": {"notes": "KEVIntel entry: SSRF in adminer | Affected: vrana / adminer | CVSS: 7.2 (HIGH) | EPSS: 0.90461 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-21311", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21311"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-21311"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SSRF in adminer", "vendor": "vrana", "product": "adminer", "added_date": "2026-06-01T10:41:16.891Z", "cvss_score": 7.2, "epss_score": 0.90461, "cvss_severity": "HIGH", "epss_percentile": 0.99788, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0c397bca-f40c-44ea-9642-3f1610306337", "vulnerability": {"vulnId": "CVE-2025-10035", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:41:16+00:00"}, "gcve": {"object_uuid": "0c397bca-f40c-44ea-9642-3f1610306337", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:41:16+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:41:16+00:00"}, "scope": {"notes": "KEVIntel entry: Deserialization Vulnerability in GoAnywhere MFT's License Servlet | Affected: Fortra / GoAnywhere MFT | CVSS: 10.0 (CRITICAL) | EPSS: 0.99614 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-10035", "url": "https://www.cve.org/CVERecord?id=CVE-2025-10035"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-10035"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Deserialization Vulnerability in GoAnywhere MFT's License Servlet", "vendor": "Fortra", "product": "GoAnywhere MFT", "added_date": "2026-06-01T10:41:16.918Z", "cvss_score": 10.0, "epss_score": 0.99614, "cvss_severity": "CRITICAL", "epss_percentile": 0.99944, "used_in_malware": "yes", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a8737f3a-ce50-44f3-ad40-3a1c997491da", "vulnerability": {"vulnId": "CVE-2025-20333", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:41:10+00:00"}, "gcve": {"object_uuid": "a8737f3a-ce50-44f3-ad40-3a1c997491da", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:41:10+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:41:10+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense... | Affected: Cisco / Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software | CVSS: 9.9 (CRITICAL) | EPSS: 0.29197 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-20333", "url": "https://www.cve.org/CVERecord?id=CVE-2025-20333"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-20333"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense...", "vendor": "Cisco", "product": "Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software", "added_date": "2026-06-01T10:41:10.527Z", "cvss_score": 9.9, "epss_score": 0.29197, "cvss_severity": "CRITICAL", "epss_percentile": 0.97926, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "068b37ac-f41a-4a87-a87e-2ba520b58f77", "vulnerability": {"vulnId": "CVE-2025-20362", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:41:10+00:00"}, "gcve": {"object_uuid": "068b37ac-f41a-4a87-a87e-2ba520b58f77", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:41:10+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:41:10+00:00"}, "scope": {"notes": "KEVIntel entry: Update: On November 5, 2025, Cisco became aware of a new attack variant against devices running Cisco Secure ASA Software or Cisco Secure FTD... | Affected: Cisco / Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software | CVSS: 6.5 (MEDIUM) | EPSS: 0.83681 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-20362", "url": "https://www.cve.org/CVERecord?id=CVE-2025-20362"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-20362"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Update: On November 5, 2025, Cisco became aware of a new attack variant against devices running Cisco Secure ASA Software or Cisco Secure FTD...", "vendor": "Cisco", "product": "Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software", "added_date": "2026-06-01T10:41:10.568Z", "cvss_score": 6.5, "epss_score": 0.83681, "cvss_severity": "MEDIUM", "epss_percentile": 0.99654, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6573e576-69a6-4220-9056-5fc202654b93", "vulnerability": {"vulnId": "CVE-2025-10585", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:41:06+00:00"}, "gcve": {"object_uuid": "6573e576-69a6-4220-9056-5fc202654b93", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:41:06+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:41:06+00:00"}, "scope": {"notes": "KEVIntel entry: Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML... | Affected: Google / Chrome | CVSS: 9.8 (CRITICAL) | EPSS: 0.05299 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-10585", "url": "https://www.cve.org/CVERecord?id=CVE-2025-10585"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-10585"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...", "vendor": "Google", "product": "Chrome", "added_date": "2026-06-01T10:41:06.791Z", "cvss_score": 9.8, "epss_score": 0.05299, "cvss_severity": "CRITICAL", "epss_percentile": 0.91532, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ef2259f3-94cd-4f20-a353-bd36eab1ff0a", "vulnerability": {"vulnId": "CVE-2022-4980", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:40:52+00:00"}, "gcve": {"object_uuid": "ef2259f3-94cd-4f20-a353-bd36eab1ff0a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:40:52+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:40:52+00:00"}, "scope": {"notes": "KEVIntel entry: General Bytes Crypto Application Server (CAS) Unauthenticated Creation of Admin Account via Default-installation/First-admin Page | Affected: General Bytes / Crypto Application Server (CAS) | CVSS: 9.3 (CRITICAL) | EPSS: 0.00806 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-4980", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4980"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-4980"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "General Bytes Crypto Application Server (CAS) Unauthenticated Creation of Admin Account via Default-installation/First-admin Page", "vendor": "General Bytes", "product": "Crypto Application Server (CAS)", "added_date": "2026-06-01T10:40:52.140Z", "cvss_score": 9.3, "epss_score": 0.00806, "cvss_severity": "CRITICAL", "epss_percentile": 0.51996, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a5750d90-9892-4e4d-9ef9-3533afb79490", "vulnerability": {"vulnId": "CVE-2025-5086", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:40:27+00:00"}, "gcve": {"object_uuid": "a5750d90-9892-4e4d-9ef9-3533afb79490", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:40:27+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:40:27+00:00"}, "scope": {"notes": "KEVIntel entry: Deserialization of Untrusted Data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 | Affected: Dassault Syst\u00e8mes / DELMIA Apriso | CVSS: 9.0 (CRITICAL) | EPSS: 0.88429 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-5086", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5086"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-5086"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Deserialization of Untrusted Data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025", "vendor": "Dassault Syst\u00e8mes", "product": "DELMIA Apriso", "added_date": "2026-06-01T10:40:27.301Z", "cvss_score": 9.0, "epss_score": 0.88429, "cvss_severity": "CRITICAL", "epss_percentile": 0.99751, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a3372af6-a32b-4332-b3ec-5861afb03920", "vulnerability": {"vulnId": "CVE-2025-53690", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:40:06+00:00"}, "gcve": {"object_uuid": "a3372af6-a32b-4332-b3ec-5861afb03920", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:40:06+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:40:06+00:00"}, "scope": {"notes": "KEVIntel entry: Sitecore Products ViewState Deserialization Vulnerability | Affected: Sitecore / Experience Manager (XM), Experience Platform (XP) | CVSS: 9.0 (CRITICAL) | EPSS: 0.26308 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-53690", "url": "https://www.cve.org/CVERecord?id=CVE-2025-53690"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-53690"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Sitecore Products ViewState Deserialization Vulnerability", "vendor": "Sitecore", "product": "Experience Manager (XM), Experience Platform (XP)", "added_date": "2026-06-01T10:40:06.074Z", "cvss_score": 9.0, "epss_score": 0.26308, "cvss_severity": "CRITICAL", "epss_percentile": 0.97743, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b6d34d7c-6ea0-428d-b9d8-7acecfbd5a7c", "vulnerability": {"vulnId": "CVE-2025-48543", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:40:05+00:00"}, "gcve": {"object_uuid": "b6d34d7c-6ea0-428d-b9d8-7acecfbd5a7c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:40:05+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:40:05+00:00"}, "scope": {"notes": "KEVIntel entry: In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free. This could lead to... | Affected: Google / Android | CVSS: 8.8 (HIGH) | EPSS: 0.00545 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-48543", "url": "https://www.cve.org/CVERecord?id=CVE-2025-48543"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-48543"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free. This could lead to...", "vendor": "Google", "product": "Android", "added_date": "2026-06-01T10:40:05.962Z", "cvss_score": 8.8, "epss_score": 0.00545, "cvss_severity": "HIGH", "epss_percentile": 0.41368, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "46c6a5e1-9e3e-44e4-a952-bd3430db5606", "vulnerability": {"vulnId": "CVE-2025-38352", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:40:05+00:00"}, "gcve": {"object_uuid": "46c6a5e1-9e3e-44e4-a952-bd3430db5606", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:40:05+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:40:05+00:00"}, "scope": {"notes": "KEVIntel entry: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() | Affected: Linux / Linux | CVSS: 7.4 (HIGH) | EPSS: 0.0187 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-38352", "url": "https://www.cve.org/CVERecord?id=CVE-2025-38352"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-38352"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()", "vendor": "Linux", "product": "Linux", "added_date": "2026-06-01T10:40:05.482Z", "cvss_score": 7.4, "epss_score": 0.0187, "cvss_severity": "HIGH", "epss_percentile": 0.7663, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "eab5561e-da30-463b-866f-0fe54b567005", "vulnerability": {"vulnId": "CVE-2025-9377", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:40:02+00:00"}, "gcve": {"object_uuid": "eab5561e-da30-463b-866f-0fe54b567005", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:40:02+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:40:02+00:00"}, "scope": {"notes": "KEVIntel entry: Authenticated RCE via Parental Control command injection | Affected: TP-Link Systems Inc. / Archer C7(EU) V2, TL-WR841N/ND(MS) V9 | CVSS: 8.6 (HIGH) | EPSS: 0.11747 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-9377", "url": "https://www.cve.org/CVERecord?id=CVE-2025-9377"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-9377"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Authenticated RCE via Parental Control command injection", "vendor": "TP-Link Systems Inc.", "product": "Archer C7(EU) V2, TL-WR841N/ND(MS) V9", "added_date": "2026-06-01T10:40:02.944Z", "cvss_score": 8.6, "epss_score": 0.11747, "cvss_severity": "HIGH", "epss_percentile": 0.95536, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "dd2b8c74-e818-4136-9f5a-3bf584d6cb8b", "vulnerability": {"vulnId": "CVE-2023-50224", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:40:01+00:00"}, "gcve": {"object_uuid": "dd2b8c74-e818-4136-9f5a-3bf584d6cb8b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:40:01+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:40:01+00:00"}, "scope": {"notes": "KEVIntel entry: TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability | Affected: TP-Link / TL-WR841N | CVSS: 6.5 (MEDIUM) | EPSS: 0.1745 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-50224", "url": "https://www.cve.org/CVERecord?id=CVE-2023-50224"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-50224"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability", "vendor": "TP-Link", "product": "TL-WR841N", "added_date": "2026-06-01T10:40:01.833Z", "cvss_score": 6.5, "epss_score": 0.1745, "cvss_severity": "MEDIUM", "epss_percentile": 0.96743, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "32f802b5-0302-44dd-a686-83e85e495bf4", "vulnerability": {"vulnId": "CVE-2020-24363", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:39:51+00:00"}, "gcve": {"object_uuid": "32f802b5-0302-44dd-a686-83e85e495bf4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:39:51+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:39:51+00:00"}, "scope": {"notes": "KEVIntel entry: TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a... | Affected: TP-Link / TL-WA855RE | CVSS: 8.8 (HIGH) | EPSS: 0.20689 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-24363", "url": "https://www.cve.org/CVERecord?id=CVE-2020-24363"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-24363"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a...", "vendor": "TP-Link", "product": "TL-WA855RE", "added_date": "2026-06-01T10:39:51.028Z", "cvss_score": 8.8, "epss_score": 0.20689, "cvss_severity": "HIGH", "epss_percentile": 0.97211, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4462d538-551d-4d48-a475-1a3092e228d7", "vulnerability": {"vulnId": "CVE-2025-57819", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:39:48+00:00"}, "gcve": {"object_uuid": "4462d538-551d-4d48-a475-1a3092e228d7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:39:48+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:39:48+00:00"}, "scope": {"notes": "KEVIntel entry: FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE | Affected: FreePBX / endpoint | CVSS: 10.0 (CRITICAL) | EPSS: 0.8736 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-57819", "url": "https://www.cve.org/CVERecord?id=CVE-2025-57819"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-57819"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE", "vendor": "FreePBX", "product": "endpoint", "added_date": "2026-06-01T10:39:48.629Z", "cvss_score": 10.0, "epss_score": 0.8736, "cvss_severity": "CRITICAL", "epss_percentile": 0.9973, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a40f1858-7626-4c32-a928-7a383249e5d2", "vulnerability": {"vulnId": "CVE-2025-55177", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:39:48+00:00"}, "gcve": {"object_uuid": "a40f1858-7626-4c32-a928-7a383249e5d2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:39:48+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:39:48+00:00"}, "scope": {"notes": "KEVIntel entry: Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78,... | Affected: Facebook / WhatsApp Desktop for Mac, WhatsApp Business for iOS, WhatsApp for iOS | CVSS: 5.4 (MEDIUM) | EPSS: 0.04116 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-55177", "url": "https://www.cve.org/CVERecord?id=CVE-2025-55177"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-55177"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78,...", "vendor": "Facebook", "product": "WhatsApp Desktop for Mac, WhatsApp Business for iOS, WhatsApp for iOS", "added_date": "2026-06-01T10:39:48.575Z", "cvss_score": 5.4, "epss_score": 0.04116, "cvss_severity": "MEDIUM", "epss_percentile": 0.89479, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d7612ecf-35c5-4046-bb9d-f4dff245064e", "vulnerability": {"vulnId": "CVE-2025-50983", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:39:41+00:00"}, "gcve": {"object_uuid": "d7612ecf-35c5-4046-bb9d-f4dff245064e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:39:41+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:39:41+00:00"}, "scope": {"notes": "KEVIntel entry: SQL Injection vulnerability exists in the sortKey parameter of the GET /api/v1/wanted/cutoff API endpoint in readarr 0.4.15.2787. The endpoint... | Affected: Readarr / Readarr | CVSS: 8.3 (HIGH) | EPSS: 0.00322 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-50983", "url": "https://www.cve.org/CVERecord?id=CVE-2025-50983"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-50983"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SQL Injection vulnerability exists in the sortKey parameter of the GET /api/v1/wanted/cutoff API endpoint in readarr 0.4.15.2787. The endpoint...", "vendor": "Readarr", "product": "Readarr", "added_date": "2026-06-01T10:39:41.132Z", "cvss_score": 8.3, "epss_score": 0.00322, "cvss_severity": "HIGH", "epss_percentile": 0.23819, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "9ef0392e-20f6-4963-889b-fb34379fc27f", "vulnerability": {"vulnId": "CVE-2025-7775", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:39:36+00:00"}, "gcve": {"object_uuid": "9ef0392e-20f6-4963-889b-fb34379fc27f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:39:36+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:39:36+00:00"}, "scope": {"notes": "KEVIntel entry: Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service | Affected: NetScaler / ADC, Gateway | CVSS: 9.2 (CRITICAL) | EPSS: 0.18973 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-7775", "url": "https://www.cve.org/CVERecord?id=CVE-2025-7775"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-7775"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service", "vendor": "NetScaler", "product": "ADC, Gateway", "added_date": "2026-06-01T10:39:36.518Z", "cvss_score": 9.2, "epss_score": 0.18973, "cvss_severity": "CRITICAL", "epss_percentile": 0.96941, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "bba7586f-330c-42e7-8fc7-e8e4cdec0d52", "vulnerability": {"vulnId": "CVE-2024-8069", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:39:30+00:00"}, "gcve": {"object_uuid": "bba7586f-330c-42e7-8fc7-e8e4cdec0d52", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:39:30+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:39:30+00:00"}, "scope": {"notes": "KEVIntel entry: Limited remote code execution with privilege of a NetworkService Account access | Affected: Citrix Session Recording / Citrix Session Recording | CVSS: 5.1 (MEDIUM) | EPSS: 0.14736 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-8069", "url": "https://www.cve.org/CVERecord?id=CVE-2024-8069"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-8069"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Limited remote code execution with privilege of a NetworkService Account access", "vendor": "Citrix Session Recording", "product": "Citrix Session Recording", "added_date": "2026-06-01T10:39:30.357Z", "cvss_score": 5.1, "epss_score": 0.14736, "cvss_severity": "MEDIUM", "epss_percentile": 0.96244, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "62141457-19f8-4fe4-aaea-52cd4f05fdcb", "vulnerability": {"vulnId": "CVE-2025-48384", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:39:30+00:00"}, "gcve": {"object_uuid": "62141457-19f8-4fe4-aaea-52cd4f05fdcb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:39:30+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:39:30+00:00"}, "scope": {"notes": "KEVIntel entry: Git allows arbitrary code execution through broken config quoting | Affected: git / git | CVSS: 8.0 (HIGH) | EPSS: 0.02775 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-48384", "url": "https://www.cve.org/CVERecord?id=CVE-2025-48384"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-48384"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Git allows arbitrary code execution through broken config quoting", "vendor": "git", "product": "git", "added_date": "2026-06-01T10:39:30.704Z", "cvss_score": 8.0, "epss_score": 0.02775, "cvss_severity": "HIGH", "epss_percentile": 0.84484, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b2610ec5-deb5-46c6-8a8f-3925eb5f275e", "vulnerability": {"vulnId": "CVE-2024-8068", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:39:30+00:00"}, "gcve": {"object_uuid": "b2610ec5-deb5-46c6-8a8f-3925eb5f275e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:39:30+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:39:30+00:00"}, "scope": {"notes": "KEVIntel entry: Privilege escalation to NetworkService Account access | Affected: Citrix / Citrix Session Recording | CVSS: 5.1 (MEDIUM) | EPSS: 0.01388 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-8068", "url": "https://www.cve.org/CVERecord?id=CVE-2024-8068"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-8068"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Privilege escalation to NetworkService Account access", "vendor": "Citrix", "product": "Citrix Session Recording", "added_date": "2026-06-01T10:39:30.332Z", "cvss_score": 5.1, "epss_score": 0.01388, "cvss_severity": "MEDIUM", "epss_percentile": 0.68719, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6b9f8fbe-db1a-4120-98c9-a54522ab1a12", "vulnerability": {"vulnId": "CVE-2025-43300", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:39:18+00:00"}, "gcve": {"object_uuid": "6b9f8fbe-db1a-4120-98c9-a54522ab1a12", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:39:18+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:39:18+00:00"}, "scope": {"notes": "KEVIntel entry: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and... | Affected: Apple / iOS and iPadOS, iPadOS, macOS | CVSS: 10.0 (CRITICAL) | EPSS: 0.19972 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-43300", "url": "https://www.cve.org/CVERecord?id=CVE-2025-43300"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-43300"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and...", "vendor": "Apple", "product": "iOS and iPadOS, iPadOS, macOS", "added_date": "2026-06-01T10:39:18.439Z", "cvss_score": 10.0, "epss_score": 0.19972, "cvss_severity": "CRITICAL", "epss_percentile": 0.97102, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7e17c54a-b2b8-4590-a7cd-85c1cd0b2360", "vulnerability": {"vulnId": "CVE-2025-8875", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:38:55+00:00"}, "gcve": {"object_uuid": "7e17c54a-b2b8-4590-a7cd-85c1cd0b2360", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:38:55+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:38:55+00:00"}, "scope": {"notes": "KEVIntel entry: Insecure Deserialization Vulnerability | Affected: N-able / N-central | CVSS: 9.4 (CRITICAL) | EPSS: 0.01582 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-8875", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8875"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-8875"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Insecure Deserialization Vulnerability", "vendor": "N-able", "product": "N-central", "added_date": "2026-06-01T10:38:55.932Z", "cvss_score": 9.4, "epss_score": 0.01582, "cvss_severity": "CRITICAL", "epss_percentile": 0.7236, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a61a19fc-5ba8-4c93-8b44-5925c4f7bddc", "vulnerability": {"vulnId": "CVE-2025-8876", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:38:55+00:00"}, "gcve": {"object_uuid": "a61a19fc-5ba8-4c93-8b44-5925c4f7bddc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:38:55+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:38:55+00:00"}, "scope": {"notes": "KEVIntel entry: Command Injection Vulnerability | Affected: N-able / N-central | CVSS: 9.4 (CRITICAL) | EPSS: 0.03171 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-8876", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8876"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-8876"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Command Injection Vulnerability", "vendor": "N-able", "product": "N-central", "added_date": "2026-06-01T10:38:55.953Z", "cvss_score": 9.4, "epss_score": 0.03171, "cvss_severity": "CRITICAL", "epss_percentile": 0.86375, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "03497f8c-b204-4325-966a-7aad2adf9b76", "vulnerability": {"vulnId": "CVE-2025-54948", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:38:51+00:00"}, "gcve": {"object_uuid": "03497f8c-b204-4325-966a-7aad2adf9b76", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:38:51+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:38:51+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code... | Affected: Trend Micro, Inc. / Trend Micro Apex One | CVSS: 9.4 (CRITICAL) | EPSS: 0.20253 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-54948", "url": "https://www.cve.org/CVERecord?id=CVE-2025-54948"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-54948"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code...", "vendor": "Trend Micro, Inc.", "product": "Trend Micro Apex One", "added_date": "2026-06-01T10:38:51.174Z", "cvss_score": 9.4, "epss_score": 0.20253, "cvss_severity": "CRITICAL", "epss_percentile": 0.97142, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3f45abcc-4810-485b-ae9e-8f737bd4136e", "vulnerability": {"vulnId": "CVE-2013-3893", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:38:43+00:00"}, "gcve": {"object_uuid": "3f45abcc-4810-485b-ae9e-8f737bd4136e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:38:43+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:38:43+00:00"}, "scope": {"notes": "KEVIntel entry: Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote... | Affected: Microsoft / Internet Explorer | CVSS: 8.8 (HIGH) | EPSS: 0.8593 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-3893", "url": "https://www.cve.org/CVERecord?id=CVE-2013-3893"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-3893"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote...", "vendor": "Microsoft", "product": "Internet Explorer", "added_date": "2026-06-01T10:38:43.906Z", "cvss_score": 8.8, "epss_score": 0.8593, "cvss_severity": "HIGH", "epss_percentile": 0.997, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "bc0e215d-7b3c-4c3d-95f7-48b871ed2b22", "vulnerability": {"vulnId": "CVE-2007-0671", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:38:43+00:00"}, "gcve": {"object_uuid": "bc0e215d-7b3c-4c3d-95f7-48b871ed2b22", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:38:43+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:38:43+00:00"}, "scope": {"notes": "KEVIntel entry: Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted... | Affected: Microsoft / Excel | CVSS: 8.8 (HIGH) | EPSS: 0.42139 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2007-0671", "url": "https://www.cve.org/CVERecord?id=CVE-2007-0671"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2007-0671"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted...", "vendor": "Microsoft", "product": "Excel", "added_date": "2026-06-01T10:38:43.853Z", "cvss_score": 8.8, "epss_score": 0.42139, "cvss_severity": "HIGH", "epss_percentile": 0.98517, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7c827dd6-3aae-4e41-a6d2-6d9cf071f062", "vulnerability": {"vulnId": "CVE-2025-8088", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:38:35+00:00"}, "gcve": {"object_uuid": "7c827dd6-3aae-4e41-a6d2-6d9cf071f062", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:38:35+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:38:35+00:00"}, "scope": {"notes": "KEVIntel entry: Path traversal vulnerability in WinRAR | Affected: win.rar GmbH / WinRAR | CVSS: 8.4 (HIGH) | EPSS: 0.81348 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-8088", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8088"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-8088"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Path traversal vulnerability in WinRAR", "vendor": "win.rar GmbH", "product": "WinRAR", "added_date": "2026-06-01T10:38:35.408Z", "cvss_score": 8.4, "epss_score": 0.81348, "cvss_severity": "HIGH", "epss_percentile": 0.99591, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2966b79b-ad5e-40d1-89ea-12eea7e6d384", "vulnerability": {"vulnId": "CVE-2020-25078", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:38:24+00:00"}, "gcve": {"object_uuid": "2966b79b-ad5e-40d1-89ea-12eea7e6d384", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:38:24+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:38:24+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint... | Affected: D-Link / DCS-2530L, DCS-2670L | CVSS: 7.5 (HIGH) | EPSS: 0.97901 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-25078", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25078"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-25078"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint...", "vendor": "D-Link", "product": "DCS-2530L, DCS-2670L", "added_date": "2026-06-01T10:38:24.387Z", "cvss_score": 7.5, "epss_score": 0.97901, "cvss_severity": "HIGH", "epss_percentile": 0.999, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "082f141a-ea8a-4e9e-8d57-7110241b4da5", "vulnerability": {"vulnId": "CVE-2020-25079", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:38:24+00:00"}, "gcve": {"object_uuid": "082f141a-ea8a-4e9e-8d57-7110241b4da5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:38:24+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:38:24+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddns_enc.cgi allows authenticated... | Affected: D-Link / DCS-2530L, DCS-2670L | CVSS: 8.8 (HIGH) | EPSS: 0.52717 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-25079", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25079"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-25079"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddns_enc.cgi allows authenticated...", "vendor": "D-Link", "product": "DCS-2530L, DCS-2670L", "added_date": "2026-06-01T10:38:24.400Z", "cvss_score": 8.8, "epss_score": 0.52717, "cvss_severity": "HIGH", "epss_percentile": 0.98832, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "058a6fa4-6a93-4d88-b69d-e92a29e8ba7c", "vulnerability": {"vulnId": "CVE-2022-40799", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:38:24+00:00"}, "gcve": {"object_uuid": "058a6fa4-6a93-4d88-b69d-e92a29e8ba7c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:38:24+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:38:24+00:00"}, "scope": {"notes": "KEVIntel entry: Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on the... | Affected: D-Link / DNR-322L | CVSS: 8.8 (HIGH) | EPSS: 0.31328 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-40799", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40799"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-40799"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on the...", "vendor": "D-Link", "product": "DNR-322L", "added_date": "2026-06-01T10:38:24.413Z", "cvss_score": 8.8, "epss_score": 0.31328, "cvss_severity": "HIGH", "epss_percentile": 0.98049, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f25fc169-2d1d-474f-9ed8-6edf17f9e052", "vulnerability": {"vulnId": "CVE-2023-44976", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:38:13+00:00"}, "gcve": {"object_uuid": "f25fc169-2d1d-474f-9ed8-6edf17f9e052", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:38:13+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:38:13+00:00"}, "scope": {"notes": "KEVIntel entry: Hangzhou Shunwang Rentdrv2 before 2024-12-24 allows local users to terminate EDR processes and possibly have unspecified other impact via... | Affected: Hangzhou Shunwang / Rentdrv2 | CVSS: 3.2 (LOW) | EPSS: 0.00165 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-44976", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44976"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-44976"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Hangzhou Shunwang Rentdrv2 before 2024-12-24 allows local users to terminate EDR processes and possibly have unspecified other impact via...", "vendor": "Hangzhou Shunwang", "product": "Rentdrv2", "added_date": "2026-06-01T10:38:13.436Z", "cvss_score": 3.2, "epss_score": 0.00165, "cvss_severity": "LOW", "epss_percentile": 0.0605, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "90171403-2f4f-486d-8f85-9981b04058f8", "vulnerability": {"vulnId": "CVE-2014-125123", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:38:09+00:00"}, "gcve": {"object_uuid": "90171403-2f4f-486d-8f85-9981b04058f8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:38:09+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:38:09+00:00"}, "scope": {"notes": "KEVIntel entry: Kloxo < 6.1.12 Unauthenticated SQL Injection RCE | Affected: LXCenter / Kloxo | CVSS: 10.0 (CRITICAL) | EPSS: 0.00667 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2014-125123", "url": "https://www.cve.org/CVERecord?id=CVE-2014-125123"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-125123"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Kloxo < 6.1.12 Unauthenticated SQL Injection RCE", "vendor": "LXCenter", "product": "Kloxo", "added_date": "2026-06-01T10:38:09.412Z", "cvss_score": 10.0, "epss_score": 0.00667, "cvss_severity": "CRITICAL", "epss_percentile": 0.46967, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "fa370ae6-51f5-4edf-82d1-4ae6a233db74", "vulnerability": {"vulnId": "CVE-2025-47729", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:37:52+00:00"}, "gcve": {"object_uuid": "fa370ae6-51f5-4edf-82d1-4ae6a233db74", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:37:52+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:37:52+00:00"}, "scope": {"notes": "KEVIntel entry: The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is... | Affected: TeleMessage / archiving backend | CVSS: 1.9 (LOW) | EPSS: 0.00396 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-47729", "url": "https://www.cve.org/CVERecord?id=CVE-2025-47729"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-47729"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is...", "vendor": "TeleMessage", "product": "archiving backend", "added_date": "2026-06-01T10:37:52.207Z", "cvss_score": 1.9, "epss_score": 0.00396, "cvss_severity": "LOW", "epss_percentile": 0.31295, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5653e1fd-d6dd-4cb9-991a-a1c6b3fc2946", "vulnerability": {"vulnId": "CVE-2025-4632", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:37:52+00:00"}, "gcve": {"object_uuid": "5653e1fd-d6dd-4cb9-991a-a1c6b3fc2946", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:37:52+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:37:52+00:00"}, "scope": {"notes": "KEVIntel entry: Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to... | Affected: Samsung Electronics / MagicINFO 9 Server | CVSS: 9.8 (CRITICAL) | EPSS: 0.23198 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-4632", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4632"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-4632"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to...", "vendor": "Samsung Electronics", "product": "MagicINFO 9 Server", "added_date": "2026-06-01T10:37:52.172Z", "cvss_score": 9.8, "epss_score": 0.23198, "cvss_severity": "CRITICAL", "epss_percentile": 0.97485, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "64ed0cb1-b533-41cb-8652-e6065bcab43e", "vulnerability": {"vulnId": "CVE-2025-42999", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:37:52+00:00"}, "gcve": {"object_uuid": "64ed0cb1-b533-41cb-8652-e6065bcab43e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:37:52+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:37:52+00:00"}, "scope": {"notes": "KEVIntel entry: Insecure Deserialization in SAP NetWeaver (Visual Composer development server) | Affected: SAP_SE / SAP NetWeaver (Visual Composer development server) | CVSS: 9.1 (CRITICAL) | EPSS: 0.10847 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-42999", "url": "https://www.cve.org/CVERecord?id=CVE-2025-42999"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-42999"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Insecure Deserialization in SAP NetWeaver (Visual Composer development server)", "vendor": "SAP_SE", "product": "SAP NetWeaver (Visual Composer development server)", "added_date": "2026-06-01T10:37:52.113Z", "cvss_score": 9.1, "epss_score": 0.10847, "cvss_severity": "CRITICAL", "epss_percentile": 0.95292, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "acd07644-dde7-4301-8cd5-dc4a2e83f3a9", "vulnerability": {"vulnId": "CVE-2025-32756", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:37:50+00:00"}, "gcve": {"object_uuid": "acd07644-dde7-4301-8cd5-dc4a2e83f3a9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:37:50+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:37:50+00:00"}, "scope": {"notes": "KEVIntel entry: A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions,... | Affected: Fortinet / FortiNDR, FortiCamera, FortiRecorder, FortiVoice, FortiMail | CVSS: 9.8 (CRITICAL) | EPSS: 0.30128 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-32756", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32756"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-32756"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions,...", "vendor": "Fortinet", "product": "FortiNDR, FortiCamera, FortiRecorder, FortiVoice, FortiMail", "added_date": "2026-06-01T10:37:50.198Z", "cvss_score": 9.8, "epss_score": 0.30128, "cvss_severity": "CRITICAL", "epss_percentile": 0.9798, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c2a02934-6e56-4da6-b56c-42ae2884964d", "vulnerability": {"vulnId": "CVE-2025-20337", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:37:36+00:00"}, "gcve": {"object_uuid": "c2a02934-6e56-4da6-b56c-42ae2884964d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:37:36+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:37:36+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco ISE API Unauthenticated Remote Code Execution Vulnerability | Affected: Cisco / Cisco Identity Services Engine Software, Cisco ISE Passive Identity Connector | CVSS: 10.0 (CRITICAL) | EPSS: 0.65098 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-20337", "url": "https://www.cve.org/CVERecord?id=CVE-2025-20337"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-20337"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco ISE API Unauthenticated Remote Code Execution Vulnerability", "vendor": "Cisco", "product": "Cisco Identity Services Engine Software, Cisco ISE Passive Identity Connector", "added_date": "2026-06-01T10:37:36.546Z", "cvss_score": 10.0, "epss_score": 0.65098, "cvss_severity": "CRITICAL", "epss_percentile": 0.99151, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0f3e5341-02f3-4f99-bb4a-1f89ea52911c", "vulnerability": {"vulnId": "CVE-2023-2533", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:37:36+00:00"}, "gcve": {"object_uuid": "0f3e5341-02f3-4f99-bb4a-1f89ea52911c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:37:36+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:37:36+00:00"}, "scope": {"notes": "KEVIntel entry: PaperCut MF/NG 22.0.10 (Build 65996 2023-03-27) - Remote code execution via CSRF | Affected: PaperCut / PaperCut NG/MF | CVSS: 8.4 (HIGH) | EPSS: 0.2946 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-2533", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2533"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-2533"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "PaperCut MF/NG 22.0.10 (Build 65996 2023-03-27) - Remote code execution via CSRF", "vendor": "PaperCut", "product": "PaperCut NG/MF", "added_date": "2026-06-01T10:37:36.480Z", "cvss_score": 8.4, "epss_score": 0.2946, "cvss_severity": "HIGH", "epss_percentile": 0.97945, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "290c2f13-0407-4c72-a627-128fb58ed771", "vulnerability": {"vulnId": "CVE-2025-20281", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:37:36+00:00"}, "gcve": {"object_uuid": "290c2f13-0407-4c72-a627-128fb58ed771", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:37:36+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:37:36+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco ISE API Unauthenticated Remote Code Execution Vulnerability | Affected: Cisco / Cisco Identity Services Engine Software | CVSS: 10.0 (CRITICAL) | EPSS: 0.96732 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-20281", "url": "https://www.cve.org/CVERecord?id=CVE-2025-20281"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-20281"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco ISE API Unauthenticated Remote Code Execution Vulnerability", "vendor": "Cisco", "product": "Cisco Identity Services Engine Software", "added_date": "2026-06-01T10:37:36.522Z", "cvss_score": 10.0, "epss_score": 0.96732, "cvss_severity": "CRITICAL", "epss_percentile": 0.99879, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "674d77a9-c76e-4ed7-8c7d-22a484bcf7f5", "vulnerability": {"vulnId": "CVE-2025-49706", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:37:23+00:00"}, "gcve": {"object_uuid": "674d77a9-c76e-4ed7-8c7d-22a484bcf7f5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:37:23+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:37:23+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft SharePoint Server Spoofing Vulnerability | Affected: Microsoft / Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition | CVSS: 6.5 (MEDIUM) | EPSS: 0.99879 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-49706", "url": "https://www.cve.org/CVERecord?id=CVE-2025-49706"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-49706"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft SharePoint Server Spoofing Vulnerability", "vendor": "Microsoft", "product": "Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition", "added_date": "2026-06-01T10:37:23.318Z", "cvss_score": 6.5, "epss_score": 0.99879, "cvss_severity": "MEDIUM", "epss_percentile": 0.99962, "used_in_malware": "yes", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d2377df2-2889-4f75-9344-9693cce1538d", "vulnerability": {"vulnId": "CVE-2025-49704", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:37:23+00:00"}, "gcve": {"object_uuid": "d2377df2-2889-4f75-9344-9693cce1538d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:37:23+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:37:23+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft SharePoint Remote Code Execution Vulnerability | Affected: Microsoft / Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019 | CVSS: 8.8 (HIGH) | EPSS: 0.99907 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-49704", "url": "https://www.cve.org/CVERecord?id=CVE-2025-49704"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-49704"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft SharePoint Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019", "added_date": "2026-06-01T10:37:23.293Z", "cvss_score": 8.8, "epss_score": 0.99907, "cvss_severity": "HIGH", "epss_percentile": 0.99965, "used_in_malware": "yes", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b9d34cda-0f48-4012-bbef-a1c0b0be469f", "vulnerability": {"vulnId": "CVE-2025-6558", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:37:23+00:00"}, "gcve": {"object_uuid": "b9d34cda-0f48-4012-bbef-a1c0b0be469f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:37:23+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:37:23+00:00"}, "scope": {"notes": "KEVIntel entry: Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | EPSS: 0.09524 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-6558", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6558"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-6558"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially...", "vendor": "Google", "product": "Chrome", "added_date": "2026-06-01T10:37:23.924Z", "cvss_score": 8.8, "epss_score": 0.09524, "cvss_severity": "HIGH", "epss_percentile": 0.9483, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5e2eafa6-85ca-4a3f-9f7b-292b516fd6a2", "vulnerability": {"vulnId": "CVE-2025-2775", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:37:22+00:00"}, "gcve": {"object_uuid": "5e2eafa6-85ca-4a3f-9f7b-292b516fd6a2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:37:22+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:37:22+00:00"}, "scope": {"notes": "KEVIntel entry: SysAid On-Prem <= 23.3.40 Checkin Proceessing XML External Entity Injection | Affected: SysAid / SysAid On-Prem | CVSS: 9.3 (CRITICAL) | EPSS: 0.55177 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-2775", "url": "https://www.cve.org/CVERecord?id=CVE-2025-2775"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-2775"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SysAid On-Prem <= 23.3.40 Checkin Proceessing XML External Entity Injection", "vendor": "SysAid", "product": "SysAid On-Prem", "added_date": "2026-06-01T10:37:22.521Z", "cvss_score": 9.3, "epss_score": 0.55177, "cvss_severity": "CRITICAL", "epss_percentile": 0.98902, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a8d1b275-56b5-49d1-a7c5-b1d5ac00939a", "vulnerability": {"vulnId": "CVE-2025-2776", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:37:22+00:00"}, "gcve": {"object_uuid": "a8d1b275-56b5-49d1-a7c5-b1d5ac00939a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:37:22+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:37:22+00:00"}, "scope": {"notes": "KEVIntel entry: SysAid On-Prem <= 23.3.40 serverurl Proceessing XML External Entity Injection | Affected: SysAid / SysAid On-Prem | CVSS: 9.3 (CRITICAL) | EPSS: 0.72971 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-2776", "url": "https://www.cve.org/CVERecord?id=CVE-2025-2776"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-2776"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SysAid On-Prem <= 23.3.40 serverurl Proceessing XML External Entity Injection", "vendor": "SysAid", "product": "SysAid On-Prem", "added_date": "2026-06-01T10:37:22.535Z", "cvss_score": 9.3, "epss_score": 0.72971, "cvss_severity": "CRITICAL", "epss_percentile": 0.99381, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "088137b8-9c2a-45d8-af4b-f0f18b6f9767", "vulnerability": {"vulnId": "CVE-2025-53770", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:37:19+00:00"}, "gcve": {"object_uuid": "088137b8-9c2a-45d8-af4b-f0f18b6f9767", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:37:19+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:37:19+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft SharePoint Server Remote Code Execution Vulnerability | Affected: Microsoft / Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition | CVSS: 9.8 (CRITICAL) | EPSS: 0.99977 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-53770", "url": "https://www.cve.org/CVERecord?id=CVE-2025-53770"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-53770"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft SharePoint Server Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition", "added_date": "2026-06-01T10:37:19.166Z", "cvss_score": 9.8, "epss_score": 0.99977, "cvss_severity": "CRITICAL", "epss_percentile": 0.9998, "used_in_malware": "yes", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e96a3653-b597-4941-89a4-65c358b6e6f1", "vulnerability": {"vulnId": "CVE-2025-54309", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:37:11+00:00"}, "gcve": {"object_uuid": "e96a3653-b597-4941-89a4-65c358b6e6f1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:37:11+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:37:11+00:00"}, "scope": {"notes": "KEVIntel entry: CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote... | Affected: CrushFTP / CrushFTP | CVSS: 9.0 (CRITICAL) | EPSS: 0.92034 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-54309", "url": "https://www.cve.org/CVERecord?id=CVE-2025-54309"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-54309"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote...", "vendor": "CrushFTP", "product": "CrushFTP", "added_date": "2026-06-01T10:37:11.050Z", "cvss_score": 9.0, "epss_score": 0.92034, "cvss_severity": "CRITICAL", "epss_percentile": 0.99808, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d4de0092-680d-4f91-aa57-c6f61dc7f157", "vulnerability": {"vulnId": "CVE-2025-34130", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:37:03+00:00"}, "gcve": {"object_uuid": "d4de0092-680d-4f91-aa57-c6f61dc7f157", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:37:03+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:37:03+00:00"}, "scope": {"notes": "KEVIntel entry: LILIN DVR Arbitrary File Read via net_html.cgi | Affected: Merit LILIN / DVR Firmware | CVSS: 8.7 (HIGH) | EPSS: 0.01149 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-34130", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34130"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-34130"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "LILIN DVR Arbitrary File Read via net_html.cgi", "vendor": "Merit LILIN", "product": "DVR Firmware", "added_date": "2026-06-01T10:37:03.856Z", "cvss_score": 8.7, "epss_score": 0.01149, "cvss_severity": "HIGH", "epss_percentile": 0.62723, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "10099841-c3cd-4d66-a045-69b92535225d", "vulnerability": {"vulnId": "CVE-2025-34129", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:37:03+00:00"}, "gcve": {"object_uuid": "10099841-c3cd-4d66-a045-69b92535225d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:37:03+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:37:03+00:00"}, "scope": {"notes": "KEVIntel entry: LILIN DVR RCE via Malicious FTP/NTP Configuration | Affected: Merit LILIN / DVR Firmware | CVSS: 8.7 (HIGH) | EPSS: 0.01077 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-34129", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34129"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-34129"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "LILIN DVR RCE via Malicious FTP/NTP Configuration", "vendor": "Merit LILIN", "product": "DVR Firmware", "added_date": "2026-06-01T10:37:03.840Z", "cvss_score": 8.7, "epss_score": 0.01077, "cvss_severity": "HIGH", "epss_percentile": 0.60674, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "bd12cf2d-004a-4b98-baf2-9921254f9a15", "vulnerability": {"vulnId": "CVE-2025-49831", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:37:00+00:00"}, "gcve": {"object_uuid": "bd12cf2d-004a-4b98-baf2-9921254f9a15", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:37:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:37:00+00:00"}, "scope": {"notes": "KEVIntel entry: Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) vulnerable to IAM Authenticator Bypass via Mis-configured Network Device | Affected: cyberark / conjur | CVSS: 9.1 (CRITICAL) | EPSS: 0.01156 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-49831", "url": "https://www.cve.org/CVERecord?id=CVE-2025-49831"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-49831"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) vulnerable to IAM Authenticator Bypass via Mis-configured Network Device", "vendor": "cyberark", "product": "conjur", "added_date": "2026-06-01T10:37:00.841Z", "cvss_score": 9.1, "epss_score": 0.01156, "cvss_severity": "CRITICAL", "epss_percentile": 0.62909, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "1917d9ac-746a-4aba-8379-3bcb5a982dbe", "vulnerability": {"vulnId": "CVE-2025-47812", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:36:56+00:00"}, "gcve": {"object_uuid": "1917d9ac-746a-4aba-8379-3bcb5a982dbe", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:36:56+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:36:56+00:00"}, "scope": {"notes": "KEVIntel entry: In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\\0' bytes, ultimately allowing injection of arbitrary Lua code into... | Affected: wftpserver / Wing FTP Server | CVSS: 10.0 (CRITICAL) | EPSS: 0.95343 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-47812", "url": "https://www.cve.org/CVERecord?id=CVE-2025-47812"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-47812"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\\0' bytes, ultimately allowing injection of arbitrary Lua code into...", "vendor": "wftpserver", "product": "Wing FTP Server", "added_date": "2026-06-01T10:36:56.791Z", "cvss_score": 10.0, "epss_score": 0.95343, "cvss_severity": "CRITICAL", "epss_percentile": 0.99857, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f6ed0cc0-e075-41f7-9bbf-aceaecd1e864", "vulnerability": {"vulnId": "CVE-2016-10033", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:36:30+00:00"}, "gcve": {"object_uuid": "f6ed0cc0-e075-41f7-9bbf-aceaecd1e864", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:36:30+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:36:30+00:00"}, "scope": {"notes": "KEVIntel entry: The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command... | Affected: PHPMailer / PHPMailer | CVSS: 9.8 (CRITICAL) | EPSS: 0.99714 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-10033", "url": "https://www.cve.org/CVERecord?id=CVE-2016-10033"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-10033"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command...", "vendor": "PHPMailer", "product": "PHPMailer", "added_date": "2026-06-01T10:36:30.804Z", "cvss_score": 9.8, "epss_score": 0.99714, "cvss_severity": "CRITICAL", "epss_percentile": 0.9995, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5ffcf643-dba8-4fb7-9bdd-b45db0667cb9", "vulnerability": {"vulnId": "CVE-2019-5418", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:36:30+00:00"}, "gcve": {"object_uuid": "5ffcf643-dba8-4fb7-9bdd-b45db0667cb9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:36:30+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:36:30+00:00"}, "scope": {"notes": "KEVIntel entry: There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted... | Affected: Rails / https://github.com/rails/rails | CVSS: 7.5 (HIGH) | EPSS: 0.98507 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-5418", "url": "https://www.cve.org/CVERecord?id=CVE-2019-5418"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-5418"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted...", "vendor": "Rails", "product": "https://github.com/rails/rails", "added_date": "2026-06-01T10:36:30.850Z", "cvss_score": 7.5, "epss_score": 0.98507, "cvss_severity": "HIGH", "epss_percentile": 0.99914, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cc8476bc-61c4-4e08-9d88-480ead3308e9", "vulnerability": {"vulnId": "CVE-2019-9621", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:36:30+00:00"}, "gcve": {"object_uuid": "cc8476bc-61c4-4e08-9d88-480ead3308e9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:36:30+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:36:30+00:00"}, "scope": {"notes": "KEVIntel entry: Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows... | Affected: Zimbra / Zimbra Collaboration Suite | CVSS: 7.5 (HIGH) | EPSS: 0.80906 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-9621", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9621"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-9621"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows...", "vendor": "Zimbra", "product": "Zimbra Collaboration Suite", "added_date": "2026-06-01T10:36:30.865Z", "cvss_score": 7.5, "epss_score": 0.80906, "cvss_severity": "HIGH", "epss_percentile": 0.9958, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7271608b-0f3e-4e79-b1d7-c163d6798500", "vulnerability": {"vulnId": "CVE-2014-3931", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:36:30+00:00"}, "gcve": {"object_uuid": "7271608b-0f3e-4e79-b1d7-c163d6798500", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:36:30+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:36:30+00:00"}, "scope": {"notes": "KEVIntel entry: fastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 allows remote attackers to cause an arbitrary memory write and memory corruption. | Affected: MRLG / Multi-Router Looking Glass | CVSS: 9.8 (CRITICAL) | EPSS: 0.26572 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2014-3931", "url": "https://www.cve.org/CVERecord?id=CVE-2014-3931"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-3931"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "fastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 allows remote attackers to cause an arbitrary memory write and memory corruption.", "vendor": "MRLG", "product": "Multi-Router Looking Glass", "added_date": "2026-06-01T10:36:30.780Z", "cvss_score": 9.8, "epss_score": 0.26572, "cvss_severity": "CRITICAL", "epss_percentile": 0.9776, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "bc5d5ff6-ba84-41d7-b717-c4b58c8381f8", "vulnerability": {"vulnId": "CVE-2025-6554", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:36:20+00:00"}, "gcve": {"object_uuid": "bc5d5ff6-ba84-41d7-b717-c4b58c8381f8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:36:20+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:36:20+00:00"}, "scope": {"notes": "KEVIntel entry: Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.... | Affected: Google / Chrome | CVSS: 8.1 (HIGH) | EPSS: 0.06564 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-6554", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6554"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-6554"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page....", "vendor": "Google", "product": "Chrome", "added_date": "2026-06-01T10:36:20.047Z", "cvss_score": 8.1, "epss_score": 0.06564, "cvss_severity": "HIGH", "epss_percentile": 0.92953, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "187782f3-156d-475d-9456-1ff223f0df78", "vulnerability": {"vulnId": "CVE-2025-48927", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:36:17+00:00"}, "gcve": {"object_uuid": "187782f3-156d-475d-9456-1ff223f0df78", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:36:17+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:36:17+00:00"}, "scope": {"notes": "KEVIntel entry: The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in... | Affected: TeleMessage / service | CVSS: 5.3 (MEDIUM) | EPSS: 0.07857 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-48927", "url": "https://www.cve.org/CVERecord?id=CVE-2025-48927"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-48927"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in...", "vendor": "TeleMessage", "product": "service", "added_date": "2026-06-01T10:36:17.235Z", "cvss_score": 5.3, "epss_score": 0.07857, "cvss_severity": "MEDIUM", "epss_percentile": 0.9394, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d81d8eff-a85e-4c81-ab36-dcc49191f18a", "vulnerability": {"vulnId": "CVE-2025-48928", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:36:17+00:00"}, "gcve": {"object_uuid": "d81d8eff-a85e-4c81-ab36-dcc49191f18a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:36:17+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:36:17+00:00"}, "scope": {"notes": "KEVIntel entry: The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a \"core dump\" in which... | Affected: TeleMessage / service | CVSS: 4.0 (MEDIUM) | EPSS: 0.00366 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-48928", "url": "https://www.cve.org/CVERecord?id=CVE-2025-48928"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-48928"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a \"core dump\" in which...", "vendor": "TeleMessage", "product": "service", "added_date": "2026-06-01T10:36:17.248Z", "cvss_score": 4.0, "epss_score": 0.00366, "cvss_severity": "MEDIUM", "epss_percentile": 0.2833, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0b21e14e-e4cc-481e-a171-dbbc79ad6d95", "vulnerability": {"vulnId": "CVE-2025-6543", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:36:14+00:00"}, "gcve": {"object_uuid": "0b21e14e-e4cc-481e-a171-dbbc79ad6d95", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:36:14+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:36:14+00:00"}, "scope": {"notes": "KEVIntel entry: Memory overflow vulnerability leading to unintended control flow and Denial of Service | Affected: NetScaler / ADC, Gateway | CVSS: 9.2 (CRITICAL) | EPSS: 0.09756 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-6543", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6543"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-6543"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Memory overflow vulnerability leading to unintended control flow and Denial of Service", "vendor": "NetScaler", "product": "ADC, Gateway", "added_date": "2026-06-01T10:36:14.774Z", "cvss_score": 9.2, "epss_score": 0.09756, "cvss_severity": "CRITICAL", "epss_percentile": 0.9492, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "35986700-9d28-4cb5-93f9-5ed62b64cae7", "vulnerability": {"vulnId": "CVE-2025-48925", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:34:46+00:00"}, "gcve": {"object_uuid": "35986700-9d28-4cb5-93f9-5ed62b64cae7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:34:46+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:34:46+00:00"}, "scope": {"notes": "KEVIntel entry: The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the... | Affected: TeleMessage / service | CVSS: 4.3 (MEDIUM) | EPSS: 0.00233 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-48925", "url": "https://www.cve.org/CVERecord?id=CVE-2025-48925"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-48925"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the...", "vendor": "TeleMessage", "product": "service", "added_date": "2026-06-01T10:34:46.225Z", "cvss_score": 4.3, "epss_score": 0.00233, "cvss_severity": "MEDIUM", "epss_percentile": 0.1391, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "fe5e8754-80b0-42d8-91f0-50dad02fb201", "vulnerability": {"vulnId": "CVE-2024-0769", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:34:26+00:00"}, "gcve": {"object_uuid": "fe5e8754-80b0-42d8-91f0-50dad02fb201", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:34:26+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:34:26+00:00"}, "scope": {"notes": "KEVIntel entry: D-Link DIR-859 HTTP POST Request hedwig.cgi path traversal | Affected: D-Link / DIR-859 | CVSS: 5.3 (MEDIUM) | EPSS: 0.82714 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-0769", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0769"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-0769"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "D-Link DIR-859 HTTP POST Request hedwig.cgi path traversal", "vendor": "D-Link", "product": "DIR-859", "added_date": "2026-06-01T10:34:26.142Z", "cvss_score": 5.3, "epss_score": 0.82714, "cvss_severity": "MEDIUM", "epss_percentile": 0.99626, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "099930ed-066c-4c21-b551-f1614786420e", "vulnerability": {"vulnId": "CVE-2025-52572", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:34:16+00:00"}, "gcve": {"object_uuid": "099930ed-066c-4c21-b551-f1614786420e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:34:16+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:34:16+00:00"}, "scope": {"notes": "KEVIntel entry: Hikka vulnerable to RCE through dangling web interface | Affected: hikariatama / Hikka | CVSS: 10.0 (CRITICAL) | EPSS: 0.00619 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-52572", "url": "https://www.cve.org/CVERecord?id=CVE-2025-52572"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-52572"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Hikka vulnerable to RCE through dangling web interface", "vendor": "hikariatama", "product": "Hikka", "added_date": "2026-06-01T10:34:16.820Z", "cvss_score": 10.0, "epss_score": 0.00619, "cvss_severity": "CRITICAL", "epss_percentile": 0.44909, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "c3c3fac0-23cd-45d2-9cbc-4a90ecafd58a", "vulnerability": {"vulnId": "CVE-2024-54085", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:34:02+00:00"}, "gcve": {"object_uuid": "c3c3fac0-23cd-45d2-9cbc-4a90ecafd58a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:34:02+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:34:02+00:00"}, "scope": {"notes": "KEVIntel entry: Redfish Authentication Bypass | Affected: AMI / MegaRAC-SPx | CVSS: 10.0 (CRITICAL) | EPSS: 0.61202 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-54085", "url": "https://www.cve.org/CVERecord?id=CVE-2024-54085"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-54085"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Redfish Authentication Bypass", "vendor": "AMI", "product": "MegaRAC-SPx", "added_date": "2026-06-01T10:34:02.334Z", "cvss_score": 10.0, "epss_score": 0.61202, "cvss_severity": "CRITICAL", "epss_percentile": 0.99047, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e4ce639a-68c0-477f-bb39-bc39488aec97", "vulnerability": {"vulnId": "CVE-2019-6693", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:33:55+00:00"}, "gcve": {"object_uuid": "e4ce639a-68c0-477f-bb39-bc39488aec97", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:33:55+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:33:55+00:00"}, "scope": {"notes": "KEVIntel entry: Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup... | Affected: Fortinet / FortiGate | CVSS: 6.5 (MEDIUM) | EPSS: 0.05352 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-6693", "url": "https://www.cve.org/CVERecord?id=CVE-2019-6693"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-6693"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup...", "vendor": "Fortinet", "product": "FortiGate", "added_date": "2026-06-01T10:33:55.457Z", "cvss_score": 6.5, "epss_score": 0.05352, "cvss_severity": "MEDIUM", "epss_percentile": 0.91594, "used_in_malware": "yes", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a17c9b58-b6d0-4588-88ee-bc322c248beb", "vulnerability": {"vulnId": "CVE-2023-0386", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:33:20+00:00"}, "gcve": {"object_uuid": "a17c9b58-b6d0-4588-88ee-bc322c248beb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:33:20+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:33:20+00:00"}, "scope": {"notes": "KEVIntel entry: A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux... | Affected: Linux / Linux kernel | CVSS: 7.8 (HIGH) | EPSS: 0.0788 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-0386", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0386"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-0386"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux...", "vendor": "Linux", "product": "Linux kernel", "added_date": "2026-06-01T10:33:20.672Z", "cvss_score": 7.8, "epss_score": 0.0788, "cvss_severity": "HIGH", "epss_percentile": 0.93962, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "72f9fd4a-1727-425d-8271-7c36c8bc4899", "vulnerability": {"vulnId": "CVE-2025-43200", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:33:11+00:00"}, "gcve": {"object_uuid": "72f9fd4a-1727-425d-8271-7c36c8bc4899", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:33:11+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:33:11+00:00"}, "scope": {"notes": "KEVIntel entry: This issue was addressed with improved checks. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.1 and... | Affected: Apple / iOS and iPadOS, iPadOS, macOS, visionOS, watchOS | CVSS: 4.2 (MEDIUM) | EPSS: 0.01009 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-43200", "url": "https://www.cve.org/CVERecord?id=CVE-2025-43200"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-43200"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "This issue was addressed with improved checks. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.1 and...", "vendor": "Apple", "product": "iOS and iPadOS, iPadOS, macOS, visionOS, watchOS", "added_date": "2026-06-01T10:33:11.491Z", "cvss_score": 4.2, "epss_score": 0.01009, "cvss_severity": "MEDIUM", "epss_percentile": 0.58563, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e2f5f21b-9513-4130-9f28-aa10f1585de5", "vulnerability": {"vulnId": "CVE-2023-33538", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:33:02+00:00"}, "gcve": {"object_uuid": "e2f5f21b-9513-4130-9f28-aa10f1585de5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:33:02+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:33:02+00:00"}, "scope": {"notes": "KEVIntel entry: TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component... | Affected: TP-Link / TL-WR940N, TL-WR841N, TL-WR740N | CVSS: 8.8 (HIGH) | EPSS: 0.42568 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-33538", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33538"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-33538"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component...", "vendor": "TP-Link", "product": "TL-WR940N, TL-WR841N, TL-WR740N", "added_date": "2026-06-01T10:33:02.281Z", "cvss_score": 8.8, "epss_score": 0.42568, "cvss_severity": "HIGH", "epss_percentile": 0.98538, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7d9b1c1b-33e9-4987-9b4a-ac70ee09cb78", "vulnerability": {"vulnId": "CVE-2025-33053", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:32:38+00:00"}, "gcve": {"object_uuid": "7d9b1c1b-33e9-4987-9b4a-ac70ee09cb78", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:32:38+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:32:38+00:00"}, "scope": {"notes": "KEVIntel entry: Internet Shortcut Files Remote Code Execution Vulnerability | Affected: Microsoft / Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 8.8 (HIGH) | EPSS: 0.81558 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-33053", "url": "https://www.cve.org/CVERecord?id=CVE-2025-33053"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-33053"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Internet Shortcut Files Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2026-06-01T10:32:38.192Z", "cvss_score": 8.8, "epss_score": 0.81558, "cvss_severity": "HIGH", "epss_percentile": 0.99598, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "808041f2-2398-42c3-bb40-f76054fe0940", "vulnerability": {"vulnId": "CVE-2025-24016", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:32:30+00:00"}, "gcve": {"object_uuid": "808041f2-2398-42c3-bb40-f76054fe0940", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:32:30+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:32:30+00:00"}, "scope": {"notes": "KEVIntel entry: Remote code execution in Wazuh server | Affected: wazuh / wazuh | CVSS: 9.9 (CRITICAL) | EPSS: 0.92579 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-24016", "url": "https://www.cve.org/CVERecord?id=CVE-2025-24016"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-24016"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Remote code execution in Wazuh server", "vendor": "wazuh", "product": "wazuh", "added_date": "2026-06-01T10:32:30.977Z", "cvss_score": 9.9, "epss_score": 0.92579, "cvss_severity": "CRITICAL", "epss_percentile": 0.99814, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "908dd1e8-7505-43d8-b75f-a7a10fd39941", "vulnerability": {"vulnId": "CVE-2025-32433", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:32:20+00:00"}, "gcve": {"object_uuid": "908dd1e8-7505-43d8-b75f-a7a10fd39941", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:32:20+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:32:20+00:00"}, "scope": {"notes": "KEVIntel entry: Erlang/OTP SSH Vulnerable to Pre-Authentication RCE | Affected: erlang / otp | CVSS: 10.0 (CRITICAL) | EPSS: 0.97673 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-32433", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32433"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-32433"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Erlang/OTP SSH Vulnerable to Pre-Authentication RCE", "vendor": "erlang", "product": "otp", "added_date": "2026-06-01T10:32:20.432Z", "cvss_score": 10.0, "epss_score": 0.97673, "cvss_severity": "CRITICAL", "epss_percentile": 0.99896, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "bf13200d-d844-419f-a514-0c4727c3cccd", "vulnerability": {"vulnId": "CVE-2024-42009", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:32:11+00:00"}, "gcve": {"object_uuid": "bf13200d-d844-419f-a514-0c4727c3cccd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:32:11+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:32:11+00:00"}, "scope": {"notes": "KEVIntel entry: A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a... | Affected: Roundcube / Roundcube Webmail | CVSS: 9.3 (CRITICAL) | EPSS: 0.82853 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-42009", "url": "https://www.cve.org/CVERecord?id=CVE-2024-42009"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-42009"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a...", "vendor": "Roundcube", "product": "Roundcube Webmail", "added_date": "2026-06-01T10:32:11.788Z", "cvss_score": 9.3, "epss_score": 0.82853, "cvss_severity": "CRITICAL", "epss_percentile": 0.99631, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8c03d99c-468d-46be-98d5-3680380bac28", "vulnerability": {"vulnId": "CVE-2025-5419", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:31:54+00:00"}, "gcve": {"object_uuid": "8c03d99c-468d-46be-98d5-3680380bac28", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:31:54+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:31:54+00:00"}, "scope": {"notes": "KEVIntel entry: Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | EPSS: 0.06463 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-5419", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5419"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-5419"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a...", "vendor": "Google", "product": "Chrome", "added_date": "2026-06-01T10:31:54.550Z", "cvss_score": 8.8, "epss_score": 0.06463, "cvss_severity": "HIGH", "epss_percentile": 0.92863, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "10c1f720-d639-4e53-af28-8440a6f0aac1", "vulnerability": {"vulnId": "CVE-2025-27038", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:31:39+00:00"}, "gcve": {"object_uuid": "10c1f720-d639-4e53-af28-8440a6f0aac1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:31:39+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:31:39+00:00"}, "scope": {"notes": "KEVIntel entry: Use After Free in Graphics | Affected: Qualcomm, Inc. / Snapdragon | CVSS: 7.5 (HIGH) | EPSS: 0.00802 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-27038", "url": "https://www.cve.org/CVERecord?id=CVE-2025-27038"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-27038"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use After Free in Graphics", "vendor": "Qualcomm, Inc.", "product": "Snapdragon", "added_date": "2026-06-01T10:31:39.819Z", "cvss_score": 7.5, "epss_score": 0.00802, "cvss_severity": "HIGH", "epss_percentile": 0.51852, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "33bb1fdc-0c91-495d-b497-f20e96601a21", "vulnerability": {"vulnId": "CVE-2025-21480", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:31:32+00:00"}, "gcve": {"object_uuid": "33bb1fdc-0c91-495d-b497-f20e96601a21", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:31:32+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:31:32+00:00"}, "scope": {"notes": "KEVIntel entry: Incorrect Authorization in Graphics Windows | Affected: Qualcomm, Inc. / Snapdragon | CVSS: 8.6 (HIGH) | EPSS: 0.00361 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-21480", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21480"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-21480"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Incorrect Authorization in Graphics Windows", "vendor": "Qualcomm, Inc.", "product": "Snapdragon", "added_date": "2026-06-01T10:31:32.721Z", "cvss_score": 8.6, "epss_score": 0.00361, "cvss_severity": "HIGH", "epss_percentile": 0.2783, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "73989b98-612b-44fd-8028-4ff4ad9fec9a", "vulnerability": {"vulnId": "CVE-2025-21479", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:31:25+00:00"}, "gcve": {"object_uuid": "73989b98-612b-44fd-8028-4ff4ad9fec9a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:31:25+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:31:25+00:00"}, "scope": {"notes": "KEVIntel entry: Incorrect Authorization in Graphics | Affected: Qualcomm, Inc. / Snapdragon | CVSS: 8.6 (HIGH) | EPSS: 0.00665 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-21479", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21479"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-21479"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Incorrect Authorization in Graphics", "vendor": "Qualcomm, Inc.", "product": "Snapdragon", "added_date": "2026-06-01T10:31:25.802Z", "cvss_score": 8.6, "epss_score": 0.00665, "cvss_severity": "HIGH", "epss_percentile": 0.4691, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "957eebf2-0262-4115-a92c-00d410b73475", "vulnerability": {"vulnId": "CVE-2025-3935", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:31:13+00:00"}, "gcve": {"object_uuid": "957eebf2-0262-4115-a92c-00d410b73475", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:31:13+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:31:13+00:00"}, "scope": {"notes": "KEVIntel entry: ScreenConnect Exposure to ASP.NET ViewState Code Injection | Affected: ConnectWise / ScreenConnect | CVSS: 8.1 (HIGH) | EPSS: 0.03348 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-3935", "url": "https://www.cve.org/CVERecord?id=CVE-2025-3935"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-3935"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "ScreenConnect Exposure to ASP.NET ViewState Code Injection", "vendor": "ConnectWise", "product": "ScreenConnect", "added_date": "2026-06-01T10:31:13.860Z", "cvss_score": 8.1, "epss_score": 0.03348, "cvss_severity": "HIGH", "epss_percentile": 0.87118, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "94610940-40d0-4cf6-b79b-bb760ab8ba82", "vulnerability": {"vulnId": "CVE-2025-35939", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:31:06+00:00"}, "gcve": {"object_uuid": "94610940-40d0-4cf6-b79b-bb760ab8ba82", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:31:06+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:31:06+00:00"}, "scope": {"notes": "KEVIntel entry: Craft CMS stores user-provided content in session files | Affected: Craft / CMS | CVSS: 6.9 (MEDIUM) | EPSS: 0.01119 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-35939", "url": "https://www.cve.org/CVERecord?id=CVE-2025-35939"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-35939"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Craft CMS stores user-provided content in session files", "vendor": "Craft", "product": "CMS", "added_date": "2026-06-01T10:31:06.978Z", "cvss_score": 6.9, "epss_score": 0.01119, "cvss_severity": "MEDIUM", "epss_percentile": 0.61909, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e4b29b07-7117-4bf4-a616-e644a590045c", "vulnerability": {"vulnId": "CVE-2024-56145", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:30:59+00:00"}, "gcve": {"object_uuid": "e4b29b07-7117-4bf4-a616-e644a590045c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:30:59+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:30:59+00:00"}, "scope": {"notes": "KEVIntel entry: RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms | Affected: craftcms / cms | CVSS: 9.3 (CRITICAL) | EPSS: 0.97446 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-56145", "url": "https://www.cve.org/CVERecord?id=CVE-2024-56145"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-56145"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms", "vendor": "craftcms", "product": "cms", "added_date": "2026-06-01T10:30:59.931Z", "cvss_score": 9.3, "epss_score": 0.97446, "cvss_severity": "CRITICAL", "epss_percentile": 0.99892, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "77e55102-ec4d-43fe-bfe4-2cf5c04f4ec9", "vulnerability": {"vulnId": "CVE-2023-39780", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:29:36+00:00"}, "gcve": {"object_uuid": "77e55102-ec4d-43fe-bfe4-2cf5c04f4ec9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:29:36+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:29:36+00:00"}, "scope": {"notes": "KEVIntel entry: On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection via the /start_apply.htm qos_bw_rulelist... | Affected: ASUS / RT-AX55 | CVSS: 8.8 (HIGH) | EPSS: 0.3239 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-39780", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39780"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-39780"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection via the /start_apply.htm qos_bw_rulelist...", "vendor": "ASUS", "product": "RT-AX55", "added_date": "2026-06-01T10:29:36.477Z", "cvss_score": 8.8, "epss_score": 0.3239, "cvss_severity": "HIGH", "epss_percentile": 0.98109, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6e2e782d-e80a-41cb-8e94-648a22aaffc3", "vulnerability": {"vulnId": "CVE-2026-20182", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T10:28:27+00:00"}, "gcve": {"object_uuid": "6e2e782d-e80a-41cb-8e94-648a22aaffc3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T10:28:27+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T10:28:27+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability | Affected: Cisco / Cisco Catalyst SD-WAN Controller, Cisco Catalyst SD-WAN Manager | CVSS: 10.0 (CRITICAL) | EPSS: 0.77902 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-20182", "url": "https://www.cve.org/CVERecord?id=CVE-2026-20182"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-20182"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability", "vendor": "Cisco", "product": "Cisco Catalyst SD-WAN Controller, Cisco Catalyst SD-WAN Manager", "added_date": "2026-06-01T10:28:27.362Z", "cvss_score": 10.0, "epss_score": 0.77902, "cvss_severity": "CRITICAL", "epss_percentile": 0.99516, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ee20ea1f-326b-4275-a333-b1c4f02c346e", "vulnerability": {"vulnId": "CVE-2026-34197", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T00:00:00+00:00"}, "gcve": {"object_uuid": "ee20ea1f-326b-4275-a333-b1c4f02c346e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans | Affected: Apache Software Foundation / Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ | CVSS: 8.8 (HIGH) | EPSS: 0.87048 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-34197", "url": "https://www.cve.org/CVERecord?id=CVE-2026-34197"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-34197"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans", "vendor": "Apache Software Foundation", "product": "Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ", "added_date": "2026-06-01T00:00:00.000Z", "cvss_score": 8.8, "epss_score": 0.87048, "cvss_severity": "HIGH", "epss_percentile": 0.99725, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f8fdc062-94cf-4ee5-ad8e-6280bc48bbc9", "vulnerability": {"vulnId": "CVE-2025-55346", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T00:00:00+00:00"}, "gcve": {"object_uuid": "f8fdc062-94cf-4ee5-ad8e-6280bc48bbc9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unintended dynamic code execution leads to remote code execution by network attackers | CVSS: 9.8 (CRITICAL) | EPSS: 0.1742 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-55346", "url": "https://www.cve.org/CVERecord?id=CVE-2025-55346"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-55346"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unintended dynamic code execution leads to remote code execution by network attackers", "vendor": "", "product": "", "added_date": "2026-06-01T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.1742, "cvss_severity": "CRITICAL", "epss_percentile": 0.96739, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "d726a083-30f3-4ad3-91ed-6fcb1c76e515", "vulnerability": {"vulnId": "CVE-2025-1302", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T00:00:00+00:00"}, "gcve": {"object_uuid": "d726a083-30f3-4ad3-91ed-6fcb1c76e515", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker... | Affected: JSONPath-Plus / jsonpath-plus | CVSS: 9.3 (CRITICAL) | EPSS: 0.10087 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-1302", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1302"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-1302"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker...", "vendor": "JSONPath-Plus", "product": "jsonpath-plus", "added_date": "2026-06-01T00:00:00.000Z", "cvss_score": 9.3, "epss_score": 0.10087, "cvss_severity": "CRITICAL", "epss_percentile": 0.9504, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a4832f96-d731-40a5-85e5-a7dea353ad9c", "vulnerability": {"vulnId": "CVE-2025-5777", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T00:00:00+00:00"}, "gcve": {"object_uuid": "a4832f96-d731-40a5-85e5-a7dea353ad9c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread | Affected: NetScaler / ADC, Gateway | CVSS: 9.3 (CRITICAL) | EPSS: 0.99897 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-5777", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5777"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-5777"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread", "vendor": "NetScaler", "product": "ADC, Gateway", "added_date": "2026-06-01T00:00:00.000Z", "cvss_score": 9.3, "epss_score": 0.99897, "cvss_severity": "CRITICAL", "epss_percentile": 0.99963, "used_in_malware": "yes", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "dbb2c6fc-d597-45d2-9b1f-a4a094220753", "vulnerability": {"vulnId": "CVE-2024-12847", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T00:00:00+00:00"}, "gcve": {"object_uuid": "dbb2c6fc-d597-45d2-9b1f-a4a094220753", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2026-06-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: NETGEAR DGN setup.cgi OS Command Injection | Affected: NETGEAR / DGN1000 | CVSS: 9.8 (CRITICAL) | EPSS: 0.2911 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-12847", "url": "https://www.cve.org/CVERecord?id=CVE-2024-12847"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-12847"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "NETGEAR DGN setup.cgi OS Command Injection", "vendor": "NETGEAR", "product": "DGN1000", "added_date": "2026-06-01T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.2911, "cvss_severity": "CRITICAL", "epss_percentile": 0.97917, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "3126a2c6-6d1a-4f83-b7c1-c127691a11c3", "vulnerability": {"vulnId": "CVE-2026-3055", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T00:00:00+00:00"}, "gcve": {"object_uuid": "3126a2c6-6d1a-4f83-b7c1-c127691a11c3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Insufficient input validation leading to memory overread | Affected: NetScaler / ADC, Gateway | CVSS: 9.3 (CRITICAL) | EPSS: 0.83996 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-3055", "url": "https://www.cve.org/CVERecord?id=CVE-2026-3055"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-3055"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Insufficient input validation leading to memory overread", "vendor": "NetScaler", "product": "ADC, Gateway", "added_date": "2026-06-01T00:00:00.000Z", "cvss_score": 9.3, "epss_score": 0.83996, "cvss_severity": "CRITICAL", "epss_percentile": 0.9966, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e3e00798-d5a6-4d7a-856b-c2a5bd2a3cb1", "vulnerability": {"vulnId": "CVE-2025-55182", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T00:00:00+00:00"}, "gcve": {"object_uuid": "e3e00798-d5a6-4d7a-856b-c2a5bd2a3cb1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including... | Affected: Meta / react-server-dom-webpack, react-server-dom-turbopack, react-server-dom-parcel | CVSS: 10.0 (CRITICAL) | EPSS: 0.99562 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-55182", "url": "https://www.cve.org/CVERecord?id=CVE-2025-55182"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-55182"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including...", "vendor": "Meta", "product": "react-server-dom-webpack, react-server-dom-turbopack, react-server-dom-parcel", "added_date": "2026-06-01T00:00:00.000Z", "cvss_score": 10.0, "epss_score": 0.99562, "cvss_severity": "CRITICAL", "epss_percentile": 0.99941, "used_in_malware": "yes", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8f356133-327f-472c-adf6-63605f152c6d", "vulnerability": {"vulnId": "CVE-2026-41940", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T00:00:00+00:00"}, "gcve": {"object_uuid": "8f356133-327f-472c-adf6-63605f152c6d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: WebPros cPanel and WHM Authentication Bypass via Login Flow | Affected: WebPros / cPanel, WP Squared, WHM | CVSS: 9.3 (CRITICAL) | EPSS: 0.90543 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-41940", "url": "https://www.cve.org/CVERecord?id=CVE-2026-41940"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-41940"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WebPros cPanel and WHM Authentication Bypass via Login Flow", "vendor": "WebPros", "product": "cPanel, WP Squared, WHM", "added_date": "2026-06-01T00:00:00.000Z", "cvss_score": 9.3, "epss_score": 0.90543, "cvss_severity": "CRITICAL", "epss_percentile": 0.99789, "used_in_malware": "yes", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ddfeca52-c70b-4a08-af87-b49cfa5a107b", "vulnerability": {"vulnId": "CVE-2025-68645", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T00:00:00+00:00"}, "gcve": {"object_uuid": "ddfeca52-c70b-4a08-af87-b49cfa5a107b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-01T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper... | Affected: Zimbra / Zimbra Collaboration (ZCS) | CVSS: 8.8 (HIGH) | EPSS: 0.31769 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-68645", "url": "https://www.cve.org/CVERecord?id=CVE-2025-68645"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-68645"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper...", "vendor": "Zimbra", "product": "Zimbra Collaboration (ZCS)", "added_date": "2026-06-01T00:00:00.000Z", "cvss_score": 8.8, "epss_score": 0.31769, "cvss_severity": "HIGH", "epss_percentile": 0.98073, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "05ae9068-4932-4ffe-9047-d0db890a06b8", "vulnerability": {"vulnId": "CVE-2026-0257", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-30T07:34:06+00:00"}, "gcve": {"object_uuid": "05ae9068-4932-4ffe-9047-d0db890a06b8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-05-30T07:34:06+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-05-30T07:34:06+00:00"}, "scope": {"notes": "KEVIntel entry: PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities | Affected: Palo Alto Networks / Cloud NGFW, PAN-OS, Prisma Access | CVSS: 7.8 (HIGH) | EPSS: 0.18583 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-0257", "url": "https://www.cve.org/CVERecord?id=CVE-2026-0257"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-0257"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities", "vendor": "Palo Alto Networks", "product": "Cloud NGFW, PAN-OS, Prisma Access", "added_date": "2026-05-30T07:34:06.000Z", "cvss_score": 7.8, "epss_score": 0.18583, "cvss_severity": "HIGH", "epss_percentile": 0.96891, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 3}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3e2d0904-eb0b-4662-b7e5-d7063bd2a0f0", "vulnerability": {"vulnId": "CVE-2025-58360", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-30T00:00:00+00:00"}, "gcve": {"object_uuid": "3e2d0904-eb0b-4662-b7e5-d7063bd2a0f0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-05-30T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-05-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: GeoServer is vulnerable to an Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature | Affected: geoserver / geoserver | CVSS: 8.2 (HIGH) | EPSS: 0.66753 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-58360", "url": "https://www.cve.org/CVERecord?id=CVE-2025-58360"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-58360"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "GeoServer is vulnerable to an Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature", "vendor": "geoserver", "product": "geoserver", "added_date": "2026-05-30T00:00:00.000Z", "cvss_score": 8.2, "epss_score": 0.66753, "cvss_severity": "HIGH", "epss_percentile": 0.99195, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 3}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d079eb3f-887b-4082-9a1e-2e4c72250193", "vulnerability": {"vulnId": "CVE-2025-61882", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-29T00:00:00+00:00"}, "gcve": {"object_uuid": "d079eb3f-887b-4082-9a1e-2e4c72250193", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-05-29T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-05-29T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration).  Supported versions... | Affected: Oracle Corporation / Oracle Concurrent Processing | CVSS: 9.8 (CRITICAL) | EPSS: 0.99722 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-61882", "url": "https://www.cve.org/CVERecord?id=CVE-2025-61882"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-61882"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration).  Supported versions...", "vendor": "Oracle Corporation", "product": "Oracle Concurrent Processing", "added_date": "2026-05-29T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99722, "cvss_severity": "CRITICAL", "epss_percentile": 0.99951, "used_in_malware": "yes", "ahead_of_cisa_kev": {"unit": "day", "count": 4}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "dc0f91e5-a751-47e7-8c4c-8c91f48d4ad9", "vulnerability": {"vulnId": "CVE-2026-35616", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-28T16:35:05+00:00"}, "gcve": {"object_uuid": "dc0f91e5-a751-47e7-8c4c-8c91f48d4ad9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-05-28T16:35:05+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-05-28T16:35:05+00:00"}, "scope": {"notes": "KEVIntel entry: A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute... | Affected: Fortinet / FortiClientEMS | CVSS: 9.8 (CRITICAL) | EPSS: 0.88505 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-35616", "url": "https://www.cve.org/CVERecord?id=CVE-2026-35616"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-35616"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute...", "vendor": "Fortinet", "product": "FortiClientEMS", "added_date": "2026-05-28T16:35:05.000Z", "cvss_score": 9.8, "epss_score": 0.88505, "cvss_severity": "CRITICAL", "epss_percentile": 0.99752, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 5}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0d80138d-120c-4868-a672-c4c31c6dac2e", "vulnerability": {"vulnId": "CVE-2025-25257", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-28T00:00:00+00:00"}, "gcve": {"object_uuid": "0d80138d-120c-4868-a672-c4c31c6dac2e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-05-28T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-05-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiWeb... | Affected: Fortinet / FortiWeb | CVSS: 9.8 (CRITICAL) | EPSS: 0.9671 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-25257", "url": "https://www.cve.org/CVERecord?id=CVE-2025-25257"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-25257"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiWeb...", "vendor": "Fortinet", "product": "FortiWeb", "added_date": "2026-05-28T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.9671, "cvss_severity": "CRITICAL", "epss_percentile": 0.99878, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 5}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "80317724-5434-4217-8e75-4bf26702bf89", "vulnerability": {"vulnId": "CVE-2026-21643", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-28T00:00:00+00:00"}, "gcve": {"object_uuid": "80317724-5434-4217-8e75-4bf26702bf89", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-05-28T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-05-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an... | Affected: Fortinet / FortiClientEMS | CVSS: 9.8 (CRITICAL) | EPSS: 0.94085 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-21643", "url": "https://www.cve.org/CVERecord?id=CVE-2026-21643"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-21643"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an...", "vendor": "Fortinet", "product": "FortiClientEMS", "added_date": "2026-05-28T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.94085, "cvss_severity": "CRITICAL", "epss_percentile": 0.99836, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 5}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8f6157b0-87ec-4c9a-9f0f-4ec6b968941f", "vulnerability": {"vulnId": "CVE-2020-7796", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-28T00:00:00+00:00"}, "gcve": {"object_uuid": "8f6157b0-87ec-4c9a-9f0f-4ec6b968941f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-05-28T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-05-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled. | Affected: Zimbra / Zimbra Collaboration Suite | CVSS: 9.8 (CRITICAL) | EPSS: 0.85416 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-7796", "url": "https://www.cve.org/CVERecord?id=CVE-2020-7796"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-7796"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.", "vendor": "Zimbra", "product": "Zimbra Collaboration Suite", "added_date": "2026-05-28T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.85416, "cvss_severity": "CRITICAL", "epss_percentile": 0.9969, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 5}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f590b140-7981-45c3-b59e-83415076f69a", "vulnerability": {"vulnId": "CVE-2025-6205", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-28T00:00:00+00:00"}, "gcve": {"object_uuid": "f590b140-7981-45c3-b59e-83415076f69a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-05-28T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-05-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 | Affected: Dassault Syst\u00e8mes / DELMIA Apriso | CVSS: 9.1 (CRITICAL) | EPSS: 0.69174 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-6205", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6205"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-6205"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025", "vendor": "Dassault Syst\u00e8mes", "product": "DELMIA Apriso", "added_date": "2026-05-28T00:00:00.000Z", "cvss_score": 9.1, "epss_score": 0.69174, "cvss_severity": "CRITICAL", "epss_percentile": 0.9927, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 5}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9c174f0f-c494-46e3-97b0-06f22c4755fa", "vulnerability": {"vulnId": "CVE-2025-34037", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-28T00:00:00+00:00"}, "gcve": {"object_uuid": "9c174f0f-c494-46e3-97b0-06f22c4755fa", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-05-28T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-05-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Linksys Routers E/WAG/WAP/WES/WET/WRT-Series | Affected: Linksys / E4200, E3200, E3000, E2500 v1/v2, E2100L v1, E2000, E1550, E1500 v1, E1200 v1, E1000 v1, E900 v1 | CVSS: 10.0 (CRITICAL) | EPSS: 0.85373 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-34037", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34037"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-34037"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Linksys Routers E/WAG/WAP/WES/WET/WRT-Series", "vendor": "Linksys", "product": "E4200, E3200, E3000, E2500 v1/v2, E2100L v1, E2000, E1550, E1500 v1, E1200 v1, E1000 v1, E900 v1", "added_date": "2026-05-28T00:00:00.000Z", "cvss_score": 10.0, "epss_score": 0.85373, "cvss_severity": "CRITICAL", "epss_percentile": 0.99689, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "116e4e6b-a6d4-4a8d-bd9b-01f82715c9d0", "vulnerability": {"vulnId": "CVE-2026-8398", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-27T18:00:02+00:00"}, "gcve": {"object_uuid": "116e4e6b-a6d4-4a8d-bd9b-01f82715c9d0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-05-27T18:00:02+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-05-27T18:00:02+00:00"}, "scope": {"notes": "KEVIntel entry: A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434),... | Affected: AVB Disc Soft / DAEMON Tools Lite | CVSS: 9.3 (CRITICAL) | EPSS: 0.00754 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-8398", "url": "https://www.cve.org/CVERecord?id=CVE-2026-8398"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-8398"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434),...", "vendor": "AVB Disc Soft", "product": "DAEMON Tools Lite", "added_date": "2026-05-27T18:00:02.449Z", "cvss_score": 9.3, "epss_score": 0.00754, "cvss_severity": "CRITICAL", "epss_percentile": 0.5023, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 6}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e6134a9f-3cae-4bc9-8738-91d30c905867", "vulnerability": {"vulnId": "CVE-2026-48027", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-27T18:00:02+00:00"}, "gcve": {"object_uuid": "e6134a9f-3cae-4bc9-8738-91d30c905867", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-05-27T18:00:02+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-05-27T18:00:02+00:00"}, "scope": {"notes": "KEVIntel entry: Compromised Nx Console version 18.95.0 | Affected: nrwl / nx-console | CVSS: 9.3 (CRITICAL) | EPSS: 0.00952 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-48027", "url": "https://www.cve.org/CVERecord?id=CVE-2026-48027"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-48027"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Compromised Nx Console version 18.95.0", "vendor": "nrwl", "product": "nx-console", "added_date": "2026-05-27T18:00:02.229Z", "cvss_score": 9.3, "epss_score": 0.00952, "cvss_severity": "CRITICAL", "epss_percentile": 0.56684, "used_in_malware": "yes", "ahead_of_cisa_kev": {"unit": "day", "count": 6}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "44a7bfb5-ad57-4145-8c81-f9b6aa2c6a16", "vulnerability": {"vulnId": "CVE-2026-45321", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-27T18:00:02+00:00"}, "gcve": {"object_uuid": "44a7bfb5-ad57-4145-8c81-f9b6aa2c6a16", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-05-27T18:00:02+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-05-27T18:00:02+00:00"}, "scope": {"notes": "KEVIntel entry: Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys | Affected: @tanstack / arktype-adapter, eslint-plugin-router, eslint-plugin-start, history, nitro-v2-vite-plugin, react-router, react-router-devtools, react-router-ssr-query, react-start, react-start-client, react-start-rsc, react-start-server, router-cli, router-core, router-devtools, router-devtools-core, router-generator, router-plugin, router-ssr-query-core, router-utils, outer-vite-plugin, solid-router, solid-router-devtools, solid-router-ssr-query, solid-start, solid-start-client, solid-start-server, start-client-core, start-fn-stubs, start-plugin-core, start-server-core, start-static-server-functions, start-storage-context, valibot-adapter, virtual-file-routes, vue-router, vue-router-devtools, vue-router-ssr-query, vue-start, vue-start-client, vue-start-server, zod-adapter | CVSS: 9.6 (CRITICAL) | EPSS: 0.01601 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2026-45321", "url": "https://www.cve.org/CVERecord?id=CVE-2026-45321"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-45321"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys", "vendor": "@tanstack", "product": "arktype-adapter, eslint-plugin-router, eslint-plugin-start, history, nitro-v2-vite-plugin, react-router, react-router-devtools, react-router-ssr-query, react-start, react-start-client, react-start-rsc, react-start-server, router-cli, router-core, router-devtools, router-devtools-core, router-generator, router-plugin, router-ssr-query-core, router-utils, outer-vite-plugin, solid-router, solid-router-devtools, solid-router-ssr-query, solid-start, solid-start-client, solid-start-server, start-client-core, start-fn-stubs, start-plugin-core, start-server-core, start-static-server-functions, start-storage-context, valibot-adapter, virtual-file-routes, vue-router, vue-router-devtools, vue-router-ssr-query, vue-start, vue-start-client, vue-start-server, zod-adapter", "added_date": "2026-05-27T18:00:02.338Z", "cvss_score": 9.6, "epss_score": 0.01601, "cvss_severity": "CRITICAL", "epss_percentile": 0.72648, "used_in_malware": "yes", "ahead_of_cisa_kev": {"unit": "day", "count": 6}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f07efe86-f39a-41a0-a683-2daefbea9b60", "vulnerability": {"vulnId": "CVE-2018-9205", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-27T00:00:00+00:00"}, "gcve": {"object_uuid": "f07efe86-f39a-41a0-a683-2daefbea9b60", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-05-27T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-05-27T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path. | Affected: Robbin Zhao / avatar_uploader | CVSS: 7.5 (HIGH) | EPSS: 0.56924 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-9205", "url": "https://www.cve.org/CVERecord?id=CVE-2018-9205"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-9205"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path.", "vendor": "Robbin Zhao", "product": "avatar_uploader", "added_date": "2026-05-27T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.56924, "cvss_severity": "HIGH", "epss_percentile": 0.98942, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "43371f18-7c00-46ef-a9bc-c2fc95f72eca", "vulnerability": {"vulnId": "CVE-2022-0948", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-26T00:00:00+00:00"}, "gcve": {"object_uuid": "43371f18-7c00-46ef-a9bc-c2fc95f72eca", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-05-26T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-05-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Order Listener for WooCommerce < 3.2.2 - Unauthenticated SQLi | Affected: Unknown / Order Listener for WooCommerce \u2013 Play Sounds Instantly on New Orders | CVSS: 9.8 (CRITICAL) | EPSS: 0.09792 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-0948", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0948"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-0948"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Order Listener for WooCommerce < 3.2.2 - Unauthenticated SQLi", "vendor": "Unknown", "product": "Order Listener for WooCommerce \u2013 Play Sounds Instantly on New Orders", "added_date": "2026-05-26T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.09792, "cvss_severity": "CRITICAL", "epss_percentile": 0.94933, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "878632db-1cab-4e5d-97cc-bd2764142dec", "vulnerability": {"vulnId": "CVE-2022-0785", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-26T00:00:00+00:00"}, "gcve": {"object_uuid": "878632db-1cab-4e5d-97cc-bd2764142dec", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-05-26T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-05-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Daily Prayer Time < 2022.03.01 - Unauthenticated SQLi | Affected: Unknown / Daily Prayer Time | CVSS: 9.8 (CRITICAL) | EPSS: 0.09214 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-0785", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0785"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-0785"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Daily Prayer Time < 2022.03.01 - Unauthenticated SQLi", "vendor": "Unknown", "product": "Daily Prayer Time", "added_date": "2026-05-26T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.09214, "cvss_severity": "CRITICAL", "epss_percentile": 0.94688, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "3a16619b-9a07-401e-9525-6e352c3f527c", "vulnerability": {"vulnId": "CVE-2022-2414", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-26T00:00:00+00:00"}, "gcve": {"object_uuid": "3a16619b-9a07-401e-9525-6e352c3f527c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-05-26T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-05-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to... | Affected: Dogtag PKI / Dogtag Certificate System | CVSS: 7.5 (HIGH) | EPSS: 0.85323 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-2414", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2414"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-2414"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to...", "vendor": "Dogtag PKI", "product": "Dogtag Certificate System", "added_date": "2026-05-26T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.85323, "cvss_severity": "HIGH", "epss_percentile": 0.99687, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "66c1e780-c52f-45be-934f-204367b04f1e", "vulnerability": {"vulnId": "CVE-2026-5426", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-25T07:00:00+00:00"}, "gcve": {"object_uuid": "66c1e780-c52f-45be-934f-204367b04f1e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-05-25T07:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-05-25T07:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: KnowledgeDeliver deployments before February 24, 2026 use a static ASP.NET/IIS machineKey value | Affected: Digital Knowledge / KnowledgeDeliver | CVSS: 9.1 (CRITICAL) | EPSS: 0.0081 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-5426", "url": "https://www.cve.org/CVERecord?id=CVE-2026-5426"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-5426"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "KnowledgeDeliver deployments before February 24, 2026 use a static ASP.NET/IIS machineKey value", "vendor": "Digital Knowledge", "product": "KnowledgeDeliver", "added_date": "2026-05-25T07:00:00.000Z", "cvss_score": 9.1, "epss_score": 0.0081, "cvss_severity": "CRITICAL", "epss_percentile": 0.52104, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "62a611ce-f82d-4bf2-aa58-0a1d21ea8c26", "vulnerability": {"vulnId": "CVE-2025-34048", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "62a611ce-f82d-4bf2-aa58-0a1d21ea8c26", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-05-24T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-05-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: D-Link DSL-2730U/2750U/2750E Path Traversal Arbitrary File Read | Affected: D-Link / DSL-2730U, DSL-2750U, DSL-2750E | CVSS: 8.7 (HIGH) | EPSS: 0.0059 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-34048", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34048"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-34048"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "D-Link DSL-2730U/2750U/2750E Path Traversal Arbitrary File Read", "vendor": "D-Link", "product": "DSL-2730U, DSL-2750U, DSL-2750E", "added_date": "2026-05-24T00:00:00.000Z", "cvss_score": 8.7, "epss_score": 0.0059, "cvss_severity": "HIGH", "epss_percentile": 0.43578, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "b48985a1-2366-4903-a891-1179e34e2989", "vulnerability": {"vulnId": "CVE-2023-7311", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-22T00:00:00+00:00"}, "gcve": {"object_uuid": "b48985a1-2366-4903-a891-1179e34e2989", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-05-22T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-05-22T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: BYTEVALUE Intelligent Flow Control Router Command Injection | Affected: BYTEVALUE (Luoyang Baiwei Intelligent Technology Co., Ltd.) / Flow Control Router | CVSS: 9.3 (CRITICAL) | EPSS: 0.01932 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-7311", "url": "https://www.cve.org/CVERecord?id=CVE-2023-7311"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-7311"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "BYTEVALUE Intelligent Flow Control Router Command Injection", "vendor": "BYTEVALUE (Luoyang Baiwei Intelligent Technology Co., Ltd.)", "product": "Flow Control Router", "added_date": "2026-05-22T00:00:00.000Z", "cvss_score": 9.3, "epss_score": 0.01932, "cvss_severity": "CRITICAL", "epss_percentile": 0.774, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "4e443b69-4039-45a7-b99d-a89cc8ee80e9", "vulnerability": {"vulnId": "CVE-2026-42945", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-19T15:36:39+00:00"}, "gcve": {"object_uuid": "4e443b69-4039-45a7-b99d-a89cc8ee80e9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-05-19T15:36:39+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-05-19T15:36:39+00:00"}, "scope": {"notes": "KEVIntel entry: NGINX ngx_http_rewrite_module vulnerability | Affected: F5 / NGINX Plus, NGINX Open Source | CVSS: 9.2 (CRITICAL) | EPSS: 0.14453 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-42945", "url": "https://www.cve.org/CVERecord?id=CVE-2026-42945"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-42945"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "NGINX ngx_http_rewrite_module vulnerability", "vendor": "F5", "product": "NGINX Plus, NGINX Open Source", "added_date": "2026-05-19T15:36:39.000Z", "cvss_score": 9.2, "epss_score": 0.14453, "cvss_severity": "CRITICAL", "epss_percentile": 0.96178, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "3ee6de76-8be7-4111-b27e-3f172930546c", "vulnerability": {"vulnId": "CVE-2020-11963", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-15T00:00:00+00:00"}, "gcve": {"object_uuid": "3ee6de76-8be7-4111-b27e-3f172930546c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-05-15T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-05-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter... | Affected: Evenroute / IQrouter | CVSS: 9.8 (CRITICAL) | EPSS: 0.00719 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-11963", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11963"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-11963"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter...", "vendor": "Evenroute", "product": "IQrouter", "added_date": "2026-05-15T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.00719, "cvss_severity": "CRITICAL", "epss_percentile": 0.73001, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "745183bf-a43b-462c-98ca-47fbafaa6ae5", "vulnerability": {"vulnId": "CVE-2025-7544", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-15T00:00:00+00:00"}, "gcve": {"object_uuid": "745183bf-a43b-462c-98ca-47fbafaa6ae5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-05-15T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-05-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Tenda AC1206 setMacFilterCfg formSetMacFilterCfg stack-based overflow | Affected: Tenda / AC1206 | CVSS: 8.7 (HIGH) | EPSS: 0.01703 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-7544", "url": "https://www.cve.org/CVERecord?id=CVE-2025-7544"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-7544"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Tenda AC1206 setMacFilterCfg formSetMacFilterCfg stack-based overflow", "vendor": "Tenda", "product": "AC1206", "added_date": "2026-05-15T00:00:00.000Z", "cvss_score": 8.7, "epss_score": 0.01703, "cvss_severity": "HIGH", "epss_percentile": 0.82775, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "722bb1b2-4e0f-4d50-bbfe-fcf7112cc0a4", "vulnerability": {"vulnId": "CVE-2026-44338", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-14T14:20:11+00:00"}, "gcve": {"object_uuid": "722bb1b2-4e0f-4d50-bbfe-fcf7112cc0a4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-05-14T14:20:11+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-05-14T14:20:11+00:00"}, "scope": {"notes": "KEVIntel entry: PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution | Affected: MervinPraison / PraisonAI | CVSS: 7.3 (HIGH) | EPSS: 0.02138 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-44338", "url": "https://www.cve.org/CVERecord?id=CVE-2026-44338"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-44338"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution", "vendor": "MervinPraison", "product": "PraisonAI", "added_date": "2026-05-14T14:20:11.000Z", "cvss_score": 7.3, "epss_score": 0.02138, "cvss_severity": "HIGH", "epss_percentile": 0.84628, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "ba99fa21-4375-4e91-bece-66d3d0e2238b", "vulnerability": {"vulnId": "CVE-2025-34023", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-11T00:00:00+00:00"}, "gcve": {"object_uuid": "ba99fa21-4375-4e91-bece-66d3d0e2238b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-05-11T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-05-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Karel IP Phone IP1211 Path Traversal | Affected: Karel / Karel IP Phone IP1211 | CVSS: 8.5 (HIGH) | EPSS: 0.01845 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-34023", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34023"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-34023"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Karel IP Phone IP1211 Path Traversal", "vendor": "Karel", "product": "Karel IP Phone IP1211", "added_date": "2026-05-11T00:00:00.000Z", "cvss_score": 8.5, "epss_score": 0.01845, "cvss_severity": "HIGH", "epss_percentile": 0.8334, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "bfe261d8-0b70-4491-b7a3-a5a327e7d7ba", "vulnerability": {"vulnId": "CVE-2018-11409", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-07T00:00:00+00:00"}, "gcve": {"object_uuid": "bfe261d8-0b70-4491-b7a3-a5a327e7d7ba", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-05-07T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-05-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated... | Affected: Splunk / Splunk | CVSS: 5.3 (MEDIUM) | EPSS: 0.92221 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-11409", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11409"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-11409"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated...", "vendor": "Splunk", "product": "Splunk", "added_date": "2026-05-07T00:00:00.000Z", "cvss_score": 5.3, "epss_score": 0.92221, "cvss_severity": "MEDIUM", "epss_percentile": 0.99731, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "cf23d040-3563-4b96-aada-3ba8353d14a1", "vulnerability": {"vulnId": "CVE-2024-6893", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-30T00:00:00+00:00"}, "gcve": {"object_uuid": "cf23d040-3563-4b96-aada-3ba8353d14a1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-30T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Journyx Unauthenticated XML External Entities Injection | Affected: Journyx / Journyx (jtime) | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-6893", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6893"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-6893"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Journyx Unauthenticated XML External Entities Injection", "vendor": "Journyx", "product": "Journyx (jtime)", "added_date": "2026-04-30T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "0514f9d8-899a-4871-8f79-3e133532da81", "vulnerability": {"vulnId": "CVE-2023-37999", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-30T00:00:00+00:00"}, "gcve": {"object_uuid": "0514f9d8-899a-4871-8f79-3e133532da81", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-30T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: WordPress HT Mega Absolute Addons for Elementor plugin <= 2.2.0 - Unauthenticated Privilege Escalation vulnerability | Affected: HasThemes / HT Mega | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-37999", "url": "https://www.cve.org/CVERecord?id=CVE-2023-37999"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-37999"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WordPress HT Mega Absolute Addons for Elementor plugin <= 2.2.0 - Unauthenticated Privilege Escalation vulnerability", "vendor": "HasThemes", "product": "HT Mega", "added_date": "2026-04-30T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "66439c2e-a319-4852-9b9d-b52d829083cd", "vulnerability": {"vulnId": "CVE-2025-34509", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-30T00:00:00+00:00"}, "gcve": {"object_uuid": "66439c2e-a319-4852-9b9d-b52d829083cd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-30T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Sitecore XM and XP Hardcoded Credentials | Affected: Sitecore / Experience Manager, Experience Platform | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-34509", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34509"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-34509"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Sitecore XM and XP Hardcoded Credentials", "vendor": "Sitecore", "product": "Experience Manager, Experience Platform", "added_date": "2026-04-30T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "4412f545-1ff2-4df1-9c53-af8c71e13dfb", "vulnerability": {"vulnId": "CVE-2023-25573", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-28T00:00:00+00:00"}, "gcve": {"object_uuid": "4412f545-1ff2-4df1-9c53-af8c71e13dfb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-28T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Improper access control to download file in metersphere | Affected: metersphere / metersphere | CVSS: 8.6 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-25573", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25573"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-25573"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Improper access control to download file in metersphere", "vendor": "metersphere", "product": "metersphere", "added_date": "2026-04-28T00:00:00.000Z", "cvss_score": 8.6, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "fc1362f4-09c8-499e-99ae-d5e22a6cbc1e", "vulnerability": {"vulnId": "CVE-2023-0159", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-28T00:00:00+00:00"}, "gcve": {"object_uuid": "fc1362f4-09c8-499e-99ae-d5e22a6cbc1e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-28T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry:  Extensive VC Addons for WPBakery page builder < 1.9.1 - Unauthenticated RCE | Affected: Unknown / Extensive VC Addons for WPBakery page builder | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-0159", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0159"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-0159"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": " Extensive VC Addons for WPBakery page builder < 1.9.1 - Unauthenticated RCE", "vendor": "Unknown", "product": "Extensive VC Addons for WPBakery page builder", "added_date": "2026-04-28T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a82dbb4a-b4de-42f4-a6a0-ef5b765b0cc1", "vulnerability": {"vulnId": "CVE-2025-10353", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-28T00:00:00+00:00"}, "gcve": {"object_uuid": "a82dbb4a-b4de-42f4-a6a0-ef5b765b0cc1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-28T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Missing Authorization vulnerability in Melis Platform | Affected: Melis Technology / Melis Platform | CVSS: 9.3 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-10353", "url": "https://www.cve.org/CVERecord?id=CVE-2025-10353"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-10353"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Missing Authorization vulnerability in Melis Platform", "vendor": "Melis Technology", "product": "Melis Platform", "added_date": "2026-04-28T00:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "25c346fd-4083-4b53-99b7-6905955697bc", "vulnerability": {"vulnId": "CVE-2026-3844", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-25T15:00:05+00:00"}, "gcve": {"object_uuid": "25c346fd-4083-4b53-99b7-6905955697bc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-25T15:00:05+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-25T15:00:05+00:00"}, "scope": {"notes": "KEVIntel entry: Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote | Affected: cloudways / Breeze Cache | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-3844", "url": "https://www.cve.org/CVERecord?id=CVE-2026-3844"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-3844"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote", "vendor": "cloudways", "product": "Breeze Cache", "added_date": "2026-04-25T15:00:05.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "28086a27-cfc6-4880-92ef-59709bba5956", "vulnerability": {"vulnId": "CVE-2021-4374", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-25T00:00:00+00:00"}, "gcve": {"object_uuid": "28086a27-cfc6-4880-92ef-59709bba5956", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-25T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to... | Affected: ValvePress / WordPress Automatic Plugin | CVSS: 9.1 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-4374", "url": "https://www.cve.org/CVERecord?id=CVE-2021-4374"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-4374"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to...", "vendor": "ValvePress", "product": "WordPress Automatic Plugin", "added_date": "2026-04-25T00:00:00.000Z", "cvss_score": 9.1, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "465067d0-4083-4dee-a58d-4a2a40beaeee", "vulnerability": {"vulnId": "CVE-2026-33626", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-24T18:15:40+00:00"}, "gcve": {"object_uuid": "465067d0-4083-4dee-a58d-4a2a40beaeee", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-24T18:15:40+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-24T18:15:40+00:00"}, "scope": {"notes": "KEVIntel entry: LMDeploy Vulnerable to Server-Side Request Forgery (SSRF) via Vision-Language Image Loading | Affected: InternLM / lmdeploy | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-33626", "url": "https://www.cve.org/CVERecord?id=CVE-2026-33626"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-33626"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "LMDeploy Vulnerable to Server-Side Request Forgery (SSRF) via Vision-Language Image Loading", "vendor": "InternLM", "product": "lmdeploy", "added_date": "2026-04-24T18:15:40.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "0e8f7914-957d-4b50-a025-c9c6415d8cb8", "vulnerability": {"vulnId": "CVE-2019-8451", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-23T00:00:00+00:00"}, "gcve": {"object_uuid": "0e8f7914-957d-4b50-a025-c9c6415d8cb8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-23T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network... | Affected: Atlassian / Jira | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2019-8451", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8451"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-8451"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network...", "vendor": "Atlassian", "product": "Jira", "added_date": "2026-04-23T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "ab76b04e-12c1-42af-b0db-8e85caa13072", "vulnerability": {"vulnId": "CVE-2026-25187", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-19T13:49:43+00:00"}, "gcve": {"object_uuid": "ab76b04e-12c1-42af-b0db-8e85caa13072", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-19T13:49:43+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-19T13:49:43+00:00"}, "scope": {"notes": "KEVIntel entry: Winlogon Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows 11 Version 25H2, Windows 11 version 26H1, Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-25187", "url": "https://www.cve.org/CVERecord?id=CVE-2026-25187"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-25187"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Winlogon Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows 11 Version 25H2, Windows 11 version 26H1, Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2026-04-19T13:49:43.340Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a852e0da-4e39-4fa1-83be-253e011c6dce", "vulnerability": {"vulnId": "CVE-2026-3564", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-19T13:47:27+00:00"}, "gcve": {"object_uuid": "a852e0da-4e39-4fa1-83be-253e011c6dce", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-19T13:47:27+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-19T13:47:27+00:00"}, "scope": {"notes": "KEVIntel entry: ScreenConnect Instance Level Cryptographic Material Exposure | Affected: ConnectWise / ScreenConnect | CVSS: 9.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-3564", "url": "https://www.cve.org/CVERecord?id=CVE-2026-3564"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-3564"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "ScreenConnect Instance Level Cryptographic Material Exposure", "vendor": "ConnectWise", "product": "ScreenConnect", "added_date": "2026-04-19T13:47:27.634Z", "cvss_score": 9.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "5d46d90a-475f-4690-9809-1df2920ac947", "vulnerability": {"vulnId": "CVE-2026-26127", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-19T13:46:42+00:00"}, "gcve": {"object_uuid": "5d46d90a-475f-4690-9809-1df2920ac947", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-19T13:46:42+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-19T13:46:42+00:00"}, "scope": {"notes": "KEVIntel entry: .NET Denial of Service Vulnerability | Affected: Microsoft / .NET 10.0, .NET 9.0, Microsoft.Bcl.Memory | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-26127", "url": "https://www.cve.org/CVERecord?id=CVE-2026-26127"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-26127"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": ".NET Denial of Service Vulnerability", "vendor": "Microsoft", "product": ".NET 10.0, .NET 9.0, Microsoft.Bcl.Memory", "added_date": "2026-04-19T13:46:42.293Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "618191f0-51bf-42db-961a-95dc4d320f6e", "vulnerability": {"vulnId": "CVE-2026-21262", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-19T13:46:00+00:00"}, "gcve": {"object_uuid": "618191f0-51bf-42db-961a-95dc4d320f6e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-19T13:46:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-19T13:46:00+00:00"}, "scope": {"notes": "KEVIntel entry: SQL Server Elevation of Privilege Vulnerability | Affected: Microsoft / Microsoft SQL Server 2016 Service Pack 3 (GDR), Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack, Microsoft SQL Server 2017 (CU 31), Microsoft SQL Server 2017 (GDR), Microsoft SQL Server 2019 (CU 32), Microsoft SQL Server 2019 (GDR), Microsoft SQL Server 2022 (GDR), Microsoft SQL Server 2022 for x64-based Systems (CU 23), Microsoft SQL Server 2025 (CU 2), Microsoft SQL Server 2025 for x64-based Systems (GDR) | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-21262", "url": "https://www.cve.org/CVERecord?id=CVE-2026-21262"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-21262"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SQL Server Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR), Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack, Microsoft SQL Server 2017 (CU 31), Microsoft SQL Server 2017 (GDR), Microsoft SQL Server 2019 (CU 32), Microsoft SQL Server 2019 (GDR), Microsoft SQL Server 2022 (GDR), Microsoft SQL Server 2022 for x64-based Systems (CU 23), Microsoft SQL Server 2025 (CU 2), Microsoft SQL Server 2025 for x64-based Systems (GDR)", "added_date": "2026-04-19T13:46:00.775Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "60df027f-7aac-445a-8458-b41bbff0de5d", "vulnerability": {"vulnId": "CVE-2018-6605", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-18T00:00:00+00:00"}, "gcve": {"object_uuid": "60df027f-7aac-445a-8458-b41bbff0de5d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-18T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText,... | Affected: Joomla / Zh BaiduMap | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-6605", "url": "https://www.cve.org/CVERecord?id=CVE-2018-6605"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-6605"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText,...", "vendor": "Joomla", "product": "Zh BaiduMap", "added_date": "2026-04-18T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "3911984b-fea1-486f-9b2d-aa6855ff9659", "vulnerability": {"vulnId": "CVE-2025-66954", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-17T21:00:04+00:00"}, "gcve": {"object_uuid": "3911984b-fea1-486f-9b2d-aa6855ff9659", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-17T21:00:04+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-17T21:00:04+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames... | Affected: Buffalo / Link Station | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-66954", "url": "https://www.cve.org/CVERecord?id=CVE-2025-66954"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-66954"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames...", "vendor": "Buffalo", "product": "Link Station", "added_date": "2026-04-17T21:00:04.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "8f2106bc-77f6-4fbb-97ea-7212367cb72b", "vulnerability": {"vulnId": "CVE-2024-32114", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-17T18:30:06+00:00"}, "gcve": {"object_uuid": "8f2106bc-77f6-4fbb-97ea-7212367cb72b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-17T18:30:06+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-17T18:30:06+00:00"}, "scope": {"notes": "KEVIntel entry: Apache ActiveMQ: Jolokia and REST API were not secured with default configuration | Affected: Apache Software Foundation / Apache ActiveMQ | CVSS: 8.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-32114", "url": "https://www.cve.org/CVERecord?id=CVE-2024-32114"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-32114"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Apache ActiveMQ: Jolokia and REST API were not secured with default configuration", "vendor": "Apache Software Foundation", "product": "Apache ActiveMQ", "added_date": "2026-04-17T18:30:06.000Z", "cvss_score": 8.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "03837f21-b7e2-46b3-b3d6-80868f23654f", "vulnerability": {"vulnId": "CVE-2025-0520", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-16T18:40:07+00:00"}, "gcve": {"object_uuid": "03837f21-b7e2-46b3-b3d6-80868f23654f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-16T18:40:07+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-16T18:40:07+00:00"}, "scope": {"notes": "KEVIntel entry: ShowDoc < 2.8.7 Unauthenticated File Upload Remote Code Execution | Affected: ShowDoc / ShowDoc | CVSS: 9.4 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-0520", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0520"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-0520"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "ShowDoc < 2.8.7 Unauthenticated File Upload Remote Code Execution", "vendor": "ShowDoc", "product": "ShowDoc", "added_date": "2026-04-16T18:40:07.000Z", "cvss_score": 9.4, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "075cc2a7-4d56-4071-b76f-6be80c5973a7", "vulnerability": {"vulnId": "CVE-2026-33032", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-15T16:05:13+00:00"}, "gcve": {"object_uuid": "075cc2a7-4d56-4071-b76f-6be80c5973a7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-15T16:05:13+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-15T16:05:13+00:00"}, "scope": {"notes": "KEVIntel entry: Nginx UI: Unauthenticated MCP Endpoint Allows Remote Nginx Takeover | Affected: 0xJacky / nginx-ui | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-33032", "url": "https://www.cve.org/CVERecord?id=CVE-2026-33032"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-33032"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Nginx UI: Unauthenticated MCP Endpoint Allows Remote Nginx Takeover", "vendor": "0xJacky", "product": "nginx-ui", "added_date": "2026-04-15T16:05:13.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a55ee46c-fe1a-4833-9015-34df786ca10c", "vulnerability": {"vulnId": "CVE-2018-7490", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-15T14:28:38+00:00"}, "gcve": {"object_uuid": "a55ee46c-fe1a-4833-9015-34df786ca10c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-15T14:28:38+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-15T14:28:38+00:00"}, "scope": {"notes": "KEVIntel entry: uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal. | Affected: uWSGI / uWSGI | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-7490", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7490"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-7490"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal.", "vendor": "uWSGI", "product": "uWSGI", "added_date": "2026-04-15T14:28:38.048Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "6ee5fcc2-9eb3-4652-bcf3-1203c4346ba6", "vulnerability": {"vulnId": "CVE-2024-4367", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-15T14:28:37+00:00"}, "gcve": {"object_uuid": "6ee5fcc2-9eb3-4652-bcf3-1203c4346ba6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-15T14:28:37+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-15T14:28:37+00:00"}, "scope": {"notes": "KEVIntel entry: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability... | Affected: Mozilla / Firefox, Firefox ESR, Thunderbird | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-4367", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4367"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-4367"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability...", "vendor": "Mozilla", "product": "Firefox, Firefox ESR, Thunderbird", "added_date": "2026-04-15T14:28:37.394Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "92a662b4-cdc7-4af0-8ee5-a06ca0776716", "vulnerability": {"vulnId": "CVE-2023-22809", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-15T14:28:37+00:00"}, "gcve": {"object_uuid": "92a662b4-cdc7-4af0-8ee5-a06ca0776716", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-15T14:28:37+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-15T14:28:37+00:00"}, "scope": {"notes": "KEVIntel entry: In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR,... | Affected: Sudo / Sudo | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-22809", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22809"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-22809"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR,...", "vendor": "Sudo", "product": "Sudo", "added_date": "2026-04-15T14:28:37.746Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "1552e90f-e6b1-4c7f-8bc7-7e0253f472d9", "vulnerability": {"vulnId": "CVE-2018-15473", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-15T14:28:36+00:00"}, "gcve": {"object_uuid": "1552e90f-e6b1-4c7f-8bc7-7e0253f472d9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-15T14:28:36+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-15T14:28:36+00:00"}, "scope": {"notes": "KEVIntel entry: OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the... | Affected: OpenSSH / OpenSSH | CVSS: 5.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-15473", "url": "https://www.cve.org/CVERecord?id=CVE-2018-15473"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-15473"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the...", "vendor": "OpenSSH", "product": "OpenSSH", "added_date": "2026-04-15T14:28:36.590Z", "cvss_score": 5.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a568ea67-2be3-4556-9777-1f89a06d761b", "vulnerability": {"vulnId": "CVE-2022-0778", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-15T14:28:35+00:00"}, "gcve": {"object_uuid": "a568ea67-2be3-4556-9777-1f89a06d761b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-15T14:28:35+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-15T14:28:35+00:00"}, "scope": {"notes": "KEVIntel entry: Infinite loop in BN_mod_sqrt() reachable when parsing certificates | Affected: OpenSSL / OpenSSL | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-0778", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-0778"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Infinite loop in BN_mod_sqrt() reachable when parsing certificates", "vendor": "OpenSSL", "product": "OpenSSL", "added_date": "2026-04-15T14:28:35.974Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "538e3409-1c8e-4251-be25-91ffd7291941", "vulnerability": {"vulnId": "CVE-2025-61624", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-14T04:00:00+00:00"}, "gcve": {"object_uuid": "538e3409-1c8e-4251-be25-91ffd7291941", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-14T04:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-14T04:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4,... | Affected: Fortinet / FortiOS, FortiProxy, FortiSwitchManager, FortiPAM | CVSS: 5.4 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-61624", "url": "https://www.cve.org/CVERecord?id=CVE-2025-61624"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-61624"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4,...", "vendor": "Fortinet", "product": "FortiOS, FortiProxy, FortiSwitchManager, FortiPAM", "added_date": "2026-04-14T04:00:00.000Z", "cvss_score": 5.4, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "db434191-db7e-4e51-b3b8-a82c82c8d8e3", "vulnerability": {"vulnId": "CVE-2020-20300", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-14T00:00:00+00:00"}, "gcve": {"object_uuid": "db434191-db7e-4e51-b3b8-a82c82c8d8e3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-14T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SQL injection vulnerability in the wp_where function in WeiPHP 5.0. | Affected: WeiPHP / WeiPHP 5.0 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-20300", "url": "https://www.cve.org/CVERecord?id=CVE-2020-20300"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-20300"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SQL injection vulnerability in the wp_where function in WeiPHP 5.0.", "vendor": "WeiPHP", "product": "WeiPHP 5.0", "added_date": "2026-04-14T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "d6cd0238-0c31-4fc7-a4b6-89e461cd6a97", "vulnerability": {"vulnId": "CVE-2021-3223", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-14T00:00:00+00:00"}, "gcve": {"object_uuid": "d6cd0238-0c31-4fc7-a4b6-89e461cd6a97", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-14T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files. | Affected: Node-RED / Node-RED-Dashboard | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-3223", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3223"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-3223"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.", "vendor": "Node-RED", "product": "Node-RED-Dashboard", "added_date": "2026-04-14T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "255ed130-4911-4660-b758-0f4de86b28c8", "vulnerability": {"vulnId": "CVE-2025-59528", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-10T15:41:14+00:00"}, "gcve": {"object_uuid": "255ed130-4911-4660-b758-0f4de86b28c8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-10T15:41:14+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-10T15:41:14+00:00"}, "scope": {"notes": "KEVIntel entry: Flowise has Remote Code Execution vulnerability | Affected: FlowiseAI / Flowise | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-59528", "url": "https://www.cve.org/CVERecord?id=CVE-2025-59528"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-59528"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Flowise has Remote Code Execution vulnerability", "vendor": "FlowiseAI", "product": "Flowise", "added_date": "2026-04-10T15:41:14.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "38a7056e-04d0-4150-90e5-fd9dad1e5e76", "vulnerability": {"vulnId": "CVE-2026-21891", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-10T00:00:00+00:00"}, "gcve": {"object_uuid": "38a7056e-04d0-4150-90e5-fd9dad1e5e76", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-10T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: ZimaOS has Authentication Bypass via System-Level Username | Affected: IceWhaleTech / ZimaOS | CVSS: 9.4 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-21891", "url": "https://www.cve.org/CVERecord?id=CVE-2026-21891"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-21891"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "ZimaOS has Authentication Bypass via System-Level Username", "vendor": "IceWhaleTech", "product": "ZimaOS", "added_date": "2026-04-10T00:00:00.000Z", "cvss_score": 9.4, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "d2a15643-613f-44c5-9d8e-f8f92c077a0d", "vulnerability": {"vulnId": "CVE-2026-3965", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-10T00:00:00+00:00"}, "gcve": {"object_uuid": "d2a15643-613f-44c5-9d8e-f8f92c077a0d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-10T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: whyour qinglong API express.ts protection mechanism | Affected: whyour / qinglong | CVSS: 5.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-3965", "url": "https://www.cve.org/CVERecord?id=CVE-2026-3965"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-3965"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "whyour qinglong API express.ts protection mechanism", "vendor": "whyour", "product": "qinglong", "added_date": "2026-04-10T00:00:00.000Z", "cvss_score": 5.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "0c19c8d6-ed6b-49a5-b242-1b37a54d4539", "vulnerability": {"vulnId": "CVE-2026-0740", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-08T15:49:34+00:00"}, "gcve": {"object_uuid": "0c19c8d6-ed6b-49a5-b242-1b37a54d4539", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-08T15:49:34+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-08T15:49:34+00:00"}, "scope": {"notes": "KEVIntel entry: Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File Upload | Affected: SaturdayDrive / Ninja Forms - File Uploads | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-0740", "url": "https://www.cve.org/CVERecord?id=CVE-2026-0740"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-0740"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File Upload", "vendor": "SaturdayDrive", "product": "Ninja Forms - File Uploads", "added_date": "2026-04-08T15:49:34.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "dcba400c-36b3-47e8-96da-902fc4f46933", "vulnerability": {"vulnId": "CVE-2025-8943", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-07T18:20:05+00:00"}, "gcve": {"object_uuid": "dcba400c-36b3-47e8-96da-902fc4f46933", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-07T18:20:05+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-07T18:20:05+00:00"}, "scope": {"notes": "KEVIntel entry: Unsupervised OS command execution leads to remote code execution by unauthenticated network attackers | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-8943", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8943"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-8943"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unsupervised OS command execution leads to remote code execution by unauthenticated network attackers", "vendor": "", "product": "", "added_date": "2026-04-07T18:20:05.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "470140fd-4d4e-423b-afa6-b1cb0482b286", "vulnerability": {"vulnId": "CVE-2025-30208", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-06T19:42:04+00:00"}, "gcve": {"object_uuid": "470140fd-4d4e-423b-afa6-b1cb0482b286", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-06T19:42:04+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-06T19:42:04+00:00"}, "scope": {"notes": "KEVIntel entry: Vite bypasses server.fs.deny when using `?raw??` | Affected: vitejs / vite | CVSS: 5.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-30208", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30208"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-30208"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vite bypasses server.fs.deny when using `?raw??`", "vendor": "vitejs", "product": "vite", "added_date": "2026-04-06T19:42:04.477Z", "cvss_score": 5.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "f8a9ea50-dd62-450c-9fa4-abd96b5846c3", "vulnerability": {"vulnId": "CVE-2026-23744", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-03T00:00:00+00:00"}, "gcve": {"object_uuid": "f8a9ea50-dd62-450c-9fa4-abd96b5846c3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-03T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: REC in MCPJam inspector due to HTTP Endpoint exposes | Affected: MCPJam / inspector | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-23744", "url": "https://www.cve.org/CVERecord?id=CVE-2026-23744"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-23744"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "REC in MCPJam inspector due to HTTP Endpoint exposes", "vendor": "MCPJam", "product": "inspector", "added_date": "2026-04-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "7d6212db-b631-42fa-9e99-d8b4e81c247d", "vulnerability": {"vulnId": "CVE-2026-34828", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-02T09:00:05+00:00"}, "gcve": {"object_uuid": "7d6212db-b631-42fa-9e99-d8b4e81c247d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-02T09:00:05+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-02T09:00:05+00:00"}, "scope": {"notes": "KEVIntel entry: listmonk: Active sessions remain valid after password reset and password change | Affected: knadh / listmonk | CVSS: 7.1 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-34828", "url": "https://www.cve.org/CVERecord?id=CVE-2026-34828"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-34828"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "listmonk: Active sessions remain valid after password reset and password change", "vendor": "knadh", "product": "listmonk", "added_date": "2026-04-02T09:00:05.000Z", "cvss_score": 7.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "17604779-a4ab-4f40-ac88-aedbc87c9b0f", "vulnerability": {"vulnId": "CVE-2026-33936", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-02T09:00:05+00:00"}, "gcve": {"object_uuid": "17604779-a4ab-4f40-ac88-aedbc87c9b0f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-02T09:00:05+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-02T09:00:05+00:00"}, "scope": {"notes": "KEVIntel entry: python-ecdsa: Denial of Service via improper DER length validation in crafted private keys | Affected: tlsfuzzer / python-ecdsa | CVSS: 5.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-33936", "url": "https://www.cve.org/CVERecord?id=CVE-2026-33936"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-33936"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "python-ecdsa: Denial of Service via improper DER length validation in crafted private keys", "vendor": "tlsfuzzer", "product": "python-ecdsa", "added_date": "2026-04-02T09:00:05.000Z", "cvss_score": 5.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "46028952-f432-4c33-bead-eb7045023f3c", "vulnerability": {"vulnId": "CVE-2022-1768", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-01T00:00:00+00:00"}, "gcve": {"object_uuid": "46028952-f432-4c33-bead-eb7045023f3c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-01T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user... | Affected: davidfcarr / RSVPMaker | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-1768", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1768"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-1768"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user...", "vendor": "davidfcarr", "product": "RSVPMaker", "added_date": "2026-04-01T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "66ef83d6-ee4b-46f3-9f82-fca61e84b101", "vulnerability": {"vulnId": "CVE-2024-20404", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-01T00:00:00+00:00"}, "gcve": {"object_uuid": "66ef83d6-ee4b-46f3-9f82-fca61e84b101", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-04-01T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-04-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on... | Affected: Cisco / Cisco Unified Contact Center Enterprise, Cisco Unified Contact Center Express, Cisco Finesse, Cisco Packaged Contact Center Enterprise | CVSS: 7.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-20404", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20404"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-20404"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on...", "vendor": "Cisco", "product": "Cisco Unified Contact Center Enterprise, Cisco Unified Contact Center Express, Cisco Finesse, Cisco Packaged Contact Center Enterprise", "added_date": "2026-04-01T00:00:00.000Z", "cvss_score": 7.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "87d12091-b3b6-4a9f-b588-a9c67fbd6c14", "vulnerability": {"vulnId": "CVE-2026-4368", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-31T10:46:28+00:00"}, "gcve": {"object_uuid": "87d12091-b3b6-4a9f-b588-a9c67fbd6c14", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-31T10:46:28+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-03-31T10:46:28+00:00"}, "scope": {"notes": "KEVIntel entry: Race Condition leading to User Session Mixup | Affected: NetScaler / ADC, Gateway | CVSS: 7.7 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-4368", "url": "https://www.cve.org/CVERecord?id=CVE-2026-4368"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-4368"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Race Condition leading to User Session Mixup", "vendor": "NetScaler", "product": "ADC, Gateway", "added_date": "2026-03-31T10:46:28.000Z", "cvss_score": 7.7, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "6c6e1c1f-3a5a-421a-b5d4-cf730ab299d0", "vulnerability": {"vulnId": "CVE-2021-46381", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-31T00:00:00+00:00"}, "gcve": {"object_uuid": "6c6e1c1f-3a5a-421a-b5d4-cf730ab299d0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-31T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-03-31T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow]. | Affected: D-Link / DAP-1620 | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-46381", "url": "https://www.cve.org/CVERecord?id=CVE-2021-46381"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-46381"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow].", "vendor": "D-Link", "product": "DAP-1620", "added_date": "2026-03-31T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "f66f7528-c648-4b01-8078-3cc32be72c7b", "vulnerability": {"vulnId": "CVE-2018-25114", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f66f7528-c648-4b01-8078-3cc32be72c7b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-30T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-03-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: osCommerce 2.3.4.1 Installer Unauthenticated Configuration File Injection PHP Code Execution | Affected: osCommerce / Online Merchant | CVSS: 9.3 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-25114", "url": "https://www.cve.org/CVERecord?id=CVE-2018-25114"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-25114"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "osCommerce 2.3.4.1 Installer Unauthenticated Configuration File Injection PHP Code Execution", "vendor": "osCommerce", "product": "Online Merchant", "added_date": "2026-03-30T00:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "10932528-5380-4db4-90ec-77dea7a76ea6", "vulnerability": {"vulnId": "CVE-2019-5434", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "10932528-5380-4db4-90ec-77dea7a76ea6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-28T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-03-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the \"what\" parameter... | Affected: Revive Adserver / Revive Adserver | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2019-5434", "url": "https://www.cve.org/CVERecord?id=CVE-2019-5434"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-5434"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the \"what\" parameter...", "vendor": "Revive Adserver", "product": "Revive Adserver", "added_date": "2026-03-28T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "f3c808c6-e2e6-4785-8620-dc9fb928b1fe", "vulnerability": {"vulnId": "CVE-2022-0346", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-26T00:00:00+00:00"}, "gcve": {"object_uuid": "f3c808c6-e2e6-4785-8620-dc9fb928b1fe", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-26T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-03-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Google XML Sitemap Generator < 2.0.4 - Reflected Cross-Site Scripting | Affected: Unknown / XML Sitemap Generator for Google | CVSS: 6.1 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-0346", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0346"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-0346"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Google XML Sitemap Generator < 2.0.4 - Reflected Cross-Site Scripting", "vendor": "Unknown", "product": "XML Sitemap Generator for Google", "added_date": "2026-03-26T00:00:00.000Z", "cvss_score": 6.1, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "0ea82e31-a27c-435e-a8a0-7b0a6479463e", "vulnerability": {"vulnId": "CVE-2026-4681", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-25T15:00:08+00:00"}, "gcve": {"object_uuid": "0ea82e31-a27c-435e-a8a0-7b0a6479463e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-25T15:00:08+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-03-25T15:00:08+00:00"}, "scope": {"notes": "KEVIntel entry: Critical Remote Code Execution vulnerability reported in Windchill | Affected: PTC / Windchill PDMLink, FlexPLM | CVSS: 9.3 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-4681", "url": "https://www.cve.org/CVERecord?id=CVE-2026-4681"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-4681"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Critical Remote Code Execution vulnerability reported in Windchill", "vendor": "PTC", "product": "Windchill PDMLink, FlexPLM", "added_date": "2026-03-25T15:00:08.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "f95a31e1-4c4f-4aa5-8ead-983aa2944a0d", "vulnerability": {"vulnId": "CVE-2022-2376", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "f95a31e1-4c4f-4aa5-8ead-983aa2944a0d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-25T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Directorist < 7.3.1 - Unauthenticated Email Address Disclosure | Affected: Unknown / Directorist \u2013 WordPress Business Directory Plugin with Classified Ads Listings | CVSS: 5.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-2376", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2376"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-2376"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Directorist < 7.3.1 - Unauthenticated Email Address Disclosure", "vendor": "Unknown", "product": "Directorist \u2013 WordPress Business Directory Plugin with Classified Ads Listings", "added_date": "2026-03-25T00:00:00.000Z", "cvss_score": 5.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "3443862c-673b-48de-b75f-e76326586e24", "vulnerability": {"vulnId": "CVE-2022-40843", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "3443862c-673b-48de-b75f-e76326586e24", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-25T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router... | Affected: Tenda / AC1200 V-W15Ev2 | CVSS: 4.9 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-40843", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40843"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-40843"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router...", "vendor": "Tenda", "product": "AC1200 V-W15Ev2", "added_date": "2026-03-25T00:00:00.000Z", "cvss_score": 4.9, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "42f91854-85e2-4ac0-af76-e8d2b36cf2a2", "vulnerability": {"vulnId": "CVE-2025-15503", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "42f91854-85e2-4ac0-af76-e8d2b36cf2a2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-25T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Sangfor Operation and Maintenance Management System common.jsp unrestricted upload | Affected: Sangfor / Operation and Maintenance Management System | CVSS: 6.9 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-15503", "url": "https://www.cve.org/CVERecord?id=CVE-2025-15503"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-15503"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Sangfor Operation and Maintenance Management System common.jsp unrestricted upload", "vendor": "Sangfor", "product": "Operation and Maintenance Management System", "added_date": "2026-03-25T00:00:00.000Z", "cvss_score": 6.9, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "e0b8a7d8-5d6c-4368-9ee0-50c5c1f5d3c2", "vulnerability": {"vulnId": "CVE-2021-47795", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-24T00:00:00+00:00"}, "gcve": {"object_uuid": "e0b8a7d8-5d6c-4368-9ee0-50c5c1f5d3c2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-24T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-03-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: GeoVision Geowebserver 5.3.3 - Local FIle Inclusion | Affected: Geovision / GeoVision Geowebserver | CVSS: 8.7 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-47795", "url": "https://www.cve.org/CVERecord?id=CVE-2021-47795"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-47795"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "GeoVision Geowebserver 5.3.3 - Local FIle Inclusion", "vendor": "Geovision", "product": "GeoVision Geowebserver", "added_date": "2026-03-24T00:00:00.000Z", "cvss_score": 8.7, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "fca8af3f-d722-4dc5-a70b-8358f154b8be", "vulnerability": {"vulnId": "CVE-2025-25037", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-24T00:00:00+00:00"}, "gcve": {"object_uuid": "fca8af3f-d722-4dc5-a70b-8358f154b8be", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-24T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-03-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Aquatronica Controller System Complete Information Disclosure | Affected: Aquatronica / Aquatronica Controller System | CVSS: 9.3 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-25037", "url": "https://www.cve.org/CVERecord?id=CVE-2025-25037"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-25037"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Aquatronica Controller System Complete Information Disclosure", "vendor": "Aquatronica", "product": "Aquatronica Controller System", "added_date": "2026-03-24T00:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "cefc8c11-c082-468c-9eb5-725b66f190f4", "vulnerability": {"vulnId": "CVE-2026-21992", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-23T06:46:50+00:00"}, "gcve": {"object_uuid": "cefc8c11-c082-468c-9eb5-725b66f190f4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-23T06:46:50+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-03-23T06:46:50+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: REST WebServices) and Oracle Web Services Manager... | Affected: Oracle Corporation / Oracle Identity Manager, Oracle Web Services Manager | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-21992", "url": "https://www.cve.org/CVERecord?id=CVE-2026-21992"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-21992"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: REST WebServices) and Oracle Web Services Manager...", "vendor": "Oracle Corporation", "product": "Oracle Identity Manager, Oracle Web Services Manager", "added_date": "2026-03-23T06:46:50.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "b75d2cf9-5e2c-490c-b417-11eae598da89", "vulnerability": {"vulnId": "CVE-2025-34054", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-23T00:00:00+00:00"}, "gcve": {"object_uuid": "b75d2cf9-5e2c-490c-b417-11eae598da89", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-23T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-03-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: AVTECH IP camera, DVR, and NVR Devices Unauthenticated Command Injection | Affected: AVTECH / IP camera, DVR, and NVR Devices | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-34054", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34054"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-34054"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "AVTECH IP camera, DVR, and NVR Devices Unauthenticated Command Injection", "vendor": "AVTECH", "product": "IP camera, DVR, and NVR Devices", "added_date": "2026-03-23T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "d056432c-719d-43bb-833c-97c6bf311fa7", "vulnerability": {"vulnId": "CVE-2020-10173", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-21T00:00:00+00:00"}, "gcve": {"object_uuid": "d056432c-719d-43bb-833c-97c6bf311fa7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-21T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-03-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and... | Affected: Comtrend / VR-3033 | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-10173", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10173"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-10173"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and...", "vendor": "Comtrend", "product": "VR-3033", "added_date": "2026-03-21T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "7b7c2c17-85b9-4d5f-8bb4-e3be92a43ed9", "vulnerability": {"vulnId": "CVE-2026-21902", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-19T00:00:00+00:00"}, "gcve": {"object_uuid": "7b7c2c17-85b9-4d5f-8bb4-e3be92a43ed9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-19T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-03-19T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Junos OS Evolved: PTX Series: A vulnerability allows a unauthenticated, network-based attacker to execute code as root | Affected: Juniper Networks / Junos OS Evolved | CVSS: 9.3 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-21902", "url": "https://www.cve.org/CVERecord?id=CVE-2026-21902"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-21902"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Junos OS Evolved: PTX Series: A vulnerability allows a unauthenticated, network-based attacker to execute code as root", "vendor": "Juniper Networks", "product": "Junos OS Evolved", "added_date": "2026-03-19T00:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "9b335ec6-1774-4e66-a8f5-8894c06b61d3", "vulnerability": {"vulnId": "CVE-2023-4542", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-19T00:00:00+00:00"}, "gcve": {"object_uuid": "9b335ec6-1774-4e66-a8f5-8894c06b61d3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-19T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-03-19T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: D-Link DAR-8000-10 sys1.php os command injection | Affected: D-Link / DAR-8000-10 | CVSS: 6.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-4542", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4542"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-4542"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "D-Link DAR-8000-10 sys1.php os command injection", "vendor": "D-Link", "product": "DAR-8000-10", "added_date": "2026-03-19T00:00:00.000Z", "cvss_score": 6.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "04d6f771-3ebe-4ecd-8521-798e4ee2852f", "vulnerability": {"vulnId": "CVE-2025-34030", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-19T00:00:00+00:00"}, "gcve": {"object_uuid": "04d6f771-3ebe-4ecd-8521-798e4ee2852f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-19T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-03-19T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: sar2html OS Command Injection | Affected: sar2html / sar2html | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-34030", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34030"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-34030"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "sar2html OS Command Injection", "vendor": "sar2html", "product": "sar2html", "added_date": "2026-03-19T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "5bf922b2-0feb-4bd5-8a8d-e7239fd76493", "vulnerability": {"vulnId": "CVE-2026-32746", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-18T06:09:26+00:00"}, "gcve": {"object_uuid": "5bf922b2-0feb-4bd5-8a8d-e7239fd76493", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-18T06:09:26+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-03-18T06:09:26+00:00"}, "scope": {"notes": "KEVIntel entry: telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc... | Affected: GNU / inetutils | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-32746", "url": "https://www.cve.org/CVERecord?id=CVE-2026-32746"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-32746"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc...", "vendor": "GNU", "product": "inetutils", "added_date": "2026-03-18T06:09:26.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "afd0ba34-f3fd-4039-9412-5ca1ee9ab844", "vulnerability": {"vulnId": "CVE-2022-38627", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-17T00:00:00+00:00"}, "gcve": {"object_uuid": "afd0ba34-f3fd-4039-9412-5ca1ee9ab844", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-17T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-03-17T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a SQL injection... | Affected: Nortek / Linear eMerge E3-Series | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-38627", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38627"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-38627"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a SQL injection...", "vendor": "Nortek", "product": "Linear eMerge E3-Series", "added_date": "2026-03-17T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "25c521aa-9902-48f1-ae8a-1bf74d84bf3c", "vulnerability": {"vulnId": "CVE-2021-44868", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-17T00:00:00+00:00"}, "gcve": {"object_uuid": "25c521aa-9902-48f1-ae8a-1bf74d84bf3c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-17T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-03-17T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A problem was found in ming-soft MCMS v5.1. There is a sql injection vulnerability in /ms/cms/content/list.do | Affected: ming-soft / MCMS | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-44868", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44868"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-44868"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A problem was found in ming-soft MCMS v5.1. There is a sql injection vulnerability in /ms/cms/content/list.do", "vendor": "ming-soft", "product": "MCMS", "added_date": "2026-03-17T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "6b10b608-8dd3-491c-aa18-718cbc3ae492", "vulnerability": {"vulnId": "CVE-2020-10546", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-17T00:00:00+00:00"}, "gcve": {"object_uuid": "6b10b608-8dd3-491c-aa18-718cbc3ae492", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-17T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-03-17T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored... | Affected: rConfig / rConfig | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-10546", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10546"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-10546"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored...", "vendor": "rConfig", "product": "rConfig", "added_date": "2026-03-17T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "c58aafa5-c340-4023-a761-bbe67ca9f78f", "vulnerability": {"vulnId": "CVE-2020-12124", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-17T00:00:00+00:00"}, "gcve": {"object_uuid": "c58aafa5-c340-4023-a761-bbe67ca9f78f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-17T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-03-17T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to... | Affected: WAVLINK / WN530H4 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-12124", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12124"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-12124"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to...", "vendor": "WAVLINK", "product": "WN530H4", "added_date": "2026-03-17T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "e2430898-52e0-4d61-adac-844c1f2a0d68", "vulnerability": {"vulnId": "CVE-2024-8425", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-15T00:00:00+00:00"}, "gcve": {"object_uuid": "e2430898-52e0-4d61-adac-844c1f2a0d68", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-15T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-03-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: WooCommerce Ultimate Gift Card <= 2.6.0 - Unauthenticated Arbitrary File Upload | Affected: WP Swings / WooCommerce Ultimate Gift Card | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-8425", "url": "https://www.cve.org/CVERecord?id=CVE-2024-8425"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-8425"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WooCommerce Ultimate Gift Card <= 2.6.0 - Unauthenticated Arbitrary File Upload", "vendor": "WP Swings", "product": "WooCommerce Ultimate Gift Card", "added_date": "2026-03-15T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "c37362f8-43d2-422b-8c0e-86a8b013b0c1", "vulnerability": {"vulnId": "CVE-2023-6329", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-14T00:00:00+00:00"}, "gcve": {"object_uuid": "c37362f8-43d2-422b-8c0e-86a8b013b0c1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-14T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-03-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Control iD iDSecure passwordCustom Authentication Bypass | Affected: Control iD / iDSecure | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-6329", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6329"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-6329"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Control iD iDSecure passwordCustom Authentication Bypass", "vendor": "Control iD", "product": "iDSecure", "added_date": "2026-03-14T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "4a36b646-a475-453a-a590-0743f00acaa2", "vulnerability": {"vulnId": "CVE-2021-24915", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-14T00:00:00+00:00"}, "gcve": {"object_uuid": "4a36b646-a475-453a-a590-0743f00acaa2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-14T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-03-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Contest Gallery < 13.1.0.6 - Missing Access Controls to Unauthenticated SQL injection / Email Address Disclosure | Affected: Unknown / Contest Gallery \u2013 Photo Contest Plugin for WordPress | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-24915", "url": "https://www.cve.org/CVERecord?id=CVE-2021-24915"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-24915"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Contest Gallery < 13.1.0.6 - Missing Access Controls to Unauthenticated SQL injection / Email Address Disclosure", "vendor": "Unknown", "product": "Contest Gallery \u2013 Photo Contest Plugin for WordPress", "added_date": "2026-03-14T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "5ecbb7d5-c47b-49e2-94db-dbe6c3bfbd81", "vulnerability": {"vulnId": "CVE-2026-21666", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-13T16:26:50+00:00"}, "gcve": {"object_uuid": "5ecbb7d5-c47b-49e2-94db-dbe6c3bfbd81", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-13T16:26:50+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-03-13T16:26:50+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server. | Affected: Veeam / Backup and Replication | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-21666", "url": "https://www.cve.org/CVERecord?id=CVE-2026-21666"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-21666"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.", "vendor": "Veeam", "product": "Backup and Replication", "added_date": "2026-03-13T16:26:50.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "b1cdcfe7-7bb6-4a3f-9b33-0fe1e63df316", "vulnerability": {"vulnId": "CVE-2026-21708", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-13T16:26:50+00:00"}, "gcve": {"object_uuid": "b1cdcfe7-7bb6-4a3f-9b33-0fe1e63df316", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-13T16:26:50+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-03-13T16:26:50+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user. | Affected: Veeam / Backup and Replication | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-21708", "url": "https://www.cve.org/CVERecord?id=CVE-2026-21708"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-21708"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user.", "vendor": "Veeam", "product": "Backup and Replication", "added_date": "2026-03-13T16:26:50.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "f728efc5-6a90-43c1-8a57-d55c34fd4756", "vulnerability": {"vulnId": "CVE-2026-21669", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-13T16:26:50+00:00"}, "gcve": {"object_uuid": "f728efc5-6a90-43c1-8a57-d55c34fd4756", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-13T16:26:50+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-03-13T16:26:50+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server. | Affected: Veeam / Backup and Replication | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-21669", "url": "https://www.cve.org/CVERecord?id=CVE-2026-21669"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-21669"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.", "vendor": "Veeam", "product": "Backup and Replication", "added_date": "2026-03-13T16:26:50.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "d77923d2-8fa1-4972-a5bc-32ee3688a2e9", "vulnerability": {"vulnId": "CVE-2026-21667", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-13T16:26:50+00:00"}, "gcve": {"object_uuid": "d77923d2-8fa1-4972-a5bc-32ee3688a2e9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-13T16:26:50+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-03-13T16:26:50+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server. | Affected: Veeam / Backup and Replication | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-21667", "url": "https://www.cve.org/CVERecord?id=CVE-2026-21667"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-21667"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.", "vendor": "Veeam", "product": "Backup and Replication", "added_date": "2026-03-13T16:26:50.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "704e5286-978e-4299-86f7-0ee0fb353269", "vulnerability": {"vulnId": "CVE-2024-13030", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-12T10:50:26+00:00"}, "gcve": {"object_uuid": "704e5286-978e-4299-86f7-0ee0fb353269", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-12T10:50:26+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-03-12T10:50:26+00:00"}, "scope": {"notes": "KEVIntel entry: D-Link DIR-823G Web Management Interface HNAP1 SetVirtualServerSettings access control | Affected: D-Link / DIR-823G | CVSS: 6.9 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-13030", "url": "https://www.cve.org/CVERecord?id=CVE-2024-13030"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-13030"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "D-Link DIR-823G Web Management Interface HNAP1 SetVirtualServerSettings access control", "vendor": "D-Link", "product": "DIR-823G", "added_date": "2026-03-12T10:50:26.115Z", "cvss_score": 6.9, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a8044d12-9daf-4133-8158-73bc905cf268", "vulnerability": {"vulnId": "CVE-2022-4063", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-10T00:00:00+00:00"}, "gcve": {"object_uuid": "a8044d12-9daf-4133-8158-73bc905cf268", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-10T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-03-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: InPost Gallery < 2.1.4.1 - Unauthenticated LFI to RCE | Affected: Unknown / InPost Gallery | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-4063", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4063"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-4063"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "InPost Gallery < 2.1.4.1 - Unauthenticated LFI to RCE", "vendor": "Unknown", "product": "InPost Gallery", "added_date": "2026-03-10T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "e8cd284e-e6fe-4bb1-95b1-5a834618b543", "vulnerability": {"vulnId": "CVE-2021-24943", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-10T00:00:00+00:00"}, "gcve": {"object_uuid": "e8cd284e-e6fe-4bb1-95b1-5a834618b543", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-10T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-03-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Registrations for the Events Calendar < 2.7.6 - Unauthenticated SQL Injection | Affected: Unknown / Registrations for the Events Calendar \u2013 Event Registration Plugin | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-24943", "url": "https://www.cve.org/CVERecord?id=CVE-2021-24943"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-24943"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Registrations for the Events Calendar < 2.7.6 - Unauthenticated SQL Injection", "vendor": "Unknown", "product": "Registrations for the Events Calendar \u2013 Event Registration Plugin", "added_date": "2026-03-10T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "fbaebd6f-6c03-41c6-9c9f-66bb13961056", "vulnerability": {"vulnId": "CVE-2025-47188", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-09T00:00:00+00:00"}, "gcve": {"object_uuid": "fbaebd6f-6c03-41c6-9c9f-66bb13961056", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-09T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-03-09T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 (R6.4.0.4006), and the 6970 Conference Unit... | Affected: Mitel / 6800 Series, 6900 Series, 6900w Series SIP Phones, 6970 Conference Unit | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-47188", "url": "https://www.cve.org/CVERecord?id=CVE-2025-47188"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-47188"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 (R6.4.0.4006), and the 6970 Conference Unit...", "vendor": "Mitel", "product": "6800 Series, 6900 Series, 6900w Series SIP Phones, 6970 Conference Unit", "added_date": "2026-03-09T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "968d5292-000a-45b6-9d79-3183adaae5ee", "vulnerability": {"vulnId": "CVE-2024-21620", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-07T00:00:00+00:00"}, "gcve": {"object_uuid": "968d5292-000a-45b6-9d79-3183adaae5ee", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-07T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-03-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Junos OS: SRX Series and EX Series: J-Web doesn't sufficiently sanitize input to prevent XSS | Affected: Juniper Networks / Junos OS | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-21620", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21620"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-21620"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Junos OS: SRX Series and EX Series: J-Web doesn't sufficiently sanitize input to prevent XSS", "vendor": "Juniper Networks", "product": "Junos OS", "added_date": "2026-03-07T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "8d6cbec0-f94c-408e-bbf7-6182f3752db6", "vulnerability": {"vulnId": "CVE-2023-3606", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-07T00:00:00+00:00"}, "gcve": {"object_uuid": "8d6cbec0-f94c-408e-bbf7-6182f3752db6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-07T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-03-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: TamronOS ping os command injection | Affected: Tamron / TamronOS | CVSS: 6.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-3606", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3606"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-3606"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "TamronOS ping os command injection", "vendor": "Tamron", "product": "TamronOS", "added_date": "2026-03-07T00:00:00.000Z", "cvss_score": 6.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a536159d-e521-49df-aeac-869e3edae3e6", "vulnerability": {"vulnId": "CVE-2024-13985", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-06T00:00:00+00:00"}, "gcve": {"object_uuid": "a536159d-e521-49df-aeac-869e3edae3e6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-06T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-03-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Dahua EIMS capture_handle.action RCE | Affected: Zhejiang Dahua Technology Co., Ltd. / EIMS | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-13985", "url": "https://www.cve.org/CVERecord?id=CVE-2024-13985"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-13985"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Dahua EIMS capture_handle.action RCE", "vendor": "Zhejiang Dahua Technology Co., Ltd.", "product": "EIMS", "added_date": "2026-03-06T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "dd74e0ba-dd74-4120-8baa-92ea884acfd2", "vulnerability": {"vulnId": "CVE-2021-4462", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-26T00:00:00+00:00"}, "gcve": {"object_uuid": "dd74e0ba-dd74-4120-8baa-92ea884acfd2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-26T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-02-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Employee Records System v1.0 Arbitrary File Upload RCE | Affected: Employee Records System / Employee Records System | CVSS: 9.3 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-4462", "url": "https://www.cve.org/CVERecord?id=CVE-2021-4462"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-4462"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Employee Records System v1.0 Arbitrary File Upload RCE", "vendor": "Employee Records System", "product": "Employee Records System", "added_date": "2026-02-26T00:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "5b04513a-0761-4a75-af2b-9323e16f5014", "vulnerability": {"vulnId": "CVE-2025-22214", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-19T00:00:00+00:00"}, "gcve": {"object_uuid": "5b04513a-0761-4a75-af2b-9323e16f5014", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-19T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-02-19T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Landray EIS 2001 through 2006 allows Message/fi_message_receiver.aspx?replyid= SQL injection. | Affected: Landray / EIS | CVSS: 4.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-22214", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22214"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-22214"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Landray EIS 2001 through 2006 allows Message/fi_message_receiver.aspx?replyid= SQL injection.", "vendor": "Landray", "product": "EIS", "added_date": "2026-02-19T00:00:00.000Z", "cvss_score": 4.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "fd8a4529-e04e-4bbd-95b3-6189d53a3e53", "vulnerability": {"vulnId": "CVE-2024-37393", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-18T00:00:00+00:00"}, "gcve": {"object_uuid": "fd8a4529-e04e-4bbd-95b3-6189d53a3e53", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-18T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-02-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An... | Affected: SecurEnvoy / MFA | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-37393", "url": "https://www.cve.org/CVERecord?id=CVE-2024-37393"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-37393"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An...", "vendor": "SecurEnvoy", "product": "MFA", "added_date": "2026-02-18T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "749c8c2b-3785-4796-a85b-68a38a6e7782", "vulnerability": {"vulnId": "CVE-2022-0747", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-18T00:00:00+00:00"}, "gcve": {"object_uuid": "749c8c2b-3785-4796-a85b-68a38a6e7782", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-18T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-02-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Infographic Maker - iList < 4.3.8 - Unauthenticated SQL Injection | Affected: Unknown / Infographic Maker \u2013 iList | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-0747", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0747"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-0747"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Infographic Maker - iList < 4.3.8 - Unauthenticated SQL Injection", "vendor": "Unknown", "product": "Infographic Maker \u2013 iList", "added_date": "2026-02-18T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "4a29f19d-6cbd-4455-9c88-f234119c953e", "vulnerability": {"vulnId": "CVE-2022-0784", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-17T00:00:00+00:00"}, "gcve": {"object_uuid": "4a29f19d-6cbd-4455-9c88-f234119c953e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-17T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-02-17T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Title Experiments Free < 9.0.1 - Unauthenticated SQLi | Affected: Unknown / Title Experiments Free | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-0784", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0784"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-0784"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Title Experiments Free < 9.0.1 - Unauthenticated SQLi", "vendor": "Unknown", "product": "Title Experiments Free", "added_date": "2026-02-17T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "97d87ac2-f463-45bf-8d93-0664a37381b9", "vulnerability": {"vulnId": "CVE-2025-34068", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-16T00:00:00+00:00"}, "gcve": {"object_uuid": "97d87ac2-f463-45bf-8d93-0664a37381b9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-16T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-02-16T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Samsung WLAN AP WEA453e < 5.2.4.T1 Unauthenticated RCE via command1 and command2 Parameters | Affected: Samsung Electronics / WLAN AP WEA453e | CVSS: 9.3 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-34068", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34068"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-34068"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Samsung WLAN AP WEA453e < 5.2.4.T1 Unauthenticated RCE via command1 and command2 Parameters", "vendor": "Samsung Electronics", "product": "WLAN AP WEA453e", "added_date": "2026-02-16T00:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "cb337bbb-2ba3-4cff-b4d5-3679cd0c85d0", "vulnerability": {"vulnId": "CVE-2024-36858", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-16T00:00:00+00:00"}, "gcve": {"object_uuid": "cb337bbb-2ba3-4cff-b4d5-3679cd0c85d0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-16T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-02-16T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via... | Affected: Jan / Jan v0.4.12 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-36858", "url": "https://www.cve.org/CVERecord?id=CVE-2024-36858"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-36858"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via...", "vendor": "Jan", "product": "Jan v0.4.12", "added_date": "2026-02-16T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "10370308-8d73-49e2-9eeb-3e52f88c81d1", "vulnerability": {"vulnId": "CVE-2024-36857", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-16T00:00:00+00:00"}, "gcve": {"object_uuid": "10370308-8d73-49e2-9eeb-3e52f88c81d1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-16T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-02-16T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface. | Affected: Jan / Jan v0.4.12 | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-36857", "url": "https://www.cve.org/CVERecord?id=CVE-2024-36857"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-36857"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface.", "vendor": "Jan", "product": "Jan v0.4.12", "added_date": "2026-02-16T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "efeffa3d-3ed0-486c-85c4-4003da621619", "vulnerability": {"vulnId": "CVE-2021-31250", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-16T00:00:00+00:00"}, "gcve": {"object_uuid": "efeffa3d-3ed0-486c-85c4-4003da621619", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-16T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-02-16T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack... | Affected: CHIYU Technology Inc / BF-430, BF-431, BF-450M TCP/IP Converter | CVSS: 5.4 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-31250", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31250"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-31250"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack...", "vendor": "CHIYU Technology Inc", "product": "BF-430, BF-431, BF-450M TCP/IP Converter", "added_date": "2026-02-16T00:00:00.000Z", "cvss_score": 5.4, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "0d871324-0023-48a3-bdae-06aa48320b15", "vulnerability": {"vulnId": "CVE-2024-54763", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-16T00:00:00+00:00"}, "gcve": {"object_uuid": "0d871324-0023-48a3-bdae-06aa48320b15", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-16T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-02-16T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An access control issue in the component /login/hostinfo.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensitive information without... | Affected: ipTIME / A2004 | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-54763", "url": "https://www.cve.org/CVERecord?id=CVE-2024-54763"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-54763"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An access control issue in the component /login/hostinfo.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensitive information without...", "vendor": "ipTIME", "product": "A2004", "added_date": "2026-02-16T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "aeaf8cfe-647e-40f5-89e7-ee2ab34aee52", "vulnerability": {"vulnId": "CVE-2025-34041", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-16T00:00:00+00:00"}, "gcve": {"object_uuid": "aeaf8cfe-647e-40f5-89e7-ee2ab34aee52", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-16T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-02-16T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Sangfor Endpoint Detection and Response OS Command Injection | Affected: Sangfor Technologies Co., Ltd. / Endpoint Detection and Response Platform | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-34041", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34041"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-34041"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Sangfor Endpoint Detection and Response OS Command Injection", "vendor": "Sangfor Technologies Co., Ltd.", "product": "Endpoint Detection and Response Platform", "added_date": "2026-02-16T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "eb985ec2-57b2-415c-95c3-f8e8be891dba", "vulnerability": {"vulnId": "CVE-2020-11854", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-15T00:00:00+00:00"}, "gcve": {"object_uuid": "eb985ec2-57b2-415c-95c3-f8e8be891dba", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-15T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-02-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) products. | Affected: Micro Focus / Application Performance Management, Operation Bridge (containerized), Operation Bridge Manager | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-11854", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11854"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-11854"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) products.", "vendor": "Micro Focus", "product": "Application Performance Management, Operation Bridge (containerized), Operation Bridge Manager", "added_date": "2026-02-15T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "b0494761-e977-4400-8153-02308c141371", "vulnerability": {"vulnId": "CVE-2025-5605", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-15T00:00:00+00:00"}, "gcve": {"object_uuid": "b0494761-e977-4400-8153-02308c141371", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-15T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-02-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Authentication Bypass via URI Manipulation in Multiple WSO2 Products' Management Console Leading to Partial Information Disclosure | Affected: WSO2 / WSO2 Identity Server, WSO2 Enterprise Integrator, WSO2 Universal Gateway, WSO2 Traffic Manager, WSO2 API Manager, WSO2 API Control Plane, WSO2 Identity Server as Key Manager, WSO2 Open Banking AM, WSO2 Open Banking IAM, org.wso2.carbon:org.wso2.carbon.ui | CVSS: 4.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-5605", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5605"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-5605"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Authentication Bypass via URI Manipulation in Multiple WSO2 Products' Management Console Leading to Partial Information Disclosure", "vendor": "WSO2", "product": "WSO2 Identity Server, WSO2 Enterprise Integrator, WSO2 Universal Gateway, WSO2 Traffic Manager, WSO2 API Manager, WSO2 API Control Plane, WSO2 Identity Server as Key Manager, WSO2 Open Banking AM, WSO2 Open Banking IAM, org.wso2.carbon:org.wso2.carbon.ui", "added_date": "2026-02-15T00:00:00.000Z", "cvss_score": 4.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "332b8946-6669-4296-a055-c756dedb99e6", "vulnerability": {"vulnId": "CVE-2025-5287", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-15T00:00:00+00:00"}, "gcve": {"object_uuid": "332b8946-6669-4296-a055-c756dedb99e6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-15T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-02-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection | Affected: erumfaham / Likes and Dislikes Plugin | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-5287", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5287"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-5287"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection", "vendor": "erumfaham", "product": "Likes and Dislikes Plugin", "added_date": "2026-02-15T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a2a9dfd3-e237-434b-99bb-e9c465c9944b", "vulnerability": {"vulnId": "CVE-2024-49380", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-14T00:00:00+00:00"}, "gcve": {"object_uuid": "a2a9dfd3-e237-434b-99bb-e9c465c9944b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-14T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-02-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Plenti arbitrary file write vulnerability | Affected: plentico / plenti | CVSS: 8.9 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-49380", "url": "https://www.cve.org/CVERecord?id=CVE-2024-49380"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-49380"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Plenti arbitrary file write vulnerability", "vendor": "plentico", "product": "plenti", "added_date": "2026-02-14T00:00:00.000Z", "cvss_score": 8.9, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "33b7a1a2-f6f7-4cdf-b614-f1de93437e70", "vulnerability": {"vulnId": "CVE-2024-4443", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-14T00:00:00+00:00"}, "gcve": {"object_uuid": "33b7a1a2-f6f7-4cdf-b614-f1de93437e70", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-14T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-02-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Business Directory Plugin \u2013 Easy Listing Directories for WordPress <= 6.4.2 - Unauthenticated SQL Injection via listingfields Parameter | Affected: strategy11team / Business Directory Plugin \u2013 Easy Listing Directories for WordPress | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-4443", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4443"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-4443"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Business Directory Plugin \u2013 Easy Listing Directories for WordPress <= 6.4.2 - Unauthenticated SQL Injection via listingfields Parameter", "vendor": "strategy11team", "product": "Business Directory Plugin \u2013 Easy Listing Directories for WordPress", "added_date": "2026-02-14T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "e06fca47-2572-415e-b1d7-452a0739809d", "vulnerability": {"vulnId": "CVE-2024-50334", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-14T00:00:00+00:00"}, "gcve": {"object_uuid": "e06fca47-2572-415e-b1d7-452a0739809d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-14T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-02-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Semicolon Path Injection on API /api;/config | Affected: Erudika / scoold | CVSS: 8.7 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-50334", "url": "https://www.cve.org/CVERecord?id=CVE-2024-50334"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-50334"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Semicolon Path Injection on API /api;/config", "vendor": "Erudika", "product": "scoold", "added_date": "2026-02-14T00:00:00.000Z", "cvss_score": 8.7, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "3031adae-1b76-4dbc-8b45-b74f33c003e1", "vulnerability": {"vulnId": "CVE-2024-34257", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-14T00:00:00+00:00"}, "gcve": {"object_uuid": "3031adae-1b76-4dbc-8b45-b74f33c003e1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-14T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-02-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary... | Affected: TOTOLINK / EX1800T | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-34257", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34257"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-34257"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary...", "vendor": "TOTOLINK", "product": "EX1800T", "added_date": "2026-02-14T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "27d954c8-6c60-4f88-ae9c-3de16f117746", "vulnerability": {"vulnId": "CVE-2024-45388", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-14T00:00:00+00:00"}, "gcve": {"object_uuid": "27d954c8-6c60-4f88-ae9c-3de16f117746", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-14T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-02-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Arbitrary file read in the `/api/v2/simulation` endpoint in hoverfly (`GHSL-2023-274`) | Affected: SpectoLabs / hoverfly | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-45388", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45388"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-45388"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Arbitrary file read in the `/api/v2/simulation` endpoint in hoverfly (`GHSL-2023-274`)", "vendor": "SpectoLabs", "product": "hoverfly", "added_date": "2026-02-14T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "b798cf14-555d-453a-bf5f-03075008613f", "vulnerability": {"vulnId": "CVE-2026-21962", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-13T12:00:09+00:00"}, "gcve": {"object_uuid": "b798cf14-555d-453a-bf5f-03075008613f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-13T12:00:09+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-02-13T12:00:09+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic Server Proxy... | Affected: Oracle Corporation / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-21962", "url": "https://www.cve.org/CVERecord?id=CVE-2026-21962"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-21962"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic Server Proxy...", "vendor": "Oracle Corporation", "product": "Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in", "added_date": "2026-02-13T12:00:09.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "ae4f3b37-3d22-4330-9135-a9ff216dd01a", "vulnerability": {"vulnId": "CVE-2020-22165", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "ae4f3b37-3d22-4330-9135-a9ff216dd01a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-13T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-02-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \\hms\\user-login.php. Remote unauthenticated users can... | Affected: PHPGurukul / Hospital Management System | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-22165", "url": "https://www.cve.org/CVERecord?id=CVE-2020-22165"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-22165"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \\hms\\user-login.php. Remote unauthenticated users can...", "vendor": "PHPGurukul", "product": "Hospital Management System", "added_date": "2026-02-13T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "68e559c2-bd2b-49c9-a5dc-be9b82dada46", "vulnerability": {"vulnId": "CVE-2022-3481", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-12T00:00:00+00:00"}, "gcve": {"object_uuid": "68e559c2-bd2b-49c9-a5dc-be9b82dada46", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-12T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-02-12T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: WooCommerce Dropshipping < 4.4 - Unauthenticated SQLi | Affected: Unknown / WooCommerce Dropshipping | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-3481", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3481"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-3481"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WooCommerce Dropshipping < 4.4 - Unauthenticated SQLi", "vendor": "Unknown", "product": "WooCommerce Dropshipping", "added_date": "2026-02-12T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "006963fb-4573-48f4-9136-cda446bc204c", "vulnerability": {"vulnId": "CVE-2025-0107", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-11T00:00:00+00:00"}, "gcve": {"object_uuid": "006963fb-4573-48f4-9136-cda446bc204c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-11T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-02-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Expedition: OS Command Injection Vulnerability | Affected: Palo Alto Networks / Cloud NGFW, Expedition, Panorama, PAN-OS, Prisma Access | CVSS: 7.7 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-0107", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0107"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-0107"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Expedition: OS Command Injection Vulnerability", "vendor": "Palo Alto Networks", "product": "Cloud NGFW, Expedition, Panorama, PAN-OS, Prisma Access", "added_date": "2026-02-11T00:00:00.000Z", "cvss_score": 7.7, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "11e98aaf-f9d1-46d9-b55e-c641dec3815f", "vulnerability": {"vulnId": "CVE-2018-14918", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-11T00:00:00+00:00"}, "gcve": {"object_uuid": "11e98aaf-f9d1-46d9-b55e-c641dec3815f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-11T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-02-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal. | Affected: LOYTEC / LGATE-902 | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-14918", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14918"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-14918"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal.", "vendor": "LOYTEC", "product": "LGATE-902", "added_date": "2026-02-11T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "99d9dd96-5456-4ef9-9fcc-8432b99d274f", "vulnerability": {"vulnId": "CVE-2025-68947", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-10T14:44:42+00:00"}, "gcve": {"object_uuid": "99d9dd96-5456-4ef9-9fcc-8432b99d274f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-10T14:44:42+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-02-10T14:44:42+00:00"}, "scope": {"notes": "KEVIntel entry: NSecsoft NSecKrnl process termination privilege escalation | Affected: NSecsoft / NSecKrnl | CVSS: 5.7 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-68947", "url": "https://www.cve.org/CVERecord?id=CVE-2025-68947"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-68947"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "NSecsoft NSecKrnl process termination privilege escalation", "vendor": "NSecsoft", "product": "NSecKrnl", "added_date": "2026-02-10T14:44:42.000Z", "cvss_score": 5.7, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "9ea1373a-f154-4d45-96d5-cf5dbf6fd272", "vulnerability": {"vulnId": "CVE-2020-16139", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "9ea1373a-f154-4d45-96d5-cf5dbf6fd272", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-10T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-02-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the device remotely through... | Affected: Cisco / Unified IP Conference Station 7937G | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-16139", "url": "https://www.cve.org/CVERecord?id=CVE-2020-16139"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-16139"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the device remotely through...", "vendor": "Cisco", "product": "Unified IP Conference Station 7937G", "added_date": "2026-02-10T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "7be1baba-8511-4e4a-924a-58538d387801", "vulnerability": {"vulnId": "CVE-2021-45092", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-08T00:00:00+00:00"}, "gcve": {"object_uuid": "7be1baba-8511-4e4a-924a-58538d387801", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-08T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-02-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter. | Affected: Cybele Software / Thinfinity VirtualUI | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-45092", "url": "https://www.cve.org/CVERecord?id=CVE-2021-45092"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-45092"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter.", "vendor": "Cybele Software", "product": "Thinfinity VirtualUI", "added_date": "2026-02-08T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "d134df2c-5ae8-4e37-914a-3da2d5c2d6ce", "vulnerability": {"vulnId": "CVE-2020-35476", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-08T00:00:00+00:00"}, "gcve": {"object_uuid": "d134df2c-5ae8-4e37-914a-3da2d5c2d6ce", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-08T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-02-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written... | Affected: OpenTSDB / OpenTSDB | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-35476", "url": "https://www.cve.org/CVERecord?id=CVE-2020-35476"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-35476"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written...", "vendor": "OpenTSDB", "product": "OpenTSDB", "added_date": "2026-02-08T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "4fce66f1-0def-492f-8737-18bc4576e766", "vulnerability": {"vulnId": "CVE-2026-21858", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-07T00:00:00+00:00"}, "gcve": {"object_uuid": "4fce66f1-0def-492f-8737-18bc4576e766", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-07T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-02-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling | Affected: n8n-io / n8n | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2026-21858", "url": "https://www.cve.org/CVERecord?id=CVE-2026-21858"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-21858"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling", "vendor": "n8n-io", "product": "n8n", "added_date": "2026-02-07T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "0f12b865-1169-4035-9368-aeba24789802", "vulnerability": {"vulnId": "CVE-2020-26948", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-06T00:00:00+00:00"}, "gcve": {"object_uuid": "0f12b865-1169-4035-9368-aeba24789802", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-06T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-02-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter. | Affected: Emby / Emby Server | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-26948", "url": "https://www.cve.org/CVERecord?id=CVE-2020-26948"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-26948"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter.", "vendor": "Emby", "product": "Emby Server", "added_date": "2026-02-06T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "34bc4d37-06f8-4236-90bb-381da04dfa16", "vulnerability": {"vulnId": "CVE-2022-22956", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-05T00:00:00+00:00"}, "gcve": {"object_uuid": "34bc4d37-06f8-4236-90bb-381da04dfa16", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-05T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-02-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A... | Affected: VMware / Workspace ONE Access | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-22956", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22956"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-22956"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A...", "vendor": "VMware", "product": "Workspace ONE Access", "added_date": "2026-02-05T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "31ebe42f-43f7-40d3-8406-18b70453d042", "vulnerability": {"vulnId": "CVE-2023-7335", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-04T00:00:00+00:00"}, "gcve": {"object_uuid": "31ebe42f-43f7-40d3-8406-18b70453d042", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-04T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-02-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: EduSoho < 22.4.7 Arbitrary File Read via classroom-course-statistics | Affected: Hangzhou Kuozhi Network Technology Co., Ltd. / EduSoho | CVSS: 8.7 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-7335", "url": "https://www.cve.org/CVERecord?id=CVE-2023-7335"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-7335"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "EduSoho < 22.4.7 Arbitrary File Read via classroom-course-statistics", "vendor": "Hangzhou Kuozhi Network Technology Co., Ltd.", "product": "EduSoho", "added_date": "2026-02-04T00:00:00.000Z", "cvss_score": 8.7, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "83ba592d-7747-44fc-83d2-4e1915ca39a1", "vulnerability": {"vulnId": "CVE-2025-34045", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-04T00:00:00+00:00"}, "gcve": {"object_uuid": "83ba592d-7747-44fc-83d2-4e1915ca39a1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-04T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-02-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: WeiPHP Path Traversal Arbitrary File Read | Affected: Shenzhen Yuanmengyun Technology Co., Ltd. / WeiPHP | CVSS: 8.7 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-34045", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34045"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-34045"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WeiPHP Path Traversal Arbitrary File Read", "vendor": "Shenzhen Yuanmengyun Technology Co., Ltd.", "product": "WeiPHP", "added_date": "2026-02-04T00:00:00.000Z", "cvss_score": 8.7, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "de0017bf-a189-430f-8f74-252667b442fa", "vulnerability": {"vulnId": "CVE-2025-34047", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-04T00:00:00+00:00"}, "gcve": {"object_uuid": "de0017bf-a189-430f-8f74-252667b442fa", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-04T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-02-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Leadsec VPN Path Traversal Arbitrary File Read | Affected: Beijing NetGuard Nebula Information Technology Co., Ltd. / Leadsec SSL VPN | CVSS: 8.7 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-34047", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34047"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-34047"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Leadsec VPN Path Traversal Arbitrary File Read", "vendor": "Beijing NetGuard Nebula Information Technology Co., Ltd.", "product": "Leadsec SSL VPN", "added_date": "2026-02-04T00:00:00.000Z", "cvss_score": 8.7, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "b2b6376b-e8e1-4121-a880-7740bc6aa6ba", "vulnerability": {"vulnId": "CVE-2025-34046", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b2b6376b-e8e1-4121-a880-7740bc6aa6ba", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-30T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-01-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Fanwei E-Office Unauthenticated File Upload | Affected: Shanghai Fanwei Network Technology / E-Office | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-34046", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34046"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-34046"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Fanwei E-Office Unauthenticated File Upload", "vendor": "Shanghai Fanwei Network Technology", "product": "E-Office", "added_date": "2026-01-30T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "770eeeca-ee82-4516-a0a8-209487474443", "vulnerability": {"vulnId": "CVE-2022-1386", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-30T00:00:00+00:00"}, "gcve": {"object_uuid": "770eeeca-ee82-4516-a0a8-209487474443", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-30T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-01-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Fusion Builder < 3.6.2 - Unauthenticated SSRF | Affected: Unknown / Fusion Builder | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-1386", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1386"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-1386"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Fusion Builder < 3.6.2 - Unauthenticated SSRF", "vendor": "Unknown", "product": "Fusion Builder", "added_date": "2026-01-30T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "dc0d8fb1-2b32-4ea1-b1d7-6cc5ec9b0c07", "vulnerability": {"vulnId": "CVE-2025-34059", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-29T00:00:00+00:00"}, "gcve": {"object_uuid": "dc0d8fb1-2b32-4ea1-b1d7-6cc5ec9b0c07", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-29T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-01-29T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Dahua Smart Cloud Gateway Registration Management Platform SQL Injection | Affected: Zhejiang Dahua Technology Co., Ltd. / Smart Cloud Gateway Registration Management Platform | CVSS: 8.7 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-34059", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34059"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-34059"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Dahua Smart Cloud Gateway Registration Management Platform SQL Injection", "vendor": "Zhejiang Dahua Technology Co., Ltd.", "product": "Smart Cloud Gateway Registration Management Platform", "added_date": "2026-01-29T00:00:00.000Z", "cvss_score": 8.7, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "9a24e8e8-d88e-4a91-8cba-5b085bb28963", "vulnerability": {"vulnId": "CVE-2025-34038", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-29T00:00:00+00:00"}, "gcve": {"object_uuid": "9a24e8e8-d88e-4a91-8cba-5b085bb28963", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-29T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-01-29T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Weaver E-cology SQL Injection | Affected: Weaver / E-cology | CVSS: 8.7 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-34038", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34038"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-34038"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Weaver E-cology SQL Injection", "vendor": "Weaver", "product": "E-cology", "added_date": "2026-01-29T00:00:00.000Z", "cvss_score": 8.7, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "f661b849-3184-4bec-b96a-bc7431dca880", "vulnerability": {"vulnId": "CVE-2018-11714", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-26T00:00:00+00:00"}, "gcve": {"object_uuid": "f661b849-3184-4bec-b96a-bc7431dca880", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-26T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-01-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0... | Affected: TP-Link / TL-WR840N, TL-WR841N | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-11714", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11714"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-11714"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0...", "vendor": "TP-Link", "product": "TL-WR840N, TL-WR841N", "added_date": "2026-01-26T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "31d0e7e2-7502-4d16-a3f5-2329ea205674", "vulnerability": {"vulnId": "CVE-2023-40748", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-26T00:00:00+00:00"}, "gcve": {"object_uuid": "31d0e7e2-7502-4d16-a3f5-2329ea205674", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-26T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-01-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: PHPJabbers Food Delivery Script 3.0 has a SQL injection (SQLi) vulnerability in the \"q\" parameter of index.php. | Affected: PHPJabbers / Food Delivery Script | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-40748", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40748"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-40748"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "PHPJabbers Food Delivery Script 3.0 has a SQL injection (SQLi) vulnerability in the \"q\" parameter of index.php.", "vendor": "PHPJabbers", "product": "Food Delivery Script", "added_date": "2026-01-26T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "263f37fc-5d85-45e5-8b3d-93de4e38d450", "vulnerability": {"vulnId": "CVE-2025-69200", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-25T00:00:00+00:00"}, "gcve": {"object_uuid": "263f37fc-5d85-45e5-8b3d-93de4e38d450", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-25T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-01-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: phpMyFAQ has unauthenticated config backup download via /api/setup/backup | Affected: thorsten / phpMyFAQ | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-69200", "url": "https://www.cve.org/CVERecord?id=CVE-2025-69200"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-69200"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "phpMyFAQ has unauthenticated config backup download via /api/setup/backup", "vendor": "thorsten", "product": "phpMyFAQ", "added_date": "2026-01-25T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "f3c6f3c5-9270-4afd-944b-4327fd68c2db", "vulnerability": {"vulnId": "CVE-2025-10204", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-25T00:00:00+00:00"}, "gcve": {"object_uuid": "f3c6f3c5-9270-4afd-944b-4327fd68c2db", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-25T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-01-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unauth Admin Reset Password on AC Smart II | Affected: LG Electronics / AC Smart II | CVSS: 7.1 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-10204", "url": "https://www.cve.org/CVERecord?id=CVE-2025-10204"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-10204"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unauth Admin Reset Password on AC Smart II", "vendor": "LG Electronics", "product": "AC Smart II", "added_date": "2026-01-25T00:00:00.000Z", "cvss_score": 7.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "9614f841-db2f-4808-9df8-4cf6b1ded603", "vulnerability": {"vulnId": "CVE-2024-20440", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-25T00:00:00+00:00"}, "gcve": {"object_uuid": "9614f841-db2f-4808-9df8-4cf6b1ded603", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-25T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-01-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information.\r\n\r\nThis... | Affected: Cisco / Cisco Smart License Utility | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-20440", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20440"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-20440"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information.\r\n\r\nThis...", "vendor": "Cisco", "product": "Cisco Smart License Utility", "added_date": "2026-01-25T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "2a88cd79-fbeb-4ed0-84c4-0316aba8bc75", "vulnerability": {"vulnId": "CVE-2022-36923", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-25T00:00:00+00:00"}, "gcve": {"object_uuid": "2a88cd79-fbeb-4ed0-84c4-0316aba8bc75", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-25T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-01-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before... | Affected: Zoho / ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, OpUtils | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-36923", "url": "https://www.cve.org/CVERecord?id=CVE-2022-36923"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-36923"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before...", "vendor": "Zoho", "product": "ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, OpUtils", "added_date": "2026-01-25T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "5dbed0a0-6103-4d0c-8856-813336dd5d95", "vulnerability": {"vulnId": "CVE-2022-4984", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-24T00:00:00+00:00"}, "gcve": {"object_uuid": "5dbed0a0-6103-4d0c-8856-813336dd5d95", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-24T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-01-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: ZenTao Biz < 6.5, Max < 3.0, & Open Source Edition 16.5/16.5beta1 SQL Injection via user-login.html | Affected: Qingdao Esoft Tianchuang Network Technology Co., Ltd. / ZenTao Biz, ZenTao Max, ZenTao Open Source Edition | CVSS: 8.7 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-4984", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4984"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-4984"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "ZenTao Biz < 6.5, Max < 3.0, & Open Source Edition 16.5/16.5beta1 SQL Injection via user-login.html", "vendor": "Qingdao Esoft Tianchuang Network Technology Co., Ltd.", "product": "ZenTao Biz, ZenTao Max, ZenTao Open Source Edition", "added_date": "2026-01-24T00:00:00.000Z", "cvss_score": 8.7, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "27400207-98d0-4688-b01d-306490bb0b00", "vulnerability": {"vulnId": "CVE-2024-7314", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-24T00:00:00+00:00"}, "gcve": {"object_uuid": "27400207-98d0-4688-b01d-306490bb0b00", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-24T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-01-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: anji-plus AJ-Report Authentication Bypass | Affected: anji-plus / AJ-Report | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-7314", "url": "https://www.cve.org/CVERecord?id=CVE-2024-7314"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-7314"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "anji-plus AJ-Report Authentication Bypass", "vendor": "anji-plus", "product": "AJ-Report", "added_date": "2026-01-24T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "e3fb971d-d395-4a09-97c6-de1375041378", "vulnerability": {"vulnId": "CVE-2020-36870", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-24T00:00:00+00:00"}, "gcve": {"object_uuid": "e3fb971d-d395-4a09-97c6-de1375041378", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-24T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-01-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Ruijie Gateway EG & NBR Models v11.1(6)B9P1 - 11.9(4)B12P1 RCE | Affected: Beijing Star-Net Ruijie Network Technology Co., Ltd. / RG-EG1000C, RG-EG2000F, RG-EG2000K, RG-EG2000L, RG-EG2000CE, RG-EG2000SE, RG-EG2000GE, RG-EG2000XE, RG-EG2000UE, RG-EG3000CE, RG-EG3000SE, RG-EG3000GE, RG-EG3000ME, RG-EG3000UE, RG-EG3000XE, RG-EG2100-P, EG3210, EG3220, EG3230, EG3250, NBR108G-P, NBR1000G-E, NBR1300G-E, NBR1700G-E, NBR2100G-E, NBR2500D-E, NBR3000D-E, NBR6120-E, NBR6135-E, NBR6205-E, NBR6210-E, NBR6215-E, NBR800G, NBR950G, NBR1000G-C, NBR2000G-C, NBR3000G-S | CVSS: 9.2 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-36870", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36870"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-36870"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Ruijie Gateway EG & NBR Models v11.1(6)B9P1 - 11.9(4)B12P1 RCE", "vendor": "Beijing Star-Net Ruijie Network Technology Co., Ltd.", "product": "RG-EG1000C, RG-EG2000F, RG-EG2000K, RG-EG2000L, RG-EG2000CE, RG-EG2000SE, RG-EG2000GE, RG-EG2000XE, RG-EG2000UE, RG-EG3000CE, RG-EG3000SE, RG-EG3000GE, RG-EG3000ME, RG-EG3000UE, RG-EG3000XE, RG-EG2100-P, EG3210, EG3220, EG3230, EG3250, NBR108G-P, NBR1000G-E, NBR1300G-E, NBR1700G-E, NBR2100G-E, NBR2500D-E, NBR3000D-E, NBR6120-E, NBR6135-E, NBR6205-E, NBR6210-E, NBR6215-E, NBR800G, NBR950G, NBR1000G-C, NBR2000G-C, NBR3000G-S", "added_date": "2026-01-24T00:00:00.000Z", "cvss_score": 9.2, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "92b8f744-88e0-475f-bfc9-393d8b67ff6c", "vulnerability": {"vulnId": "CVE-2023-7334", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-24T00:00:00+00:00"}, "gcve": {"object_uuid": "92b8f744-88e0-475f-bfc9-393d8b67ff6c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-24T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-01-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Changjetong T+ <= 16.x GetStoreWarehouseByStore Deserialization RCE | Affected: Changjetong Information Technology Co., Ltd. / T+ | CVSS: 9.3 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-7334", "url": "https://www.cve.org/CVERecord?id=CVE-2023-7334"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-7334"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Changjetong T+ <= 16.x GetStoreWarehouseByStore Deserialization RCE", "vendor": "Changjetong Information Technology Co., Ltd.", "product": "T+", "added_date": "2026-01-24T00:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "5416b772-2fc6-47c4-a6ad-e551f66bf0b4", "vulnerability": {"vulnId": "CVE-2021-3708", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-16T00:00:00+00:00"}, "gcve": {"object_uuid": "5416b772-2fc6-47c4-a6ad-e551f66bf0b4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-16T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-01-16T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injection. An unauthenticated attacker on the local... | Affected: D-Link / DSL-2750U | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-3708", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3708"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-3708"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injection. An unauthenticated attacker on the local...", "vendor": "D-Link", "product": "DSL-2750U", "added_date": "2026-01-16T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "eb99352c-9c3e-424b-8377-f633e3f5ce55", "vulnerability": {"vulnId": "CVE-2024-7928", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-15T00:00:00+00:00"}, "gcve": {"object_uuid": "eb99352c-9c3e-424b-8377-f633e3f5ce55", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-15T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-01-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: FastAdmin lang path traversal | Affected: FastAdmin / FastAdmin | CVSS: 5.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-7928", "url": "https://www.cve.org/CVERecord?id=CVE-2024-7928"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-7928"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "FastAdmin lang path traversal", "vendor": "FastAdmin", "product": "FastAdmin", "added_date": "2026-01-15T00:00:00.000Z", "cvss_score": 5.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a5dfe8e0-65d0-4106-a941-a5c5ae29698d", "vulnerability": {"vulnId": "CVE-2025-34039", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-12T00:00:00+00:00"}, "gcve": {"object_uuid": "a5dfe8e0-65d0-4106-a941-a5c5ae29698d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-12T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-01-12T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Yonyou NC BeanShell Command Injection | Affected: Yonyou Co., Ltd. / UFIDA NC | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-34039", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34039"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-34039"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Yonyou NC BeanShell Command Injection", "vendor": "Yonyou Co., Ltd.", "product": "UFIDA NC", "added_date": "2026-01-12T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "3faf54d9-d14c-4a52-85b8-7bca0bac9a00", "vulnerability": {"vulnId": "CVE-2025-34043", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "3faf54d9-d14c-4a52-85b8-7bca0bac9a00", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-10T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-01-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Vacron NVR Remote Command Execution | Affected: Vacron / Network Video Recorder (NVR) | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-34043", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34043"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-34043"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vacron NVR Remote Command Execution", "vendor": "Vacron", "product": "Network Video Recorder (NVR)", "added_date": "2026-01-10T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "3ee9e470-8fa4-419b-9d06-b3228e3497d1", "vulnerability": {"vulnId": "CVE-2025-34036", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "3ee9e470-8fa4-419b-9d06-b3228e3497d1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-10T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-01-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Shenzhen TVT CCTV-DVR Command Injection | Affected: Shenzhen TVT / CCTV-DVR | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-34036", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34036"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-34036"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Shenzhen TVT CCTV-DVR Command Injection", "vendor": "Shenzhen TVT", "product": "CCTV-DVR", "added_date": "2026-01-10T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "4848b754-51be-469b-97f7-ad836267f593", "vulnerability": {"vulnId": "CVE-2025-34057", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "4848b754-51be-469b-97f7-ad836267f593", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-10T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-01-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Ruijie NBR Router Administrative Credential Disclosure | Affected: Ruijie / NBR Router | CVSS: 8.7 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-34057", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34057"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-34057"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Ruijie NBR Router Administrative Credential Disclosure", "vendor": "Ruijie", "product": "NBR Router", "added_date": "2026-01-10T00:00:00.000Z", "cvss_score": 8.7, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "670cfa23-4317-4a70-8d65-516c0379c72c", "vulnerability": {"vulnId": "CVE-2022-28005", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-09T00:00:00+00:00"}, "gcve": {"object_uuid": "670cfa23-4317-4a70-8d65-516c0379c72c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-09T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-01-09T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse... | Affected: 3CX / 3CX Phone System | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-28005", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28005"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-28005"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse...", "vendor": "3CX", "product": "3CX Phone System", "added_date": "2026-01-09T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "e4db9d33-34b4-4851-ba65-82c9e27020bd", "vulnerability": {"vulnId": "CVE-2020-36728", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-05T00:00:00+00:00"}, "gcve": {"object_uuid": "e4db9d33-34b4-4851-ba65-82c9e27020bd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-05T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-01-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in versions up to, and including, 1.5.5. This allows... | Affected: tunafish / Adning Advertising | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-36728", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36728"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-36728"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in versions up to, and including, 1.5.5. This allows...", "vendor": "tunafish", "product": "Adning Advertising", "added_date": "2026-01-05T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "789414f5-ee40-4854-b475-0cbb0d0b7aaf", "vulnerability": {"vulnId": "CVE-2020-26879", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-04T00:00:00+00:00"}, "gcve": {"object_uuid": "789414f5-ee40-4854-b475-0cbb0d0b7aaf", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-04T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-01-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An unauthenticated attacker can interact with the... | Affected: Ruckus Wireless / vRioT | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-26879", "url": "https://www.cve.org/CVERecord?id=CVE-2020-26879"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-26879"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An unauthenticated attacker can interact with the...", "vendor": "Ruckus Wireless", "product": "vRioT", "added_date": "2026-01-04T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "2d6370f6-c5e4-4ffa-8779-5024bf55cec4", "vulnerability": {"vulnId": "CVE-2019-18952", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-04T00:00:00+00:00"}, "gcve": {"object_uuid": "2d6370f6-c5e4-4ffa-8779-5024bf55cec4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-04T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-01-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. This can be combined with CVE-2019-18951 to achieve remote code... | Affected: SibSoft / Xfilesharing | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2019-18952", "url": "https://www.cve.org/CVERecord?id=CVE-2019-18952"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-18952"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. This can be combined with CVE-2019-18951 to achieve remote code...", "vendor": "SibSoft", "product": "Xfilesharing", "added_date": "2026-01-04T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "bfe6d3d1-70b3-4e2d-b1d1-8e57c60c4b5f", "vulnerability": {"vulnId": "CVE-2025-53364", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-04T00:00:00+00:00"}, "gcve": {"object_uuid": "bfe6d3d1-70b3-4e2d-b1d1-8e57c60c4b5f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-04T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-01-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Parse Server exposes the data schema via GraphQL API | Affected: parse-community / parse-server | CVSS: 5.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-53364", "url": "https://www.cve.org/CVERecord?id=CVE-2025-53364"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-53364"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Parse Server exposes the data schema via GraphQL API", "vendor": "parse-community", "product": "parse-server", "added_date": "2026-01-04T00:00:00.000Z", "cvss_score": 5.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "44b49934-7130-422e-89c4-cc903fa9181a", "vulnerability": {"vulnId": "CVE-2021-39312", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-04T00:00:00+00:00"}, "gcve": {"object_uuid": "44b49934-7130-422e-89c4-cc903fa9181a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-04T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-01-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: True Ranker <= 2.2.2 Directory Traversal/Arbitrary File Read | Affected: True Ranker / True Ranker | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-39312", "url": "https://www.cve.org/CVERecord?id=CVE-2021-39312"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-39312"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "True Ranker <= 2.2.2 Directory Traversal/Arbitrary File Read", "vendor": "True Ranker", "product": "True Ranker", "added_date": "2026-01-04T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "c8cce2e7-bd9f-4122-a6ef-87e85975b901", "vulnerability": {"vulnId": "CVE-2020-28185", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-04T00:00:00+00:00"}, "gcve": {"object_uuid": "c8cce2e7-bd9f-4122-a6ef-87e85975b901", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-04T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-01-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to identify valid users within the system... | Affected: TerraMaster / TOS | CVSS: 5.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-28185", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28185"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-28185"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to identify valid users within the system...", "vendor": "TerraMaster", "product": "TOS", "added_date": "2026-01-04T00:00:00.000Z", "cvss_score": 5.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "154c1eb7-e9f3-488a-8741-00d1f7df2605", "vulnerability": {"vulnId": "CVE-2020-5776", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-04T00:00:00+00:00"}, "gcve": {"object_uuid": "154c1eb7-e9f3-488a-8741-00d1f7df2605", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-04T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-01-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is possible in the event that a... | Affected: MAGMI / MAGMI | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-5776", "url": "https://www.cve.org/CVERecord?id=CVE-2020-5776"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-5776"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is possible in the event that a...", "vendor": "MAGMI", "product": "MAGMI", "added_date": "2026-01-04T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "04ad21d9-1a74-4700-a479-eaaeaf5de398", "vulnerability": {"vulnId": "CVE-2024-53944", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-03T00:00:00+00:00"}, "gcve": {"object_uuid": "04ad21d9-1a74-4700-a479-eaaeaf5de398", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-03T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-01-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered on Tuoshi/Dionlink LT15D 4G Wi-Fi devices through M7628NNxlSPv2xUI_v1.0.1802.10.08_P4 and LT21B devices through... | Affected: Tuoshi / LT15D 4G Wi-Fi | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-53944", "url": "https://www.cve.org/CVERecord?id=CVE-2024-53944"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-53944"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered on Tuoshi/Dionlink LT15D 4G Wi-Fi devices through M7628NNxlSPv2xUI_v1.0.1802.10.08_P4 and LT21B devices through...", "vendor": "Tuoshi", "product": "LT15D 4G Wi-Fi", "added_date": "2026-01-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "c0d163c8-bd1c-49c0-b15e-199e4e611e12", "vulnerability": {"vulnId": "CVE-2025-55190", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-02T00:00:00+00:00"}, "gcve": {"object_uuid": "c0d163c8-bd1c-49c0-b15e-199e4e611e12", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-02T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-01-02T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Argo CD: Project API Token Exposes Repository Credentials | Affected: argoproj / argo-cd | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-55190", "url": "https://www.cve.org/CVERecord?id=CVE-2025-55190"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-55190"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Argo CD: Project API Token Exposes Repository Credentials", "vendor": "argoproj", "product": "argo-cd", "added_date": "2026-01-02T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "1fde6320-5473-4285-ac28-5cb5aa9e8ce2", "vulnerability": {"vulnId": "CVE-2023-22897", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-02T00:00:00+00:00"}, "gcve": {"object_uuid": "1fde6320-5473-4285-ac28-5cb5aa9e8ce2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-02T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-01-02T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents... | Affected: SecurePoint / UTM | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-22897", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22897"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-22897"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents...", "vendor": "SecurePoint", "product": "UTM", "added_date": "2026-01-02T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "390fae8b-b76f-4da8-bc6d-9858ea812aef", "vulnerability": {"vulnId": "CVE-2014-9118", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-01T00:00:00+00:00"}, "gcve": {"object_uuid": "390fae8b-b76f-4da8-bc6d-9858ea812aef", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-01T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-01-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell... | Affected: Zhone / zNID GPON 2426A | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2014-9118", "url": "https://www.cve.org/CVERecord?id=CVE-2014-9118"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-9118"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell...", "vendor": "Zhone", "product": "zNID GPON 2426A", "added_date": "2026-01-01T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "7bc8e15d-c567-45bf-bd99-d3a8885b007d", "vulnerability": {"vulnId": "CVE-2019-9762", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-30T00:00:00+00:00"}, "gcve": {"object_uuid": "7bc8e15d-c567-45bf-bd99-d3a8885b007d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-30T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-12-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment/alipay/pay.php with the parameter id. The vulnerability does not need any... | Affected: PHPSHE / PHPSHE 1.7 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2019-9762", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9762"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-9762"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment/alipay/pay.php with the parameter id. The vulnerability does not need any...", "vendor": "PHPSHE", "product": "PHPSHE 1.7", "added_date": "2025-12-30T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "f69c45dd-29e7-4e31-b847-01154f0d22f2", "vulnerability": {"vulnId": "CVE-2021-22122", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-28T00:00:00+00:00"}, "gcve": {"object_uuid": "f69c45dd-29e7-4e31-b847-01154f0d22f2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-28T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-12-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an... | Affected: Fortinet / Fortinet FortiWeb | CVSS: 6.1 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-22122", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22122"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-22122"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an...", "vendor": "Fortinet", "product": "Fortinet FortiWeb", "added_date": "2025-12-28T00:00:00.000Z", "cvss_score": 6.1, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "632afc6c-fb70-42da-804f-332dfb03a6a1", "vulnerability": {"vulnId": "CVE-2020-8982", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-27T00:00:00+00:00"}, "gcve": {"object_uuid": "632afc6c-fb70-42da-804f-332dfb03a6a1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-27T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-12-27T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the... | Affected: Citrix / ShareFile StorageZones Controller | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-8982", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8982"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-8982"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the...", "vendor": "Citrix", "product": "ShareFile StorageZones Controller", "added_date": "2025-12-27T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "ee851001-911c-4318-9807-fd70ca740052", "vulnerability": {"vulnId": "CVE-2023-5914", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-26T00:00:00+00:00"}, "gcve": {"object_uuid": "ee851001-911c-4318-9807-fd70ca740052", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-26T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-12-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: \u00a0 Cross-site scripting (XSS) | Affected: Cloud Software Group / Citrix StoreFront | CVSS: 5.4 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-5914", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5914"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-5914"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "\u00a0 Cross-site scripting (XSS)", "vendor": "Cloud Software Group", "product": "Citrix StoreFront", "added_date": "2025-12-26T00:00:00.000Z", "cvss_score": 5.4, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "1647630e-5d85-47b1-8679-e10ade4b4fbd", "vulnerability": {"vulnId": "CVE-2021-29003", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-24T00:00:00+00:00"}, "gcve": {"object_uuid": "1647630e-5d85-47b1-8679-e10ade4b4fbd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-24T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-12-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers to execute arbitrary code via shell metacharacters to sys_config_valid.xgi,... | Affected: Genexis / PLATINUM 4410 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-29003", "url": "https://www.cve.org/CVERecord?id=CVE-2021-29003"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-29003"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers to execute arbitrary code via shell metacharacters to sys_config_valid.xgi,...", "vendor": "Genexis", "product": "PLATINUM 4410", "added_date": "2025-12-24T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "bcc659f9-7f00-4b19-96b3-72c2dd2fd742", "vulnerability": {"vulnId": "CVE-2025-65354", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-23T21:00:05+00:00"}, "gcve": {"object_uuid": "bcc659f9-7f00-4b19-96b3-72c2dd2fd742", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-23T21:00:05+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-12-23T21:00:05+00:00"}, "scope": {"notes": "KEVIntel entry: Improper input handling in /Grocery/search_products_itname.php inPuneethReddyHC event-management 1.0 permits SQL injection via the sitem_name POST... | Affected: PuneethReddyHC / event-management | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-65354", "url": "https://www.cve.org/CVERecord?id=CVE-2025-65354"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-65354"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Improper input handling in /Grocery/search_products_itname.php inPuneethReddyHC event-management 1.0 permits SQL injection via the sitem_name POST...", "vendor": "PuneethReddyHC", "product": "event-management", "added_date": "2025-12-23T21:00:05.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "5f2502e2-6885-4ffe-9f04-eabcdce6aead", "vulnerability": {"vulnId": "CVE-2021-30118", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-18T00:00:00+00:00"}, "gcve": {"object_uuid": "5f2502e2-6885-4ffe-9f04-eabcdce6aead", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-18T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-12-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unauthenticated Remote Code Execution in Kaseya VSA < v9.5.5 | Affected: Kaseya / VSA | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-30118", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30118"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-30118"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unauthenticated Remote Code Execution in Kaseya VSA < v9.5.5", "vendor": "Kaseya", "product": "VSA", "added_date": "2025-12-18T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "6f257b2b-ca0b-4f24-a19f-b3a7d2a4a03b", "vulnerability": {"vulnId": "CVE-2023-5074", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-17T00:00:00+00:00"}, "gcve": {"object_uuid": "6f257b2b-ca0b-4f24-a19f-b3a7d2a4a03b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-17T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-12-17T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Authentication Bypass in D-Link D-View 8 | Affected: D-Link / D-View 8 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-5074", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5074"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-5074"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Authentication Bypass in D-Link D-View 8", "vendor": "D-Link", "product": "D-View 8", "added_date": "2025-12-17T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "67d3ff7b-6a1d-4db1-a51a-1c55b2474c71", "vulnerability": {"vulnId": "CVE-2025-59719", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-16T14:02:50+00:00"}, "gcve": {"object_uuid": "67d3ff7b-6a1d-4db1-a51a-1c55b2474c71", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-16T14:02:50+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-12-16T14:02:50+00:00"}, "scope": {"notes": "KEVIntel entry: An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through... | Affected: Fortinet / FortiWeb | CVSS: 9.1 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-59719", "url": "https://www.cve.org/CVERecord?id=CVE-2025-59719"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-59719"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through...", "vendor": "Fortinet", "product": "FortiWeb", "added_date": "2025-12-16T14:02:50.000Z", "cvss_score": 9.1, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "e5ba35a8-add7-4344-82ed-bc8e197689b2", "vulnerability": {"vulnId": "CVE-2025-29927", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-15T14:29:13+00:00"}, "gcve": {"object_uuid": "e5ba35a8-add7-4344-82ed-bc8e197689b2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-15T14:29:13+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-12-15T14:29:13+00:00"}, "scope": {"notes": "KEVIntel entry: Authorization Bypass in Next.js Middleware | Affected: vercel / next.js | CVSS: 9.1 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-29927", "url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-29927"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Authorization Bypass in Next.js Middleware", "vendor": "vercel", "product": "next.js", "added_date": "2025-12-15T14:29:13.422Z", "cvss_score": 9.1, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "4d648d8c-039a-43b4-9bca-dda487f712be", "vulnerability": {"vulnId": "CVE-2025-24367", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-15T03:00:07+00:00"}, "gcve": {"object_uuid": "4d648d8c-039a-43b4-9bca-dda487f712be", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-15T03:00:07+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-12-15T03:00:07+00:00"}, "scope": {"notes": "KEVIntel entry: Cacti allows Arbitrary File Creation leading to RCE | Affected: Cacti / cacti | CVSS: 8.7 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-24367", "url": "https://www.cve.org/CVERecord?id=CVE-2025-24367"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-24367"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cacti allows Arbitrary File Creation leading to RCE", "vendor": "Cacti", "product": "cacti", "added_date": "2025-12-15T03:00:07.000Z", "cvss_score": 8.7, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "4979c1cd-1a68-449c-b919-969a0ebf767a", "vulnerability": {"vulnId": "CVE-2025-9074", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-15T03:00:07+00:00"}, "gcve": {"object_uuid": "4979c1cd-1a68-449c-b919-969a0ebf767a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-15T03:00:07+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-12-15T03:00:07+00:00"}, "scope": {"notes": "KEVIntel entry: Docker Desktop allows unauthenticated access to Docker Engine API from containers | Affected: Docker / Docker Desktop | CVSS: 9.3 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-9074", "url": "https://www.cve.org/CVERecord?id=CVE-2025-9074"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-9074"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Docker Desktop allows unauthenticated access to Docker Engine API from containers", "vendor": "Docker", "product": "Docker Desktop", "added_date": "2025-12-15T03:00:07.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "15d3e61f-7910-447e-8ca0-48e4cde06920", "vulnerability": {"vulnId": "CVE-2021-41649", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-09T00:00:00+00:00"}, "gcve": {"object_uuid": "15d3e61f-7910-447e-8ca0-48e4cde06920", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-09T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-12-09T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /homeaction.php cat_id parameter. Using a... | Affected: PuneethReddyHC / online-shopping-system-advanced | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-41649", "url": "https://www.cve.org/CVERecord?id=CVE-2021-41649"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-41649"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /homeaction.php cat_id parameter. Using a...", "vendor": "PuneethReddyHC", "product": "online-shopping-system-advanced", "added_date": "2025-12-09T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "4dbf6d30-6a78-4b59-8705-425325d02157", "vulnerability": {"vulnId": "CVE-2022-2958", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-09T00:00:00+00:00"}, "gcve": {"object_uuid": "4dbf6d30-6a78-4b59-8705-425325d02157", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-09T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-12-09T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: BadgeOS < 3.7.1.3 - Subscriber+ SQLi | Affected: Unknown / BadgeOS | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-2958", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2958"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-2958"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "BadgeOS < 3.7.1.3 - Subscriber+ SQLi", "vendor": "Unknown", "product": "BadgeOS", "added_date": "2025-12-09T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "b4fedf27-bad2-4701-ad5f-284ac9828729", "vulnerability": {"vulnId": "CVE-2025-6389", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-08T12:34:51+00:00"}, "gcve": {"object_uuid": "b4fedf27-bad2-4701-ad5f-284ac9828729", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-08T12:34:51+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-12-08T12:34:51+00:00"}, "scope": {"notes": "KEVIntel entry: Sneeit Framework <= 8.3 - Unauthenticated Remote Code Execution in sneeit_articles_pagination_callback | Affected: Sneeit / Sneeit Framework | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-6389", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6389"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-6389"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Sneeit Framework <= 8.3 - Unauthenticated Remote Code Execution in sneeit_articles_pagination_callback", "vendor": "Sneeit", "product": "Sneeit Framework", "added_date": "2025-12-08T12:34:51.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "d50190d2-c9c5-484c-a1f5-ae3eb4f522e3", "vulnerability": {"vulnId": "CVE-2022-31126", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-08T00:00:00+00:00"}, "gcve": {"object_uuid": "d50190d2-c9c5-484c-a1f5-ae3eb4f522e3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-08T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-12-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unauthenticated Remote Code Execution in Roxy-wi | Affected: hap-wi / roxy-wi | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-31126", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31126"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-31126"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unauthenticated Remote Code Execution in Roxy-wi", "vendor": "hap-wi", "product": "roxy-wi", "added_date": "2025-12-08T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "d946d4f6-ea84-47e4-90a4-ff09e7165160", "vulnerability": {"vulnId": "CVE-2018-11511", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-08T00:00:00+00:00"}, "gcve": {"object_uuid": "d946d4f6-ea84-47e4-90a4-ff09e7165160", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-08T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-12-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the... | Affected: ASUSTOR / ADM | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-11511", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11511"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-11511"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the...", "vendor": "ASUSTOR", "product": "ADM", "added_date": "2025-12-08T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "648ff381-a173-4843-bd2c-ee9c7652edea", "vulnerability": {"vulnId": "CVE-2020-17518", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-05T00:00:00+00:00"}, "gcve": {"object_uuid": "648ff381-a173-4843-bd2c-ee9c7652edea", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-05T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-12-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Apache Flink directory traversal attack: remote file writing through the REST API | Affected: Apache Software Foundation / Apache Flink | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-17518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-17518"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-17518"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Apache Flink directory traversal attack: remote file writing through the REST API", "vendor": "Apache Software Foundation", "product": "Apache Flink", "added_date": "2025-12-05T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "90dfff74-5423-47f2-8709-62e59dc3c3da", "vulnerability": {"vulnId": "CVE-2025-8489", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-03T21:31:32+00:00"}, "gcve": {"object_uuid": "90dfff74-5423-47f2-8709-62e59dc3c3da", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-03T21:31:32+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-12-03T21:31:32+00:00"}, "scope": {"notes": "KEVIntel entry: King Addons for Elementor \u2013 Free Elements, Widgets, Templates, and Features for Elementor 24.12.92 - 51.1.14 - Unauthenticated Privilege Escalation | Affected: kingaddons / King Addons for Elementor \u2013 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-8489", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8489"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-8489"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "King Addons for Elementor \u2013 Free Elements, Widgets, Templates, and Features for Elementor 24.12.92 - 51.1.14 - Unauthenticated Privilege Escalation", "vendor": "kingaddons", "product": "King Addons for Elementor \u2013 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor", "added_date": "2025-12-03T21:31:32.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "41a91b10-2986-4878-8605-77218abffd14", "vulnerability": {"vulnId": "CVE-2022-31814", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-03T00:00:00+00:00"}, "gcve": {"object_uuid": "41a91b10-2986-4878-8605-77218abffd14", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-03T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-12-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host... | Affected: Netgate / pfSense pfBlockerNG | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-31814", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31814"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-31814"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host...", "vendor": "Netgate", "product": "pfSense pfBlockerNG", "added_date": "2025-12-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "6b8639f4-c7b2-4820-94b5-8c487ae367f3", "vulnerability": {"vulnId": "CVE-2025-24071", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-02T23:02:58+00:00"}, "gcve": {"object_uuid": "6b8639f4-c7b2-4820-94b5-8c487ae367f3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-02T23:02:58+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-12-02T23:02:58+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Windows File Explorer Spoofing Vulnerability | Affected: Microsoft / Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-24071", "url": "https://www.cve.org/CVERecord?id=CVE-2025-24071"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-24071"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Windows File Explorer Spoofing Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2025-12-02T23:02:58.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "47ee96eb-d130-4410-a2d8-a8c7f6854653", "vulnerability": {"vulnId": "CVE-2022-29081", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-01T00:00:00+00:00"}, "gcve": {"object_uuid": "47ee96eb-d130-4410-a2d8-a8c7f6854653", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-01T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-12-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control... | Affected: Zoho / [\"ManageEngine Access Manager Plus\", \"Password Manager Pro\", \"PAM360\"] | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-29081", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29081"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-29081"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control...", "vendor": "Zoho", "product": "[\"ManageEngine Access Manager Plus\", \"Password Manager Pro\", \"PAM360\"]", "added_date": "2025-12-01T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "c5fc8c59-be65-4ae2-8479-5d383d51d618", "vulnerability": {"vulnId": "CVE-2022-1574", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-30T00:00:00+00:00"}, "gcve": {"object_uuid": "c5fc8c59-be65-4ae2-8479-5d383d51d618", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-30T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: HTML2WP <= 1.0.0 - Unauthenticated Arbitrary File Upload | Affected: Unknown / HTML2WP | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-1574", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1574"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-1574"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "HTML2WP <= 1.0.0 - Unauthenticated Arbitrary File Upload", "vendor": "Unknown", "product": "HTML2WP", "added_date": "2025-11-30T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "8049835c-87be-44f3-8a5b-26699fe86dc9", "vulnerability": {"vulnId": "CVE-2021-24212", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-30T00:00:00+00:00"}, "gcve": {"object_uuid": "8049835c-87be-44f3-8a5b-26699fe86dc9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-30T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: WooCommerce Help Scout < 2.9.1 - Unauthenticated Arbitrary File Upload leading to RCE | Affected: Unknown / WooCommerce Help Scout | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-24212", "url": "https://www.cve.org/CVERecord?id=CVE-2021-24212"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-24212"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WooCommerce Help Scout < 2.9.1 - Unauthenticated Arbitrary File Upload leading to RCE", "vendor": "Unknown", "product": "WooCommerce Help Scout", "added_date": "2025-11-30T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "97262096-fcef-4914-bbaa-795f760f100e", "vulnerability": {"vulnId": "CVE-2023-7304", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-29T00:00:00+00:00"}, "gcve": {"object_uuid": "97262096-fcef-4914-bbaa-795f760f100e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-29T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-29T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Ruijie RG-UAC nmc_sync.php Command Injection | Affected: Ruijie Networks Co., Ltd. / RG-UAC | CVSS: 9.3 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-7304", "url": "https://www.cve.org/CVERecord?id=CVE-2023-7304"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-7304"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Ruijie RG-UAC nmc_sync.php Command Injection", "vendor": "Ruijie Networks Co., Ltd.", "product": "RG-UAC", "added_date": "2025-11-29T00:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "56126b5e-50d2-44eb-8193-d81912a981f2", "vulnerability": {"vulnId": "CVE-2019-19825", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-27T00:00:00+00:00"}, "gcve": {"object_uuid": "56126b5e-50d2-44eb-8193-d81912a981f2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-27T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-27T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {\"topicurl\":\"setting/getSanvas\"} POST to the... | Affected: TOTOLINK / Realtek SDK based routers | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2019-19825", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19825"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-19825"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {\"topicurl\":\"setting/getSanvas\"} POST to the...", "vendor": "TOTOLINK", "product": "Realtek SDK based routers", "added_date": "2025-11-27T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "153427d9-d15b-48b7-8e33-3f3cbe1a9077", "vulnerability": {"vulnId": "CVE-2023-4169", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-26T00:00:00+00:00"}, "gcve": {"object_uuid": "153427d9-d15b-48b7-8e33-3f3cbe1a9077", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-26T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Ruijie RG-EW1200G Administrator Password set_passwd access control | Affected: Ruijie / RG-EW1200G | CVSS: 6.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-4169", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4169"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-4169"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Ruijie RG-EW1200G Administrator Password set_passwd access control", "vendor": "Ruijie", "product": "RG-EW1200G", "added_date": "2025-11-26T00:00:00.000Z", "cvss_score": 6.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a2683156-f870-4563-801b-cbaf84fa7b36", "vulnerability": {"vulnId": "CVE-2023-50968", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-25T00:00:00+00:00"}, "gcve": {"object_uuid": "a2683156-f870-4563-801b-cbaf84fa7b36", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-25T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Apache OFBiz: Arbitrary file properties reading and SSRF attack | Affected: Apache Software Foundation / Apache OFBiz | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-50968", "url": "https://www.cve.org/CVERecord?id=CVE-2023-50968"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-50968"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Apache OFBiz: Arbitrary file properties reading and SSRF attack", "vendor": "Apache Software Foundation", "product": "Apache OFBiz", "added_date": "2025-11-25T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "6e7f07ac-7bcc-42c9-9958-c49b513a993a", "vulnerability": {"vulnId": "CVE-2022-0656", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-25T00:00:00+00:00"}, "gcve": {"object_uuid": "6e7f07ac-7bcc-42c9-9958-c49b513a993a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-25T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: uDraw < 3.3.3 - Unauthenticated Arbitrary File Access | Affected: Unknown / Web To Print Shop : uDraw | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-0656", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0656"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-0656"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "uDraw < 3.3.3 - Unauthenticated Arbitrary File Access", "vendor": "Unknown", "product": "Web To Print Shop : uDraw", "added_date": "2025-11-25T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "57a9b4d4-dc03-48a7-8236-3843606bfd43", "vulnerability": {"vulnId": "CVE-2013-2678", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-23T00:00:00+00:00"}, "gcve": {"object_uuid": "57a9b4d4-dc03-48a7-8236-3843606bfd43", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-23T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive... | Affected: Cisco / Linksys E4200 | CVSS: 8.1 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2013-2678", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2678"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-2678"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive...", "vendor": "Cisco", "product": "Linksys E4200", "added_date": "2025-11-23T00:00:00.000Z", "cvss_score": 8.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "5249bed1-a088-4a11-b114-1d9acd82969b", "vulnerability": {"vulnId": "CVE-2025-11001", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-21T13:46:16+00:00"}, "gcve": {"object_uuid": "5249bed1-a088-4a11-b114-1d9acd82969b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-21T13:46:16+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-21T13:46:16+00:00"}, "scope": {"notes": "KEVIntel entry: 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability | Affected: 7-Zip / 7-Zip | CVSS: 7.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-11001", "url": "https://www.cve.org/CVERecord?id=CVE-2025-11001"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-11001"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability", "vendor": "7-Zip", "product": "7-Zip", "added_date": "2025-11-21T13:46:16.000Z", "cvss_score": 7.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "bda5ea87-419d-4142-bcf1-1ac8af3b2978", "vulnerability": {"vulnId": "CVE-2023-48022", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-20T17:26:09+00:00"}, "gcve": {"object_uuid": "bda5ea87-419d-4142-bcf1-1ac8af3b2978", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-20T17:26:09+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-20T17:26:09+00:00"}, "scope": {"notes": "KEVIntel entry: Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that... | Affected: Anyscale / Ray | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-48022", "url": "https://www.cve.org/CVERecord?id=CVE-2023-48022"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-48022"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that...", "vendor": "Anyscale", "product": "Ray", "added_date": "2025-11-20T17:26:09.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "7a4748db-9ade-47e7-a6cf-fc2d8e6aa678", "vulnerability": {"vulnId": "CVE-2025-27505", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-20T00:00:00+00:00"}, "gcve": {"object_uuid": "7a4748db-9ade-47e7-a6cf-fc2d8e6aa678", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-20T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-20T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: GeoServer Missing Authorization on REST API Index | Affected: geoserver / geoserver | CVSS: 5.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-27505", "url": "https://www.cve.org/CVERecord?id=CVE-2025-27505"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-27505"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "GeoServer Missing Authorization on REST API Index", "vendor": "geoserver", "product": "geoserver", "added_date": "2025-11-20T00:00:00.000Z", "cvss_score": 5.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "55201db5-c83b-49c6-a3ae-6e8756ecb42f", "vulnerability": {"vulnId": "CVE-2025-36250", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-17T15:00:08+00:00"}, "gcve": {"object_uuid": "55201db5-c83b-49c6-a3ae-6e8756ecb42f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-17T15:00:08+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-17T15:00:08+00:00"}, "scope": {"notes": "KEVIntel entry: AIX Code Execution | Affected: IBM / AIX, VIOS | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-36250", "url": "https://www.cve.org/CVERecord?id=CVE-2025-36250"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-36250"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "AIX Code Execution", "vendor": "IBM", "product": "AIX, VIOS", "added_date": "2025-11-17T15:00:08.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "3dcc2da4-b596-4a5f-a435-5a0a13007835", "vulnerability": {"vulnId": "CVE-2025-8061", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-17T15:00:08+00:00"}, "gcve": {"object_uuid": "3dcc2da4-b596-4a5f-a435-5a0a13007835", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-17T15:00:08+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-17T15:00:08+00:00"}, "scope": {"notes": "KEVIntel entry: A potential insufficient access control vulnerability was reported in the Lenovo Dispatcher 3.0 and Dispatcher 3.1 drivers used by some Lenovo... | Affected: Lenovo / Dispatcher 3.0 Driver, Dispatcher 3.1 Driver | CVSS: 7.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-8061", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8061"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-8061"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A potential insufficient access control vulnerability was reported in the Lenovo Dispatcher 3.0 and Dispatcher 3.1 drivers used by some Lenovo...", "vendor": "Lenovo", "product": "Dispatcher 3.0 Driver, Dispatcher 3.1 Driver", "added_date": "2025-11-17T15:00:08.000Z", "cvss_score": 7.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "ad52a631-787e-421d-964b-43b5b36026e2", "vulnerability": {"vulnId": "CVE-2025-54574", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-17T15:00:08+00:00"}, "gcve": {"object_uuid": "ad52a631-787e-421d-964b-43b5b36026e2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-17T15:00:08+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-17T15:00:08+00:00"}, "scope": {"notes": "KEVIntel entry: Squid's URN Handling can lead to Buffer Overflow | Affected: squid-cache / squid | CVSS: 9.3 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-54574", "url": "https://www.cve.org/CVERecord?id=CVE-2025-54574"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-54574"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Squid's URN Handling can lead to Buffer Overflow", "vendor": "squid-cache", "product": "squid", "added_date": "2025-11-17T15:00:08.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "0892ecbb-32e7-4d3e-9d5a-1d27dc2c000b", "vulnerability": {"vulnId": "CVE-2025-64027", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-17T15:00:08+00:00"}, "gcve": {"object_uuid": "0892ecbb-32e7-4d3e-9d5a-1d27dc2c000b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-17T15:00:08+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-17T15:00:08+00:00"}, "scope": {"notes": "KEVIntel entry: Snipe-IT v8.3.4 (build 20218) contains a reflected cross-site scripting (XSS) vulnerability in the CSV Import workflow. When an invalid CSV file is... | Affected: Snipe-IT / Snipe-IT | CVSS: 6.1 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-64027", "url": "https://www.cve.org/CVERecord?id=CVE-2025-64027"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-64027"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Snipe-IT v8.3.4 (build 20218) contains a reflected cross-site scripting (XSS) vulnerability in the CSV Import workflow. When an invalid CSV file is...", "vendor": "Snipe-IT", "product": "Snipe-IT", "added_date": "2025-11-17T15:00:08.000Z", "cvss_score": 6.1, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "985b93c6-f4d3-463b-9e40-ed63f3f00c56", "vulnerability": {"vulnId": "CVE-2023-33177", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-17T15:00:08+00:00"}, "gcve": {"object_uuid": "985b93c6-f4d3-463b-9e40-ed63f3f00c56", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-17T15:00:08+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-17T15:00:08+00:00"}, "scope": {"notes": "KEVIntel entry: Xibo CMS vulnerable to Remote Code Execution through Zip Slip | Affected: xibosignage / xibo-cms | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-33177", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33177"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-33177"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Xibo CMS vulnerable to Remote Code Execution through Zip Slip", "vendor": "xibosignage", "product": "xibo-cms", "added_date": "2025-11-17T15:00:08.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "c599ba9b-040f-4102-8729-69953e768fb2", "vulnerability": {"vulnId": "CVE-2025-12762", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-17T15:00:08+00:00"}, "gcve": {"object_uuid": "c599ba9b-040f-4102-8729-69953e768fb2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-17T15:00:08+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-17T15:00:08+00:00"}, "scope": {"notes": "KEVIntel entry: Remote Code Execution vulnerability when restoring PLAIN-format SQL dumps in server mode (pgAdmin 4) | Affected: pgadmin.org / pgAdmin 4 | CVSS: 9.1 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-12762", "url": "https://www.cve.org/CVERecord?id=CVE-2025-12762"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-12762"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Remote Code Execution vulnerability when restoring PLAIN-format SQL dumps in server mode (pgAdmin 4)", "vendor": "pgadmin.org", "product": "pgAdmin 4", "added_date": "2025-11-17T15:00:08.000Z", "cvss_score": 9.1, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "9e3e72e4-aa0c-43d0-9c26-21d51565aadb", "vulnerability": {"vulnId": "CVE-2022-38130", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-13T00:00:00+00:00"}, "gcve": {"object_uuid": "9e3e72e4-aa0c-43d0-9c26-21d51565aadb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-13T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() method is used to restore the HSQLDB database used in SMS. It takes the... | Affected: Keysight Technologies / Tentacle | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-38130", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38130"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-38130"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() method is used to restore the HSQLDB database used in SMS. It takes the...", "vendor": "Keysight Technologies", "product": "Tentacle", "added_date": "2025-11-13T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "ef7d5c4d-70f3-4d8f-81ab-73815928b1c6", "vulnerability": {"vulnId": "CVE-2023-5815", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-12T00:00:00+00:00"}, "gcve": {"object_uuid": "ef7d5c4d-70f3-4d8f-81ab-73815928b1c6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-12T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-12T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The News & Blog Designer Pack \u2013 WordPress Blog Plugin \u2014 (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post... | Affected: infornweb / News & Blog Designer Pack \u2013 WordPress Blog Plugin \u2014 (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry) | CVSS: 8.1 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-5815", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5815"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-5815"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The News & Blog Designer Pack \u2013 WordPress Blog Plugin \u2014 (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post...", "vendor": "infornweb", "product": "News & Blog Designer Pack \u2013 WordPress Blog Plugin \u2014 (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry)", "added_date": "2025-11-12T00:00:00.000Z", "cvss_score": 8.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "14607b46-020d-4553-9073-067fdaa89b5a", "vulnerability": {"vulnId": "CVE-2022-1006", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-12T00:00:00+00:00"}, "gcve": {"object_uuid": "14607b46-020d-4553-9073-067fdaa89b5a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-12T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-12T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Advanced Booking Calendar < 1.7.1 - Admin+ SQLi | Affected: Unknown / Advanced Booking Calendar | CVSS: 7.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-1006", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1006"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-1006"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Advanced Booking Calendar < 1.7.1 - Admin+ SQLi", "vendor": "Unknown", "product": "Advanced Booking Calendar", "added_date": "2025-11-12T00:00:00.000Z", "cvss_score": 7.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "16113aee-da7a-4f85-a664-8241e32de632", "vulnerability": {"vulnId": "CVE-2021-34187", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-12T00:00:00+00:00"}, "gcve": {"object_uuid": "16113aee-da7a-4f85-a664-8241e32de632", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-12T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-12T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter. | Affected: Chamilo / Chamilo LMS | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-34187", "url": "https://www.cve.org/CVERecord?id=CVE-2021-34187"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-34187"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter.", "vendor": "Chamilo", "product": "Chamilo LMS", "added_date": "2025-11-12T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "3b8e0d3b-0a48-45d5-b56b-1c6cc5809a66", "vulnerability": {"vulnId": "CVE-2017-8961", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-12T00:00:00+00:00"}, "gcve": {"object_uuid": "3b8e0d3b-0a48-45d5-b56b-1c6cc5809a66", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-12T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-12T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A directory traversal vulnerability in HPE Intelligent Management Center (IMC) PLAT 7.3 E0504P02 could allow remote code execution. | Affected: Hewlett Packard Enterprise / Intelligent Management Center | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2017-8961", "url": "https://www.cve.org/CVERecord?id=CVE-2017-8961"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-8961"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A directory traversal vulnerability in HPE Intelligent Management Center (IMC) PLAT 7.3 E0504P02 could allow remote code execution.", "vendor": "Hewlett Packard Enterprise", "product": "Intelligent Management Center", "added_date": "2025-11-12T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "90fd346f-0137-4991-b759-3b30884c0a22", "vulnerability": {"vulnId": "CVE-2023-7309", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-11T00:00:00+00:00"}, "gcve": {"object_uuid": "90fd346f-0137-4991-b759-3b30884c0a22", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-11T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Dahua Smart Park Integrated Management Platform Front-End Arbitrary File Upload | Affected: Zhejiang Dahua Technology Co., Ltd. / Smart Park Integrated Management Platform | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-7309", "url": "https://www.cve.org/CVERecord?id=CVE-2023-7309"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-7309"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Dahua Smart Park Integrated Management Platform Front-End Arbitrary File Upload", "vendor": "Zhejiang Dahua Technology Co., Ltd.", "product": "Smart Park Integrated Management Platform", "added_date": "2025-11-11T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "3ddfbadc-f603-49c8-81f0-a8de50b258b5", "vulnerability": {"vulnId": "CVE-2025-0674", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-11T00:00:00+00:00"}, "gcve": {"object_uuid": "3ddfbadc-f603-49c8-81f0-a8de50b258b5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-11T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Elber Communications Equipment Authentication Bypass Using an Alternate Path or Channel | Affected: Elber / Signum DVB-S/S2 IRD, Cleber/3 Broadcast Multi-Purpose Platform, Reble610 M/ODU XPIC IP-ASI-SDH, ESE DVB-S/S2 Satellite Receiver, Wayber Analog/Digital Audio STL | CVSS: 9.3 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-0674", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0674"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-0674"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Elber Communications Equipment Authentication Bypass Using an Alternate Path or Channel", "vendor": "Elber", "product": "Signum DVB-S/S2 IRD, Cleber/3 Broadcast Multi-Purpose Platform, Reble610 M/ODU XPIC IP-ASI-SDH, ESE DVB-S/S2 Satellite Receiver, Wayber Analog/Digital Audio STL", "added_date": "2025-11-11T00:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "2447712b-44a7-4d29-8fd5-493a69f420d2", "vulnerability": {"vulnId": "CVE-2025-34143", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-11T00:00:00+00:00"}, "gcve": {"object_uuid": "2447712b-44a7-4d29-8fd5-493a69f420d2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-11T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: ETQ Reliance CG Authentication Bypass via Trailing Space RCE | Affected: ETQ / Reliance CG (legacy) | CVSS: 9.3 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-34143", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34143"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-34143"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "ETQ Reliance CG Authentication Bypass via Trailing Space RCE", "vendor": "ETQ", "product": "Reliance CG (legacy)", "added_date": "2025-11-11T00:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "1b380507-d041-40e6-be8a-be145f08de9a", "vulnerability": {"vulnId": "CVE-2024-6235", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-11T00:00:00+00:00"}, "gcve": {"object_uuid": "1b380507-d041-40e6-be8a-be145f08de9a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-11T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Sensitive information disclosure | Affected: NetScaler / NetScaler Console | CVSS: 9.4 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-6235", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6235"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-6235"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Sensitive information disclosure", "vendor": "NetScaler", "product": "NetScaler Console", "added_date": "2025-11-11T00:00:00.000Z", "cvss_score": 9.4, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "402f187c-0f7a-4e6d-beb4-d87f07f5d1bc", "vulnerability": {"vulnId": "CVE-2024-9193", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-11T00:00:00+00:00"}, "gcve": {"object_uuid": "402f187c-0f7a-4e6d-beb4-d87f07f5d1bc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-11T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: WHMpress <= 6.3-revision-0 - Unauthenticated Local File Inclusion to Arbitrary Options Update | Affected: creativeon / WHMpress - WHMCS WordPress Integration Plugin | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-9193", "url": "https://www.cve.org/CVERecord?id=CVE-2024-9193"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-9193"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WHMpress <= 6.3-revision-0 - Unauthenticated Local File Inclusion to Arbitrary Options Update", "vendor": "creativeon", "product": "WHMpress - WHMCS WordPress Integration Plugin", "added_date": "2025-11-11T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a102365c-f7e5-4119-be15-ce47dcce87ca", "vulnerability": {"vulnId": "CVE-2025-4009", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-11T00:00:00+00:00"}, "gcve": {"object_uuid": "a102365c-f7e5-4119-be15-ce47dcce87ca", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-11T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unauthenticated Arbitrary Command Injection in Evertz SDVN | Affected: Evertz / 3080ipx-10G, MViP-II, cVIP, 7890IXG, CC Access Server, 5782XPS-APP-4E | CVSS: 9.3 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-4009", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4009"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-4009"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unauthenticated Arbitrary Command Injection in Evertz SDVN", "vendor": "Evertz", "product": "3080ipx-10G, MViP-II, cVIP, 7890IXG, CC Access Server, 5782XPS-APP-4E", "added_date": "2025-11-11T00:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "5f045c1e-ecaa-4e55-b811-7134658f8e60", "vulnerability": {"vulnId": "CVE-2025-53118", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-11T00:00:00+00:00"}, "gcve": {"object_uuid": "5f045c1e-ecaa-4e55-b811-7134658f8e60", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-11T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Securden Unified PAM Authentication Bypass | Affected: Securden / Unified PAM | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-53118", "url": "https://www.cve.org/CVERecord?id=CVE-2025-53118"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-53118"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Securden Unified PAM Authentication Bypass", "vendor": "Securden", "product": "Unified PAM", "added_date": "2025-11-11T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "0c69cce7-6b74-42f5-9365-db32df619077", "vulnerability": {"vulnId": "CVE-2025-25034", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-11T00:00:00+00:00"}, "gcve": {"object_uuid": "0c69cce7-6b74-42f5-9365-db32df619077", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-11T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SugarCRM PHP Deserialization RCE | Affected: SugarCRM / SugarCRM | CVSS: 9.3 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-25034", "url": "https://www.cve.org/CVERecord?id=CVE-2025-25034"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-25034"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SugarCRM PHP Deserialization RCE", "vendor": "SugarCRM", "product": "SugarCRM", "added_date": "2025-11-11T00:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a8b1aa56-b52d-4467-b6f2-02f8c7ed6681", "vulnerability": {"vulnId": "CVE-2025-47539", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-11T00:00:00+00:00"}, "gcve": {"object_uuid": "a8b1aa56-b52d-4467-b6f2-02f8c7ed6681", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-11T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: WordPress Eventin plugin <= 4.0.26 - Privilege Escalation Vulnerability | Affected: Arraytics / Eventin | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-47539", "url": "https://www.cve.org/CVERecord?id=CVE-2025-47539"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-47539"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WordPress Eventin plugin <= 4.0.26 - Privilege Escalation Vulnerability", "vendor": "Arraytics", "product": "Eventin", "added_date": "2025-11-11T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "152a826c-4a94-4e80-a210-6b2c4f28d9cd", "vulnerability": {"vulnId": "CVE-2025-54123", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-11T00:00:00+00:00"}, "gcve": {"object_uuid": "152a826c-4a94-4e80-a210-6b2c4f28d9cd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-11T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation | Affected: SpectoLabs / hoverfly | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-54123", "url": "https://www.cve.org/CVERecord?id=CVE-2025-54123"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-54123"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation", "vendor": "SpectoLabs", "product": "hoverfly", "added_date": "2025-11-11T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "f6ba21c9-c9e4-4743-a3c2-28d6f4b9630f", "vulnerability": {"vulnId": "CVE-2023-26258", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-09T00:00:00+00:00"}, "gcve": {"object_uuid": "f6ba21c9-c9e4-4743-a3c2-28d6f4b9630f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-09T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-09T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the... | Affected: Arcserve / Arcserve UDP | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-26258", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26258"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-26258"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the...", "vendor": "Arcserve", "product": "Arcserve UDP", "added_date": "2025-11-09T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "b006bde5-6a7e-4c5a-8e28-f2f363ef0a2a", "vulnerability": {"vulnId": "CVE-2022-3980", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-09T00:00:00+00:00"}, "gcve": {"object_uuid": "b006bde5-6a7e-4c5a-8e28-f2f363ef0a2a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-09T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-09T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed... | Affected: Sophos / Sophos Mobile managed on-premises | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-3980", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3980"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-3980"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed...", "vendor": "Sophos", "product": "Sophos Mobile managed on-premises", "added_date": "2025-11-09T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "b13770cf-0266-438f-99c3-fc9a08a40191", "vulnerability": {"vulnId": "CVE-2023-49785", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-09T00:00:00+00:00"}, "gcve": {"object_uuid": "b13770cf-0266-438f-99c3-fc9a08a40191", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-09T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-09T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: NextChat vulnerable to Server-Side Request Forgery and Cross-site Scripting | Affected: ChatGPTNextWeb / NextChat | CVSS: 9.1 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-49785", "url": "https://www.cve.org/CVERecord?id=CVE-2023-49785"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-49785"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "NextChat vulnerable to Server-Side Request Forgery and Cross-site Scripting", "vendor": "ChatGPTNextWeb", "product": "NextChat", "added_date": "2025-11-09T00:00:00.000Z", "cvss_score": 9.1, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "c0c70c00-6f3d-4426-8105-889387d3176c", "vulnerability": {"vulnId": "CVE-2023-5830", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-09T00:00:00+00:00"}, "gcve": {"object_uuid": "c0c70c00-6f3d-4426-8105-889387d3176c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-09T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-09T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: ColumbiaSoft Document Locator WebTools login improper authentication | Affected: ColumbiaSoft / Document Locator | CVSS: 7.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-5830", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5830"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-5830"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "ColumbiaSoft Document Locator WebTools login improper authentication", "vendor": "ColumbiaSoft", "product": "Document Locator", "added_date": "2025-11-09T00:00:00.000Z", "cvss_score": 7.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "cd0af4f1-0d60-4842-b1f0-e108c82b6b1d", "vulnerability": {"vulnId": "CVE-2022-4328", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-09T00:00:00+00:00"}, "gcve": {"object_uuid": "cd0af4f1-0d60-4842-b1f0-e108c82b6b1d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-09T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-09T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: WooCommerce Checkout Field Manager < 18.0 - Unauthenticated Arbitrary File Upload | Affected: Unknown / WooCommerce Checkout Field Manager | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-4328", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4328"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-4328"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WooCommerce Checkout Field Manager < 18.0 - Unauthenticated Arbitrary File Upload", "vendor": "Unknown", "product": "WooCommerce Checkout Field Manager", "added_date": "2025-11-09T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "c9fc1d9f-b5bd-42f9-a7b1-2d4016a5740e", "vulnerability": {"vulnId": "CVE-2023-20073", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-09T00:00:00+00:00"}, "gcve": {"object_uuid": "c9fc1d9f-b5bd-42f9-a7b1-2d4016a5740e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-09T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-09T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability | Affected: Cisco / Cisco Small Business RV Series Router Firmware | CVSS: 5.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-20073", "url": "https://www.cve.org/CVERecord?id=CVE-2023-20073"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-20073"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability", "vendor": "Cisco", "product": "Cisco Small Business RV Series Router Firmware", "added_date": "2025-11-09T00:00:00.000Z", "cvss_score": 5.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "50a000db-ce1f-4f31-ac25-3839d8425932", "vulnerability": {"vulnId": "CVE-2022-1020", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-08T00:00:00+00:00"}, "gcve": {"object_uuid": "50a000db-ce1f-4f31-ac25-3839d8425932", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-08T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call | Affected: Unknown / Product Table for WooCommerce (wooproducttable) | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-1020", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1020"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-1020"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call", "vendor": "Unknown", "product": "Product Table for WooCommerce (wooproducttable)", "added_date": "2025-11-08T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "136cf6e3-cb63-4ef9-b43b-869a19a2e2a2", "vulnerability": {"vulnId": "CVE-2022-0826", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-08T00:00:00+00:00"}, "gcve": {"object_uuid": "136cf6e3-cb63-4ef9-b43b-869a19a2e2a2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-08T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: WP Video Gallery <= 1.7.1 - Unauthenticated SQLi | Affected: Unknown / WP Video Gallery | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-0826", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0826"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-0826"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WP Video Gallery <= 1.7.1 - Unauthenticated SQLi", "vendor": "Unknown", "product": "WP Video Gallery", "added_date": "2025-11-08T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "25c56e2f-5620-4f7f-b085-4fd1bb4da42b", "vulnerability": {"vulnId": "CVE-2022-31137", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-08T00:00:00+00:00"}, "gcve": {"object_uuid": "25c56e2f-5620-4f7f-b085-4fd1bb4da42b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-08T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unauthenticated Remote Code Execution in Roxy-WI | Affected: hap-wi / roxy-wi | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-31137", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31137"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-31137"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unauthenticated Remote Code Execution in Roxy-WI", "vendor": "hap-wi", "product": "roxy-wi", "added_date": "2025-11-08T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "b419145f-3d5d-41c1-8cb5-4eedf5529f1f", "vulnerability": {"vulnId": "CVE-2022-0592", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-08T00:00:00+00:00"}, "gcve": {"object_uuid": "b419145f-3d5d-41c1-8cb5-4eedf5529f1f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-08T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: MapSVG < 6.2.20 - Unauthenticated SQLi | Affected: Unknown / MapSVG | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-0592", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0592"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-0592"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "MapSVG < 6.2.20 - Unauthenticated SQLi", "vendor": "Unknown", "product": "MapSVG", "added_date": "2025-11-08T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "18958004-de2f-4fe0-9f10-789c81326da9", "vulnerability": {"vulnId": "CVE-2022-29007", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-08T00:00:00+00:00"}, "gcve": {"object_uuid": "18958004-de2f-4fe0-9f10-789c81326da9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-08T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows... | Affected: Dairy Farm / Shop Management System | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-29007", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29007"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-29007"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows...", "vendor": "Dairy Farm", "product": "Shop Management System", "added_date": "2025-11-08T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "27d948ff-8ec6-4133-b204-0f22fe97d5ab", "vulnerability": {"vulnId": "CVE-2021-37580", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-08T00:00:00+00:00"}, "gcve": {"object_uuid": "27d948ff-8ec6-4133-b204-0f22fe97d5ab", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-08T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Apache ShenYu Admin bypass JWT authentication | Affected: Apache Software Foundation / Apache ShenYu Admin | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-37580", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37580"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-37580"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Apache ShenYu Admin bypass JWT authentication", "vendor": "Apache Software Foundation", "product": "Apache ShenYu Admin", "added_date": "2025-11-08T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "4f26bea0-bb2f-466f-849d-d49f64e4e491", "vulnerability": {"vulnId": "CVE-2021-27931", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-08T00:00:00+00:00"}, "gcve": {"object_uuid": "4f26bea0-bb2f-466f-849d-d49f64e4e491", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-08T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a... | Affected: Lumis / LumisXP | CVSS: 9.1 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-27931", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27931"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-27931"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a...", "vendor": "Lumis", "product": "LumisXP", "added_date": "2025-11-08T00:00:00.000Z", "cvss_score": 9.1, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "34233ccd-c562-4343-a18d-da76d6bb22cd", "vulnerability": {"vulnId": "CVE-2022-0827", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-08T00:00:00+00:00"}, "gcve": {"object_uuid": "34233ccd-c562-4343-a18d-da76d6bb22cd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-08T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Bestbooks <= 2.6.3 - Unauthenticated SQLi | Affected: Unknown / Bestbooks | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-0827", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0827"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-0827"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Bestbooks <= 2.6.3 - Unauthenticated SQLi", "vendor": "Unknown", "product": "Bestbooks", "added_date": "2025-11-08T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "ed863f3f-0ff9-4cba-a58c-5e19c558b2d3", "vulnerability": {"vulnId": "CVE-2021-44427", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-08T00:00:00+00:00"}, "gcve": {"object_uuid": "ed863f3f-0ff9-4cba-a58c-5e19c558b2d3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-08T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to... | Affected: Rosario Student Information System / rosariosis | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-44427", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44427"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-44427"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to...", "vendor": "Rosario Student Information System", "product": "rosariosis", "added_date": "2025-11-08T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "df89da65-6831-48f7-89cc-bdd1e9ce1495", "vulnerability": {"vulnId": "CVE-2018-17173", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-06T00:00:00+00:00"}, "gcve": {"object_uuid": "df89da65-6831-48f7-89cc-bdd1e9ce1495", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-06T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail. | Affected: LG / SuperSign CMS | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-17173", "url": "https://www.cve.org/CVERecord?id=CVE-2018-17173"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-17173"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.", "vendor": "LG", "product": "SuperSign CMS", "added_date": "2025-11-06T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "7f1559f0-4a6d-4abf-a65c-8538871d4185", "vulnerability": {"vulnId": "CVE-2020-35667", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-05T21:00:04+00:00"}, "gcve": {"object_uuid": "7f1559f0-4a6d-4abf-a65c-8538871d4185", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-05T21:00:04+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-05T21:00:04+00:00"}, "scope": {"notes": "KEVIntel entry: JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials. | Affected: JetBrains / TeamCity Plugin | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-35667", "url": "https://www.cve.org/CVERecord?id=CVE-2020-35667"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-35667"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials.", "vendor": "JetBrains", "product": "TeamCity Plugin", "added_date": "2025-11-05T21:00:04.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "2247bb76-99cf-41d9-ae25-437583d7478c", "vulnerability": {"vulnId": "CVE-2025-48593", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-05T19:42:16+00:00"}, "gcve": {"object_uuid": "2247bb76-99cf-41d9-ae25-437583d7478c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-05T19:42:16+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-05T19:42:16+00:00"}, "scope": {"notes": "KEVIntel entry: In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a use after free. This could lead to remote... | Affected: Google / Android | CVSS: 8.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-48593", "url": "https://www.cve.org/CVERecord?id=CVE-2025-48593"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-48593"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a use after free. This could lead to remote...", "vendor": "Google", "product": "Android", "added_date": "2025-11-05T19:42:16.000Z", "cvss_score": 8.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "16fa1d79-ccc7-483c-b481-4fde17bd26d3", "vulnerability": {"vulnId": "CVE-2024-12856", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "16fa1d79-ccc7-483c-b481-4fde17bd26d3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-03T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Four-Faith Industrial Router adjust_sys_time OS Command Injection | Affected: Four-Faith / F3x24, F3x36 | CVSS: 7.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-12856", "url": "https://www.cve.org/CVERecord?id=CVE-2024-12856"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-12856"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Four-Faith Industrial Router adjust_sys_time OS Command Injection", "vendor": "Four-Faith", "product": "F3x24, F3x36", "added_date": "2025-11-03T00:00:00.000Z", "cvss_score": 7.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "8864b5e6-954c-432f-b765-60d604025a8e", "vulnerability": {"vulnId": "CVE-2018-17532", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-31T00:00:00+00:00"}, "gcve": {"object_uuid": "8864b5e6-954c-432f-b765-60d604025a8e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-31T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-31T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi... | Affected: Teltonika / RUT9XX routers | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-17532", "url": "https://www.cve.org/CVERecord?id=CVE-2018-17532"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-17532"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi...", "vendor": "Teltonika", "product": "RUT9XX routers", "added_date": "2025-10-31T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "4c578136-f992-4f5b-aaad-5ae7fd3d03d4", "vulnerability": {"vulnId": "CVE-2025-11533", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-29T21:41:13+00:00"}, "gcve": {"object_uuid": "4c578136-f992-4f5b-aaad-5ae7fd3d03d4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-29T21:41:13+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-29T21:41:13+00:00"}, "scope": {"notes": "KEVIntel entry: WP Freeio <= 1.2.21 - Unauthenticated Privilege Escalation | Affected: ApusTheme / WP Freeio | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-11533", "url": "https://www.cve.org/CVERecord?id=CVE-2025-11533"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-11533"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WP Freeio <= 1.2.21 - Unauthenticated Privilege Escalation", "vendor": "ApusTheme", "product": "WP Freeio", "added_date": "2025-10-29T21:41:13.352Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a1db9fd5-9701-4a69-b02e-63926220cf6f", "vulnerability": {"vulnId": "CVE-2020-8958", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-29T00:00:00+00:00"}, "gcve": {"object_uuid": "a1db9fd5-9701-4a69-b02e-63926220cf6f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-29T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-29T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V2804RGW 1.9.1-181203 through 2.9.0-181024 devices allow remote attackers to... | Affected: Guangzhou / 1GE ONU V2801RW and V2804RGW | CVSS: 7.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-8958", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8958"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-8958"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V2804RGW 1.9.1-181203 through 2.9.0-181024 devices allow remote attackers to...", "vendor": "Guangzhou", "product": "1GE ONU V2801RW and V2804RGW", "added_date": "2025-10-29T00:00:00.000Z", "cvss_score": 7.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "b0587578-acf5-4ffe-92bd-52779998be79", "vulnerability": {"vulnId": "CVE-2025-55752", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-28T21:00:05+00:00"}, "gcve": {"object_uuid": "b0587578-acf5-4ffe-92bd-52779998be79", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-28T21:00:05+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-28T21:00:05+00:00"}, "scope": {"notes": "KEVIntel entry: Apache Tomcat: Directory traversal via rewrite with possible RCE if PUT is enabled | Affected: Apache Software Foundation / Apache Tomcat | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-55752", "url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-55752"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Apache Tomcat: Directory traversal via rewrite with possible RCE if PUT is enabled", "vendor": "Apache Software Foundation", "product": "Apache Tomcat", "added_date": "2025-10-28T21:00:05.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "28bc964a-58b8-4c1f-a1d6-f053595f6923", "vulnerability": {"vulnId": "CVE-2025-60595", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-28T21:00:05+00:00"}, "gcve": {"object_uuid": "28bc964a-58b8-4c1f-a1d6-f053595f6923", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-28T21:00:05+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-28T21:00:05+00:00"}, "scope": {"notes": "KEVIntel entry: SPH Engineering UgCS 5.13.0 is vulnerable to Arbitary code execution. | Affected: SPH Engineering / UgCS | CVSS: 8.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-60595", "url": "https://www.cve.org/CVERecord?id=CVE-2025-60595"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-60595"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SPH Engineering UgCS 5.13.0 is vulnerable to Arbitary code execution.", "vendor": "SPH Engineering", "product": "UgCS", "added_date": "2025-10-28T21:00:05.000Z", "cvss_score": 8.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "be591d9c-b14c-44a0-a42c-c48cfab8ba03", "vulnerability": {"vulnId": "CVE-2024-6387", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-28T06:45:31+00:00"}, "gcve": {"object_uuid": "be591d9c-b14c-44a0-a42c-c48cfab8ba03", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-28T06:45:31+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-28T06:45:31+00:00"}, "scope": {"notes": "KEVIntel entry: Openssh: regresshion - race condition in ssh allows rce/dos | Affected: , Red Hat / , Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions, Red Hat Enterprise Linux 9.2 Extended Update Support, Red Hat OpenShift Container Platform 4.13, Red Hat OpenShift Container Platform 4.14, Red Hat OpenShift Container Platform 4.15, Red Hat OpenShift Container Platform 4.16, Red Hat Ceph Storage 5, Red Hat Ceph Storage 6, Red Hat Ceph Storage 7, Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8 | CVSS: 8.1 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-6387", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6387"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-6387"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Openssh: regresshion - race condition in ssh allows rce/dos", "vendor": ", Red Hat", "product": ", Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions, Red Hat Enterprise Linux 9.2 Extended Update Support, Red Hat OpenShift Container Platform 4.13, Red Hat OpenShift Container Platform 4.14, Red Hat OpenShift Container Platform 4.15, Red Hat OpenShift Container Platform 4.16, Red Hat Ceph Storage 5, Red Hat Ceph Storage 6, Red Hat Ceph Storage 7, Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8", "added_date": "2025-10-28T06:45:31.000Z", "cvss_score": 8.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "3094b1d7-3267-4e32-955f-28d4b945b275", "vulnerability": {"vulnId": "CVE-2025-61156", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-27T16:53:52+00:00"}, "gcve": {"object_uuid": "3094b1d7-3267-4e32-955f-28d4b945b275", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-27T16:53:52+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-27T16:53:52+00:00"}, "scope": {"notes": "KEVIntel entry: Incorrect access control in the kernel driver of ThreatFire System Monitor v4.7.0.53 allows attackers to escalate privileges and execute arbitrary... | Affected: ThreatFire / ThreatFire System Monitor | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-61156", "url": "https://www.cve.org/CVERecord?id=CVE-2025-61156"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-61156"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Incorrect access control in the kernel driver of ThreatFire System Monitor v4.7.0.53 allows attackers to escalate privileges and execute arbitrary...", "vendor": "ThreatFire", "product": "ThreatFire System Monitor", "added_date": "2025-10-27T16:53:52.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "d8931dc4-c735-4853-9bad-15c41bc2d67f", "vulnerability": {"vulnId": "CVE-2025-8868", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-27T14:10:46+00:00"}, "gcve": {"object_uuid": "d8931dc4-c735-4853-9bad-15c41bc2d67f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-27T14:10:46+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-27T14:10:46+00:00"}, "scope": {"notes": "KEVIntel entry: Chef Automate compliance service SQL Injection Vulnerability | Affected: Progress Software / Chef Automate | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-8868", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8868"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-8868"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Chef Automate compliance service SQL Injection Vulnerability", "vendor": "Progress Software", "product": "Chef Automate", "added_date": "2025-10-27T14:10:46.518Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "5d82c643-1799-4646-9af6-b8c5e72f2eb3", "vulnerability": {"vulnId": "CVE-2023-5970", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-26T22:33:03+00:00"}, "gcve": {"object_uuid": "5d82c643-1799-4646-9af6-b8c5e72f2eb3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-26T22:33:03+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-26T22:33:03+00:00"}, "scope": {"notes": "KEVIntel entry: Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain... | Affected: SonicWall / SMA100 | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-5970", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5970"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-5970"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain...", "vendor": "SonicWall", "product": "SMA100", "added_date": "2025-10-26T22:33:03.554Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "0ba796a8-5440-4977-9b70-61c2ae17e73e", "vulnerability": {"vulnId": "CVE-2022-1703", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-26T22:32:42+00:00"}, "gcve": {"object_uuid": "0ba796a8-5440-4977-9b70-61c2ae17e73e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-26T22:32:42+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-26T22:32:42+00:00"}, "scope": {"notes": "KEVIntel entry: Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to... | Affected: SonicWall / SMA100 | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-1703", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1703"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-1703"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to...", "vendor": "SonicWall", "product": "SMA100", "added_date": "2025-10-26T22:32:42.135Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "b2a96d46-b616-4e8d-ac44-b32ab472a64a", "vulnerability": {"vulnId": "CVE-2022-2915", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-26T22:32:25+00:00"}, "gcve": {"object_uuid": "b2a96d46-b616-4e8d-ac44-b32ab472a64a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-26T22:32:25+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-26T22:32:25+00:00"}, "scope": {"notes": "KEVIntel entry: A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service... | Affected: SonicWall / SMA100 | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-2915", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2915"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-2915"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service...", "vendor": "SonicWall", "product": "SMA100", "added_date": "2025-10-26T22:32:25.853Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "970a6b54-574e-42bd-8413-12feffa1b519", "vulnerability": {"vulnId": "CVE-2025-24477", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-26T22:32:03+00:00"}, "gcve": {"object_uuid": "970a6b54-574e-42bd-8413-12feffa1b519", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-26T22:32:03+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-26T22:32:03+00:00"}, "scope": {"notes": "KEVIntel entry: A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.4 through 7.2.12... | Affected: Fortinet / FortiOS | CVSS: 4.0 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-24477", "url": "https://www.cve.org/CVERecord?id=CVE-2025-24477"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-24477"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.4 through 7.2.12...", "vendor": "Fortinet", "product": "FortiOS", "added_date": "2025-10-26T22:32:03.383Z", "cvss_score": 4.0, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "b1c3f653-0be1-45fe-ab94-4e14ddfcc8b0", "vulnerability": {"vulnId": "CVE-2025-59474", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-26T19:42:31+00:00"}, "gcve": {"object_uuid": "b1c3f653-0be1-45fe-ab94-4e14ddfcc8b0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-26T19:42:31+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-26T19:42:31+00:00"}, "scope": {"notes": "KEVIntel entry: Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users... | Affected: Jenkins Project / Jenkins | CVSS: 5.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-59474", "url": "https://www.cve.org/CVERecord?id=CVE-2025-59474"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-59474"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users...", "vendor": "Jenkins Project", "product": "Jenkins", "added_date": "2025-10-26T19:42:31.435Z", "cvss_score": 5.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "003b1a36-5833-430a-82d2-e283e9d8e994", "vulnerability": {"vulnId": "CVE-2024-36394", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-26T04:57:35+00:00"}, "gcve": {"object_uuid": "003b1a36-5833-430a-82d2-e283e9d8e994", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-26T04:57:35+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-26T04:57:35+00:00"}, "scope": {"notes": "KEVIntel entry: SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | Affected: Sysaid / SysAid | CVSS: 9.1 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-36394", "url": "https://www.cve.org/CVERecord?id=CVE-2024-36394"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-36394"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "vendor": "Sysaid", "product": "SysAid", "added_date": "2025-10-26T04:57:35.000Z", "cvss_score": 9.1, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "12d37ba7-a1d9-4d66-a5e6-cbc2aa2cded8", "vulnerability": {"vulnId": "CVE-2023-50358", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-26T00:00:00+00:00"}, "gcve": {"object_uuid": "12d37ba7-a1d9-4d66-a5e6-cbc2aa2cded8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-26T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: QTS, QuTS hero, QuTScloud | Affected: QNAP Systems Inc. / QTS, QuTS hero, QuTScloud | CVSS: 5.8 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-50358", "url": "https://www.cve.org/CVERecord?id=CVE-2023-50358"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-50358"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "QTS, QuTS hero, QuTScloud", "vendor": "QNAP Systems Inc.", "product": "QTS, QuTS hero, QuTScloud", "added_date": "2025-10-26T00:00:00.000Z", "cvss_score": 5.8, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "e0b7b17e-8d67-4617-a5e5-c9e9debca9e7", "vulnerability": {"vulnId": "CVE-2024-11972", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-24T07:29:32+00:00"}, "gcve": {"object_uuid": "e0b7b17e-8d67-4617-a5e5-c9e9debca9e7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-24T07:29:32+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-24T07:29:32+00:00"}, "scope": {"notes": "KEVIntel entry: Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation | Affected: Unknown / Hunk Companion | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-11972", "url": "https://www.cve.org/CVERecord?id=CVE-2024-11972"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-11972"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation", "vendor": "Unknown", "product": "Hunk Companion", "added_date": "2025-10-24T07:29:32.722Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "801b3a00-316f-4f85-904e-d06d012e60fb", "vulnerability": {"vulnId": "CVE-2024-9707", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-24T07:29:14+00:00"}, "gcve": {"object_uuid": "801b3a00-316f-4f85-904e-d06d012e60fb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-24T07:29:14+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-24T07:29:14+00:00"}, "scope": {"notes": "KEVIntel entry: Hunk Companion <= 1.8.4 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation | Affected: themehunk / Hunk Companion | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-9707", "url": "https://www.cve.org/CVERecord?id=CVE-2024-9707"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-9707"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Hunk Companion <= 1.8.4 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation", "vendor": "themehunk", "product": "Hunk Companion", "added_date": "2025-10-24T07:29:14.921Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "c1b7aac8-7e50-4697-b1d9-6b4a7dbd6f5c", "vulnerability": {"vulnId": "CVE-2024-9234", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-24T07:28:55+00:00"}, "gcve": {"object_uuid": "c1b7aac8-7e50-4697-b1d9-6b4a7dbd6f5c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-24T07:28:55+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-24T07:28:55+00:00"}, "scope": {"notes": "KEVIntel entry: GutenKit <= 2.1.0 - Unauthenticated Arbitrary File Upload | Affected: ataurr / GutenKit \u2013 Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-9234", "url": "https://www.cve.org/CVERecord?id=CVE-2024-9234"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-9234"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "GutenKit <= 2.1.0 - Unauthenticated Arbitrary File Upload", "vendor": "ataurr", "product": "GutenKit \u2013 Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor", "added_date": "2025-10-24T07:28:55.602Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "235d8b48-2fe5-47ed-b041-9e352114142c", "vulnerability": {"vulnId": "CVE-2025-34033", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-22T16:58:31+00:00"}, "gcve": {"object_uuid": "235d8b48-2fe5-47ed-b041-9e352114142c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-22T16:58:31+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-22T16:58:31+00:00"}, "scope": {"notes": "KEVIntel entry: 5VTechnologies Blue Angel Software Suite OS Command Injection | Affected: 5VTechnologies / Blue Angel Software Suite | CVSS: 7.7 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-34033", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34033"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-34033"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "5VTechnologies Blue Angel Software Suite OS Command Injection", "vendor": "5VTechnologies", "product": "Blue Angel Software Suite", "added_date": "2025-10-22T16:58:31.546Z", "cvss_score": 7.7, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "f01333f2-1352-4fa9-94fa-94dd723cd8e3", "vulnerability": {"vulnId": "CVE-2025-49533", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-21T22:26:08+00:00"}, "gcve": {"object_uuid": "f01333f2-1352-4fa9-94fa-94dd723cd8e3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-21T22:26:08+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-21T22:26:08+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe Experience Manager (MS) | Deserialization of Untrusted Data (CWE-502) | Affected: Adobe / Adobe Experience Manager (MS) | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-49533", "url": "https://www.cve.org/CVERecord?id=CVE-2025-49533"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-49533"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe Experience Manager (MS) | Deserialization of Untrusted Data (CWE-502)", "vendor": "Adobe", "product": "Adobe Experience Manager (MS)", "added_date": "2025-10-21T22:26:08.112Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "d3ccff09-f93b-47df-b208-5da3b71e9145", "vulnerability": {"vulnId": "CVE-2025-2611", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-15T17:56:53+00:00"}, "gcve": {"object_uuid": "d3ccff09-f93b-47df-b208-5da3b71e9145", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-15T17:56:53+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-15T17:56:53+00:00"}, "scope": {"notes": "KEVIntel entry: ICTBroadcast <= 7.4 Unauthenticated Session Cookie RCE | Affected: ICT Innovations / ICTBroadcast | CVSS: 9.3 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-2611", "url": "https://www.cve.org/CVERecord?id=CVE-2025-2611"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-2611"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "ICTBroadcast <= 7.4 Unauthenticated Session Cookie RCE", "vendor": "ICT Innovations", "product": "ICTBroadcast", "added_date": "2025-10-15T17:56:53.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "304abeb6-7799-4d49-a98d-4654dde22af4", "vulnerability": {"vulnId": "CVE-2025-49844", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-15T14:56:30+00:00"}, "gcve": {"object_uuid": "304abeb6-7799-4d49-a98d-4654dde22af4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-15T14:56:30+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-15T14:56:30+00:00"}, "scope": {"notes": "KEVIntel entry: Redis Lua Use-After-Free may lead to remote code execution | Affected: redis / redis | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-49844", "url": "https://www.cve.org/CVERecord?id=CVE-2025-49844"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-49844"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Redis Lua Use-After-Free may lead to remote code execution", "vendor": "redis", "product": "redis", "added_date": "2025-10-15T14:56:30.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "83559c0a-0beb-41c9-b40e-e25b13d07109", "vulnerability": {"vulnId": "CVE-2025-61984", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-15T14:56:30+00:00"}, "gcve": {"object_uuid": "83559c0a-0beb-41c9-b40e-e25b13d07109", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-15T14:56:30+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-15T14:56:30+00:00"}, "scope": {"notes": "KEVIntel entry: ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to... | Affected: OpenBSD / OpenSSH | CVSS: 3.6 (LOW) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-61984", "url": "https://www.cve.org/CVERecord?id=CVE-2025-61984"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-61984"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to...", "vendor": "OpenBSD", "product": "OpenSSH", "added_date": "2025-10-15T14:56:30.000Z", "cvss_score": 3.6, "epss_score": null, "cvss_severity": "LOW", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "0cf2ceb5-5a19-4225-9b06-eb1aeac0668c", "vulnerability": {"vulnId": "CVE-2025-9976", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-15T14:56:30+00:00"}, "gcve": {"object_uuid": "0cf2ceb5-5a19-4225-9b06-eb1aeac0668c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-15T14:56:30+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-15T14:56:30+00:00"}, "scope": {"notes": "KEVIntel entry: OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x | Affected: Dassault Syst\u00e8mes / Station Launcher App in 3DEXPERIENCE platform | CVSS: 9.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-9976", "url": "https://www.cve.org/CVERecord?id=CVE-2025-9976"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-9976"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x", "vendor": "Dassault Syst\u00e8mes", "product": "Station Launcher App in 3DEXPERIENCE platform", "added_date": "2025-10-15T14:56:30.000Z", "cvss_score": 9.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "ec094189-1d3f-4ca8-a8a3-7e0f3b02ae77", "vulnerability": {"vulnId": "CVE-2021-27855", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-14T00:00:00+00:00"}, "gcve": {"object_uuid": "ec094189-1d3f-4ca8-a8a3-7e0f3b02ae77", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-14T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: FatPipe software allows privilege escalation | Affected: FatPipe / WARP, IPVPN, MPVPN | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-27855", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27855"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-27855"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "FatPipe software allows privilege escalation", "vendor": "FatPipe", "product": "WARP, IPVPN, MPVPN", "added_date": "2025-10-14T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "43a9bde2-b0b3-4ce4-84f9-bf06a8a89642", "vulnerability": {"vulnId": "CVE-2025-5947", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-09T14:12:36+00:00"}, "gcve": {"object_uuid": "43a9bde2-b0b3-4ce4-84f9-bf06a8a89642", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-09T14:12:36+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-09T14:12:36+00:00"}, "scope": {"notes": "KEVIntel entry: Service Finder Bookings <= 6.0 - Authentication Bypass via User Switch Cookie | Affected: aonetheme / Service Finder Bookings | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-5947", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5947"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-5947"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Service Finder Bookings <= 6.0 - Authentication Bypass via User Switch Cookie", "vendor": "aonetheme", "product": "Service Finder Bookings", "added_date": "2025-10-09T14:12:36.794Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "98821b7b-e0ef-4136-a96a-1a99a41ba463", "vulnerability": {"vulnId": "CVE-2025-28367", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-09T00:00:00+00:00"}, "gcve": {"object_uuid": "98821b7b-e0ef-4136-a96a-1a99a41ba463", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-09T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-09T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: mojoPortal <=2.9.0.1 is vulnerable to Directory Traversal via BetterImageGallery API Controller - ImageHandler Action. An attacker can exploit this... | Affected: mojoPortal / mojoPortal | CVSS: 6.5 (MEDIUM) | EPSS: 0.08944 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-28367", "url": "https://www.cve.org/CVERecord?id=CVE-2025-28367"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-28367"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "mojoPortal <=2.9.0.1 is vulnerable to Directory Traversal via BetterImageGallery API Controller - ImageHandler Action. An attacker can exploit this...", "vendor": "mojoPortal", "product": "mojoPortal", "added_date": "2025-10-09T00:00:00.000Z", "cvss_score": 6.5, "epss_score": 0.08944, "cvss_severity": "MEDIUM", "epss_percentile": 0.92086, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "59dd151c-0572-42a9-bcf4-e1024797febd", "vulnerability": {"vulnId": "CVE-2018-10957", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-08T20:14:57+00:00"}, "gcve": {"object_uuid": "59dd151c-0572-42a9-bcf4-e1024797febd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-08T20:14:57+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-08T20:14:57+00:00"}, "scope": {"notes": "KEVIntel entry: CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. hedwig.cgi and pigwidgeon.cgi are two of the... | Affected: D-Link / DIR-868L | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-10957", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10957"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-10957"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. hedwig.cgi and pigwidgeon.cgi are two of the...", "vendor": "D-Link", "product": "DIR-868L", "added_date": "2025-10-08T20:14:57.755Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "5ebba805-2d60-42ac-8856-3da82101d404", "vulnerability": {"vulnId": "CVE-2025-20188", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-08T20:09:20+00:00"}, "gcve": {"object_uuid": "5ebba805-2d60-42ac-8856-3da82101d404", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-08T20:09:20+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-08T20:09:20+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of... | Affected: Cisco / Cisco IOS XE Software | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-20188", "url": "https://www.cve.org/CVERecord?id=CVE-2025-20188"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-20188"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of...", "vendor": "Cisco", "product": "Cisco IOS XE Software", "added_date": "2025-10-08T20:09:20.104Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "510855b8-411d-41e8-8c17-dae0e09ff469", "vulnerability": {"vulnId": "CVE-2025-37899", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-08T20:07:17+00:00"}, "gcve": {"object_uuid": "510855b8-411d-41e8-8c17-dae0e09ff469", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-08T20:07:17+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-08T20:07:17+00:00"}, "scope": {"notes": "KEVIntel entry: ksmbd: fix use-after-free in session logoff | Affected: Linux / Linux | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-37899", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37899"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-37899"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "ksmbd: fix use-after-free in session logoff", "vendor": "Linux", "product": "Linux", "added_date": "2025-10-08T20:07:17.469Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "17445af8-56e0-42ab-9f20-d1af35227e85", "vulnerability": {"vulnId": "CVE-2025-6019", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-08T19:51:45+00:00"}, "gcve": {"object_uuid": "17445af8-56e0-42ab-9f20-d1af35227e85", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-08T19:51:45+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-08T19:51:45+00:00"}, "scope": {"notes": "KEVIntel entry: Libblockdev: lpe from allow_active to root in libblockdev via udisks | Affected: , Red Hat / , Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 7 Extended Lifecycle Support, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Telecommunications Update Service, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions, Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions, Red Hat Enterprise Linux 9.4 Extended Update Support | CVSS: 7.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-6019", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6019"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-6019"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Libblockdev: lpe from allow_active to root in libblockdev via udisks", "vendor": ", Red Hat", "product": ", Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 7 Extended Lifecycle Support, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Telecommunications Update Service, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions, Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions, Red Hat Enterprise Linux 9.4 Extended Update Support", "added_date": "2025-10-08T19:51:45.982Z", "cvss_score": 7.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "17ce57c2-74d1-4f35-ae51-9ea477207ec4", "vulnerability": {"vulnId": "CVE-2025-55161", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-08T00:00:00+00:00"}, "gcve": {"object_uuid": "17ce57c2-74d1-4f35-ae51-9ea477207ec4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-08T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Stirling-PDF SSRF vulnerability on /api/v1/convert/markdown/pdf | Affected: Stirling-Tools / Stirling-PDF | CVSS: 8.6 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-55161", "url": "https://www.cve.org/CVERecord?id=CVE-2025-55161"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-55161"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Stirling-PDF SSRF vulnerability on /api/v1/convert/markdown/pdf", "vendor": "Stirling-Tools", "product": "Stirling-PDF", "added_date": "2025-10-08T00:00:00.000Z", "cvss_score": 8.6, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "bb5cbf96-d5c0-4e0e-8d8e-4fc3a3c96720", "vulnerability": {"vulnId": "CVE-2020-12832", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-05T00:00:00+00:00"}, "gcve": {"object_uuid": "bb5cbf96-d5c0-4e0e-8d8e-4fc3a3c96720", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-05T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerability that lets attackers delete arbitrary files because the application fails... | Affected: WordPress / Simple File List | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-12832", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12832"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-12832"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerability that lets attackers delete arbitrary files because the application fails...", "vendor": "WordPress", "product": "Simple File List", "added_date": "2025-10-05T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "6068796e-c575-452c-a043-1b90382cfd4d", "vulnerability": {"vulnId": "CVE-2024-4325", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-05T00:00:00+00:00"}, "gcve": {"object_uuid": "6068796e-c575-452c-a043-1b90382cfd4d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-05T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Server-Side Request Forgery (SSRF) in gradio-app/gradio | Affected: gradio-app / gradio-app/gradio | CVSS: 8.6 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-4325", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4325"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-4325"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Server-Side Request Forgery (SSRF) in gradio-app/gradio", "vendor": "gradio-app", "product": "gradio-app/gradio", "added_date": "2025-10-05T00:00:00.000Z", "cvss_score": 8.6, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "fb0b98cb-1f82-40eb-ab0a-38ff45a0b49f", "vulnerability": {"vulnId": "CVE-2024-25852", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-05T00:00:00+00:00"}, "gcve": {"object_uuid": "fb0b98cb-1f82-40eb-ab0a-38ff45a0b49f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-05T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the \"AccessControlList\" parameter of the access control... | Affected: Linksys / RE7000 | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-25852", "url": "https://www.cve.org/CVERecord?id=CVE-2024-25852"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-25852"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the \"AccessControlList\" parameter of the access control...", "vendor": "Linksys", "product": "RE7000", "added_date": "2025-10-05T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "c34b9b0c-82d8-4323-bdd1-b43319664267", "vulnerability": {"vulnId": "CVE-2024-35219", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-05T00:00:00+00:00"}, "gcve": {"object_uuid": "c34b9b0c-82d8-4323-bdd1-b43319664267", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-05T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: OpenAPI Generator Online - Arbitrary File Read/Delete | Affected: OpenAPITools / openapi-generator | CVSS: 8.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-35219", "url": "https://www.cve.org/CVERecord?id=CVE-2024-35219"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-35219"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "OpenAPI Generator Online - Arbitrary File Read/Delete", "vendor": "OpenAPITools", "product": "openapi-generator", "added_date": "2025-10-05T00:00:00.000Z", "cvss_score": 8.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "0a65dec8-2beb-4b8e-bdf5-79593f60720b", "vulnerability": {"vulnId": "CVE-2023-5222", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-05T00:00:00+00:00"}, "gcve": {"object_uuid": "0a65dec8-2beb-4b8e-bdf5-79593f60720b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-05T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Viessmann Vitogate 300 Web Management Interface vitogate.cgi isValidUser hard-coded password | Affected: Viessmann / Vitogate 300 | CVSS: 6.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-5222", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5222"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-5222"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Viessmann Vitogate 300 Web Management Interface vitogate.cgi isValidUser hard-coded password", "vendor": "Viessmann", "product": "Vitogate 300", "added_date": "2025-10-05T00:00:00.000Z", "cvss_score": 6.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "755bb404-0754-4981-a637-c9c79b4f601d", "vulnerability": {"vulnId": "CVE-2024-1561", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-05T00:00:00+00:00"}, "gcve": {"object_uuid": "755bb404-0754-4981-a637-c9c79b4f601d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-05T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Arbitrary Local File Read via Component Method Invocation in gradio-app/gradio | Affected: gradio-app / gradio-app/gradio | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-1561", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1561"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-1561"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Arbitrary Local File Read via Component Method Invocation in gradio-app/gradio", "vendor": "gradio-app", "product": "gradio-app/gradio", "added_date": "2025-10-05T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "716091ff-3e2d-4c43-9c98-9c8029236e24", "vulnerability": {"vulnId": "CVE-2021-28151", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-04T00:00:00+00:00"}, "gcve": {"object_uuid": "716091ff-3e2d-4c43-9c98-9c8029236e24", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-04T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) field to the tools.cgi ping... | Affected: Hongdian / H8922 | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-28151", "url": "https://www.cve.org/CVERecord?id=CVE-2021-28151"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-28151"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) field to the tools.cgi ping...", "vendor": "Hongdian", "product": "H8922", "added_date": "2025-10-04T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "6e6c85e0-3003-4800-8de2-fb6e30d8774a", "vulnerability": {"vulnId": "CVE-2025-59489", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-03T20:58:38+00:00"}, "gcve": {"object_uuid": "6e6c85e0-3003-4800-8de2-fb6e30d8774a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-03T20:58:38+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-03T20:58:38+00:00"}, "scope": {"notes": "KEVIntel entry: Unity Runtime before 2025-10-02 on Android, Windows, macOS, and Linux allows argument injection that can result in loading of library code from an... | Affected: Unity3D / Unity Editor | CVSS: 7.4 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-59489", "url": "https://www.cve.org/CVERecord?id=CVE-2025-59489"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-59489"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unity Runtime before 2025-10-02 on Android, Windows, macOS, and Linux allows argument injection that can result in loading of library code from an...", "vendor": "Unity3D", "product": "Unity Editor", "added_date": "2025-10-03T20:58:38.392Z", "cvss_score": 7.4, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "33c3d0cd-6ab5-4016-a239-7aee745ce530", "vulnerability": {"vulnId": "CVE-2021-22911", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-03T00:00:00+00:00"}, "gcve": {"object_uuid": "33c3d0cd-6ab5-4016-a239-7aee745ce530", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-03T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection,... | Affected: Rocket.Chat / Rocket.Chat server | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-22911", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22911"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-22911"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection,...", "vendor": "Rocket.Chat", "product": "Rocket.Chat server", "added_date": "2025-10-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "98b348b2-af92-4db7-a559-72cc0e9e3885", "vulnerability": {"vulnId": "CVE-2021-20092", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-03T00:00:00+00:00"}, "gcve": {"object_uuid": "98b348b2-af92-4db7-a559-72cc0e9e3885", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-03T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly restrict... | Affected: Buffalo / WSR-2533DHPL2, WSR-2533DHP3 | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-20092", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20092"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-20092"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly restrict...", "vendor": "Buffalo", "product": "WSR-2533DHPL2, WSR-2533DHP3", "added_date": "2025-10-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "830047f0-0f88-4038-b22e-f64d4dd17a68", "vulnerability": {"vulnId": "CVE-2025-53652", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-01T11:57:58+00:00"}, "gcve": {"object_uuid": "830047f0-0f88-4038-b22e-f64d4dd17a68", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-01T11:57:58+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-01T11:57:58+00:00"}, "scope": {"notes": "KEVIntel entry: Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not validate that the Git parameter value submitted to the build matches one of... | Affected: Jenkins Project / Jenkins Git Parameter Plugin | CVSS: 8.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-53652", "url": "https://www.cve.org/CVERecord?id=CVE-2025-53652"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-53652"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not validate that the Git parameter value submitted to the build matches one of...", "vendor": "Jenkins Project", "product": "Jenkins Git Parameter Plugin", "added_date": "2025-10-01T11:57:58.000Z", "cvss_score": 8.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "e27b2e58-ae9f-402e-aafe-23a18725f428", "vulnerability": {"vulnId": "CVE-2021-34993", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-01T00:00:00+00:00"}, "gcve": {"object_uuid": "e27b2e58-ae9f-402e-aafe-23a18725f428", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-01T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: This vulnerability allows remote attackers to bypass authentication on affected installations of Commvault CommCell 11.22.22. Authentication is not... | Affected: Commvault / CommCell | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-34993", "url": "https://www.cve.org/CVERecord?id=CVE-2021-34993"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-34993"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "This vulnerability allows remote attackers to bypass authentication on affected installations of Commvault CommCell 11.22.22. Authentication is not...", "vendor": "Commvault", "product": "CommCell", "added_date": "2025-10-01T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "4a0a2328-e02f-4b0a-9d37-1a67d4c207e3", "vulnerability": {"vulnId": "CVE-2020-17505", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-01T00:00:00+00:00"}, "gcve": {"object_uuid": "4a0a2328-e02f-4b0a-9d37-1a67d4c207e3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-01T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands... | Affected: Artica / Artica Web Proxy | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-17505", "url": "https://www.cve.org/CVERecord?id=CVE-2020-17505"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-17505"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands...", "vendor": "Artica", "product": "Artica Web Proxy", "added_date": "2025-10-01T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "5f15dc1a-2ec5-4fb4-a857-70b18450d6c5", "vulnerability": {"vulnId": "CVE-2020-24581", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-01T00:00:00+00:00"}, "gcve": {"object_uuid": "5f15dc1a-2ec5-4fb4-a857-70b18450d6c5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-01T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It contains an execute_cmd.cgi feature (that is not... | Affected: D-Link / DSL-2888A | CVSS: 8.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-24581", "url": "https://www.cve.org/CVERecord?id=CVE-2020-24581"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-24581"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It contains an execute_cmd.cgi feature (that is not...", "vendor": "D-Link", "product": "DSL-2888A", "added_date": "2025-10-01T00:00:00.000Z", "cvss_score": 8.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a62829e3-2bfa-4332-9289-d3b415f8a0fe", "vulnerability": {"vulnId": "CVE-2020-24914", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-01T00:00:00+00:00"}, "gcve": {"object_uuid": "a62829e3-2bfa-4332-9289-d3b415f8a0fe", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-01T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-10-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable... | Affected: qcubed / qcubed | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-24914", "url": "https://www.cve.org/CVERecord?id=CVE-2020-24914"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-24914"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable...", "vendor": "qcubed", "product": "qcubed", "added_date": "2025-10-01T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "592687e6-69f6-43b9-aa4d-94da6ab4cf51", "vulnerability": {"vulnId": "CVE-2019-13372", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-28T00:00:00+00:00"}, "gcve": {"object_uuid": "592687e6-69f6-43b9-aa4d-94da6ab4cf51", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-28T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-09-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: /web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary... | Affected: D-Link / Central WiFi Manager CWM(100) | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2019-13372", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13372"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-13372"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary...", "vendor": "D-Link", "product": "Central WiFi Manager CWM(100)", "added_date": "2025-09-28T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "5e51f400-5572-41a3-94d0-2a85f99591a0", "vulnerability": {"vulnId": "CVE-2018-16059", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-27T00:00:00+00:00"}, "gcve": {"object_uuid": "5e51f400-5572-41a3-94d0-2a85f99591a0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-27T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-09-27T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter. | Affected: Endress+Hauser / WirelessHART Fieldgate SWG70 | CVSS: 5.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-16059", "url": "https://www.cve.org/CVERecord?id=CVE-2018-16059"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-16059"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter.", "vendor": "Endress+Hauser", "product": "WirelessHART Fieldgate SWG70", "added_date": "2025-09-27T00:00:00.000Z", "cvss_score": 5.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a823dd00-4007-45af-9893-7406720f7d07", "vulnerability": {"vulnId": "CVE-2025-20363", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-26T11:08:58+00:00"}, "gcve": {"object_uuid": "a823dd00-4007-45af-9893-7406720f7d07", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-26T11:08:58+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-09-26T11:08:58+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD)... | Affected: Cisco / IOS, Cisco IOS XR Software, Cisco Adaptive Security Appliance (ASA) Software, Cisco IOS XE Software, Cisco Firepower Threat Defense Software | CVSS: 9.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-20363", "url": "https://www.cve.org/CVERecord?id=CVE-2025-20363"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-20363"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD)...", "vendor": "Cisco", "product": "IOS, Cisco IOS XR Software, Cisco Adaptive Security Appliance (ASA) Software, Cisco IOS XE Software, Cisco Firepower Threat Defense Software", "added_date": "2025-09-26T11:08:58.000Z", "cvss_score": 9.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "b3c284ab-e68f-4e8b-b0e9-5cc27c968981", "vulnerability": {"vulnId": "CVE-2025-7937", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-25T15:10:05+00:00"}, "gcve": {"object_uuid": "b3c284ab-e68f-4e8b-b0e9-5cc27c968981", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-25T15:10:05+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-09-25T15:10:05+00:00"}, "scope": {"notes": "KEVIntel entry: Supermicro BMC firmware update validation bypass | Affected: SMCI / MBD-X12STW | CVSS: 7.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-7937", "url": "https://www.cve.org/CVERecord?id=CVE-2025-7937"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-7937"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Supermicro BMC firmware update validation bypass", "vendor": "SMCI", "product": "MBD-X12STW", "added_date": "2025-09-25T15:10:05.000Z", "cvss_score": 7.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "60dc8f0b-3bc8-45f7-9da4-3e6f50368786", "vulnerability": {"vulnId": "CVE-2024-10237", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-25T15:10:05+00:00"}, "gcve": {"object_uuid": "60dc8f0b-3bc8-45f7-9da4-3e6f50368786", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-25T15:10:05+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-09-25T15:10:05+00:00"}, "scope": {"notes": "KEVIntel entry: SMC BMC Firmware Image Authentication Design Issue | Affected: SMCI / MBD-X12DPG-OA6 | CVSS: 7.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-10237", "url": "https://www.cve.org/CVERecord?id=CVE-2024-10237"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-10237"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SMC BMC Firmware Image Authentication Design Issue", "vendor": "SMCI", "product": "MBD-X12DPG-OA6", "added_date": "2025-09-25T15:10:05.000Z", "cvss_score": 7.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "703b2f0a-812e-4f8b-a6c6-666f55eed56b", "vulnerability": {"vulnId": "CVE-2025-6198", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-25T15:10:05+00:00"}, "gcve": {"object_uuid": "703b2f0a-812e-4f8b-a6c6-666f55eed56b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-25T15:10:05+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-09-25T15:10:05+00:00"}, "scope": {"notes": "KEVIntel entry: Supermicro BMC firmware update validation bypass | Affected: SMCI / X13SEM-F | CVSS: 7.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-6198", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6198"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-6198"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Supermicro BMC firmware update validation bypass", "vendor": "SMCI", "product": "X13SEM-F", "added_date": "2025-09-25T15:10:05.000Z", "cvss_score": 7.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "b62ca495-93a8-453c-b3fc-6ced8715df8f", "vulnerability": {"vulnId": "CVE-2025-51591", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-25T15:00:07+00:00"}, "gcve": {"object_uuid": "b62ca495-93a8-453c-b3fc-6ced8715df8f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-25T15:00:07+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-09-25T15:00:07+00:00"}, "scope": {"notes": "KEVIntel entry: A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting... | Affected: JGM / Pandoc | CVSS: 3.7 (LOW) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-51591", "url": "https://www.cve.org/CVERecord?id=CVE-2025-51591"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-51591"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting...", "vendor": "JGM", "product": "Pandoc", "added_date": "2025-09-25T15:00:07.000Z", "cvss_score": 3.7, "epss_score": null, "cvss_severity": "LOW", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "937c4624-1ab6-4ec5-ba57-8d09f36c1659", "vulnerability": {"vulnId": "CVE-2025-20149", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-25T11:38:17+00:00"}, "gcve": {"object_uuid": "937c4624-1ab6-4ec5-ba57-8d09f36c1659", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-25T11:38:17+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-09-25T11:38:17+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the CLI of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device... | Affected: Cisco / IOS, Cisco IOS XE Software | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-20149", "url": "https://www.cve.org/CVERecord?id=CVE-2025-20149"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-20149"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the CLI of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device...", "vendor": "Cisco", "product": "IOS, Cisco IOS XE Software", "added_date": "2025-09-25T11:38:17.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "d4f67c86-2f56-4b45-b109-cd9ca7170bf6", "vulnerability": {"vulnId": "CVE-2025-20240", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-25T11:38:17+00:00"}, "gcve": {"object_uuid": "d4f67c86-2f56-4b45-b109-cd9ca7170bf6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-25T11:38:17+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-09-25T11:38:17+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the Web Authentication feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a reflected... | Affected: Cisco / Cisco IOS XE Software | CVSS: 6.1 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-20240", "url": "https://www.cve.org/CVERecord?id=CVE-2025-20240"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-20240"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the Web Authentication feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a reflected...", "vendor": "Cisco", "product": "Cisco IOS XE Software", "added_date": "2025-09-25T11:38:17.000Z", "cvss_score": 6.1, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "6082379d-8e63-4831-b0b1-94010e396553", "vulnerability": {"vulnId": "CVE-2015-1328", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-19T06:22:04+00:00"}, "gcve": {"object_uuid": "6082379d-8e63-4831-b0b1-94010e396553", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-19T06:22:04+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-09-19T06:22:04+00:00"}, "scope": {"notes": "KEVIntel entry: The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check... | Affected: Ubuntu / Linux kernel | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2015-1328", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1328"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-1328"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check...", "vendor": "Ubuntu", "product": "Linux kernel", "added_date": "2025-09-19T06:22:04.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "40817065-ebfb-4457-9def-bbda8351616a", "vulnerability": {"vulnId": "CVE-2022-4117", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-19T00:00:00+00:00"}, "gcve": {"object_uuid": "40817065-ebfb-4457-9def-bbda8351616a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-19T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-09-19T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: IWS - Geo Form Fields <= 1.0 - Unauthenticated SQLi | Affected: Unknown / IWS | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-4117", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4117"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-4117"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "IWS - Geo Form Fields <= 1.0 - Unauthenticated SQLi", "vendor": "Unknown", "product": "IWS", "added_date": "2025-09-19T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "67542011-c90a-43cf-9ddf-2a0bc8fd5eef", "vulnerability": {"vulnId": "CVE-2022-39986", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-19T00:00:00+00:00"}, "gcve": {"object_uuid": "67542011-c90a-43cf-9ddf-2a0bc8fd5eef", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-19T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-09-19T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id... | Affected: RaspAP / RaspAP | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-39986", "url": "https://www.cve.org/CVERecord?id=CVE-2022-39986"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-39986"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id...", "vendor": "RaspAP", "product": "RaspAP", "added_date": "2025-09-19T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "b68c78f3-cdeb-4651-9e2e-75d57a9a634d", "vulnerability": {"vulnId": "CVE-2022-4447", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-19T00:00:00+00:00"}, "gcve": {"object_uuid": "b68c78f3-cdeb-4651-9e2e-75d57a9a634d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-19T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-09-19T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Fontsy <= 1.8.6 - Multiple Unauthenticated SQLi | Affected: Unknown / Fontsy | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-4447", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4447"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-4447"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Fontsy <= 1.8.6 - Multiple Unauthenticated SQLi", "vendor": "Unknown", "product": "Fontsy", "added_date": "2025-09-19T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "4311545b-15ef-4e96-aacd-15db08b20248", "vulnerability": {"vulnId": "CVE-2022-40881", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-19T00:00:00+00:00"}, "gcve": {"object_uuid": "4311545b-15ef-4e96-aacd-15db08b20248", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-19T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-09-19T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php | Affected: SolarView / SolarView Compact | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-40881", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40881"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-40881"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php", "vendor": "SolarView", "product": "SolarView Compact", "added_date": "2025-09-19T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "fe30bdc5-d958-4648-b6ca-c9aaa100923e", "vulnerability": {"vulnId": "CVE-2025-54782", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-18T00:00:00+00:00"}, "gcve": {"object_uuid": "fe30bdc5-d958-4648-b6ca-c9aaa100923e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-18T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-09-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: @nestjs/devtools-integration's CSRF to Sandbox Escape Allows for RCE against JS Developers | Affected: nestjs / nest | CVSS: 9.4 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-54782", "url": "https://www.cve.org/CVERecord?id=CVE-2025-54782"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-54782"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "@nestjs/devtools-integration's CSRF to Sandbox Escape Allows for RCE against JS Developers", "vendor": "nestjs", "product": "nest", "added_date": "2025-09-18T00:00:00.000Z", "cvss_score": 9.4, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "0863560e-e20a-4a26-a830-2a824fb6ebde", "vulnerability": {"vulnId": "CVE-2022-2314", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-18T00:00:00+00:00"}, "gcve": {"object_uuid": "0863560e-e20a-4a26-a830-2a824fb6ebde", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-18T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-09-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: VR Calendar < 2.3.2 - Unauthenticated Arbitrary Function Call | Affected: Unknown / VR Calendar | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-2314", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2314"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-2314"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "VR Calendar < 2.3.2 - Unauthenticated Arbitrary Function Call", "vendor": "Unknown", "product": "VR Calendar", "added_date": "2025-09-18T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "5b61f64e-8654-4a05-8d78-b4ce0642add4", "vulnerability": {"vulnId": "CVE-2021-41653", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-18T00:00:00+00:00"}, "gcve": {"object_uuid": "5b61f64e-8654-4a05-8d78-b4ce0642add4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-18T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-09-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a... | Affected: TP-Link / TL-WR840N EU v5 router | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-41653", "url": "https://www.cve.org/CVERecord?id=CVE-2021-41653"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-41653"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a...", "vendor": "TP-Link", "product": "TL-WR840N EU v5 router", "added_date": "2025-09-18T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "2d767805-bbcb-41e5-9e43-c0ac289c1c07", "vulnerability": {"vulnId": "CVE-2022-0679", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-18T00:00:00+00:00"}, "gcve": {"object_uuid": "2d767805-bbcb-41e5-9e43-c0ac289c1c07", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-18T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-09-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Narnoo Distributor <= 2.5.1 - Unauthenticated LFI to Arbitrary File Read / RCE | Affected: Unknown / Narnoo Distributor | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-0679", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0679"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-0679"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Narnoo Distributor <= 2.5.1 - Unauthenticated LFI to Arbitrary File Read / RCE", "vendor": "Unknown", "product": "Narnoo Distributor", "added_date": "2025-09-18T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "e9958f69-6b99-482d-a3cc-2f6c128fea01", "vulnerability": {"vulnId": "CVE-2022-2486", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-18T00:00:00+00:00"}, "gcve": {"object_uuid": "e9958f69-6b99-482d-a3cc-2f6c128fea01", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-18T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-09-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: WAVLINK WN535K2/WN535K3 os command injection | Affected: WAVLINK / WN535K2, WN535K3 | CVSS: 8.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-2486", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2486"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-2486"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WAVLINK WN535K2/WN535K3 os command injection", "vendor": "WAVLINK", "product": "WN535K2, WN535K3", "added_date": "2025-09-18T00:00:00.000Z", "cvss_score": 8.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "2896e06f-1b46-40b4-9554-dcb8ee7d8e15", "vulnerability": {"vulnId": "CVE-2022-31161", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-18T00:00:00+00:00"}, "gcve": {"object_uuid": "2896e06f-1b46-40b4-9554-dcb8ee7d8e15", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-18T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-09-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Roxy-WI Vulnerable to Unauthenticated Remote Code Execution via ssl_cert Upload | Affected: hap-wi / roxy-wi | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-31161", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31161"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-31161"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Roxy-WI Vulnerable to Unauthenticated Remote Code Execution via ssl_cert Upload", "vendor": "hap-wi", "product": "roxy-wi", "added_date": "2025-09-18T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "9f502097-531f-449f-bc1c-e2b0fbe10d75", "vulnerability": {"vulnId": "CVE-2019-13101", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-16T00:00:00+00:00"}, "gcve": {"object_uuid": "9f502097-531f-449f-bc1c-e2b0fbe10d75", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-16T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-09-16T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can... | Affected: D-Link / DIR-600M | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2019-13101", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13101"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-13101"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can...", "vendor": "D-Link", "product": "DIR-600M", "added_date": "2025-09-16T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "f07c3869-6232-44a9-9d0a-cf9962c24f9c", "vulnerability": {"vulnId": "CVE-2021-3297", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-16T00:00:00+00:00"}, "gcve": {"object_uuid": "f07c3869-6232-44a9-9d0a-cf9962c24f9c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-16T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-09-16T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access. | Affected: Zyxel / NBG2105 | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-3297", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3297"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-3297"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access.", "vendor": "Zyxel", "product": "NBG2105", "added_date": "2025-09-16T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "04f43be7-4af7-4b8d-abf4-547550718ca8", "vulnerability": {"vulnId": "CVE-2022-23178", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-16T00:00:00+00:00"}, "gcve": {"object_uuid": "04f43be7-4af7-4b8d-abf4-547550718ca8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-16T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-09-16T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed... | Affected: Crestron / HD-MD4X2-4K-E | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-23178", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23178"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-23178"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed...", "vendor": "Crestron", "product": "HD-MD4X2-4K-E", "added_date": "2025-09-16T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "cccde2a6-6e02-4108-bf22-91ce2359d207", "vulnerability": {"vulnId": "CVE-2021-40875", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-16T00:00:00+00:00"}, "gcve": {"object_uuid": "cccde2a6-6e02-4108-bf22-91ce2359d207", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-16T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-09-16T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the... | Affected: Gurock / TestRail | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-40875", "url": "https://www.cve.org/CVERecord?id=CVE-2021-40875"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-40875"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the...", "vendor": "Gurock", "product": "TestRail", "added_date": "2025-09-16T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "19f71e6f-5469-4965-a838-1d05a7c30838", "vulnerability": {"vulnId": "CVE-2024-7344", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-12T16:03:13+00:00"}, "gcve": {"object_uuid": "19f71e6f-5469-4965-a838-1d05a7c30838", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-12T16:03:13+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-09-12T16:03:13+00:00"}, "scope": {"notes": "KEVIntel entry: Howyar UEFI Application \"Reloader\"  (32-bit and 64-bit)  is vulnerable to execution of unsigned software in a hardcoded path. | Affected: Radix, Greenware Technologies, Howyar Technologies, SANFONG, CES Taiwan, SignalComputer / SmartRecovery, GreenGuard, SysReturn (32-bit and 64-bit), SANFONG EZ-Back System, CES NeoImpact, HDD King | CVSS: 8.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-7344", "url": "https://www.cve.org/CVERecord?id=CVE-2024-7344"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-7344"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Howyar UEFI Application \"Reloader\"  (32-bit and 64-bit)  is vulnerable to execution of unsigned software in a hardcoded path.", "vendor": "Radix, Greenware Technologies, Howyar Technologies, SANFONG, CES Taiwan, SignalComputer", "product": "SmartRecovery, GreenGuard, SysReturn (32-bit and 64-bit), SANFONG EZ-Back System, CES NeoImpact, HDD King", "added_date": "2025-09-12T16:03:13.000Z", "cvss_score": 8.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "bc01621d-51c6-4376-b5ab-b27a5443eb3f", "vulnerability": {"vulnId": "CVE-2025-52488", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-12T00:00:00+00:00"}, "gcve": {"object_uuid": "bc01621d-51c6-4376-b5ab-b27a5443eb3f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-12T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-09-12T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: DNN.PLATFORM leaks NTLM hash via SMB Share Interaction with malicious user input | Affected: dnnsoftware / Dnn.Platform | CVSS: 8.6 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-52488", "url": "https://www.cve.org/CVERecord?id=CVE-2025-52488"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-52488"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "DNN.PLATFORM leaks NTLM hash via SMB Share Interaction with malicious user input", "vendor": "dnnsoftware", "product": "Dnn.Platform", "added_date": "2025-09-12T00:00:00.000Z", "cvss_score": 8.6, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "951be925-e190-4fa1-adb7-0ed305281a65", "vulnerability": {"vulnId": "CVE-2024-52875", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-12T00:00:00+00:00"}, "gcve": {"object_uuid": "951be925-e190-4fa1-adb7-0ed305281a65", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-12T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-09-12T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed to the /nonauth/addCertException.cs and... | Affected: GFI / Kerio Control | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-52875", "url": "https://www.cve.org/CVERecord?id=CVE-2024-52875"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-52875"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed to the /nonauth/addCertException.cs and...", "vendor": "GFI", "product": "Kerio Control", "added_date": "2025-09-12T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "203bc947-6ba9-4ee9-b048-f611e88ba46d", "vulnerability": {"vulnId": "CVE-2025-42957", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-06T16:03:13+00:00"}, "gcve": {"object_uuid": "203bc947-6ba9-4ee9-b048-f611e88ba46d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-06T16:03:13+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-09-06T16:03:13+00:00"}, "scope": {"notes": "KEVIntel entry: Code Injection vulnerability in SAP S/4HANA (Private Cloud or On-Premise) | Affected: SAP_SE / SAP S/4HANA (Private Cloud or On-Premise) | CVSS: 9.9 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-42957", "url": "https://www.cve.org/CVERecord?id=CVE-2025-42957"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-42957"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Code Injection vulnerability in SAP S/4HANA (Private Cloud or On-Premise)", "vendor": "SAP_SE", "product": "SAP S/4HANA (Private Cloud or On-Premise)", "added_date": "2025-09-06T16:03:13.000Z", "cvss_score": 9.9, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "0ed7bd39-4f6e-489d-9789-511f55b363fb", "vulnerability": {"vulnId": "CVE-2024-38653", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-05T00:00:00+00:00"}, "gcve": {"object_uuid": "0ed7bd39-4f6e-489d-9789-511f55b363fb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-05T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-09-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server. | Affected: Ivanti / Avalanche | CVSS: 8.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-38653", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38653"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-38653"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.", "vendor": "Ivanti", "product": "Avalanche", "added_date": "2025-09-05T00:00:00.000Z", "cvss_score": 8.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "b17427a9-2082-4017-88ff-9be159b1ae13", "vulnerability": {"vulnId": "CVE-2020-4463", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-31T00:00:00+00:00"}, "gcve": {"object_uuid": "b17427a9-2082-4017-88ff-9be159b1ae13", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-31T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-08-31T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote... | Affected: IBM / Maximo Asset Management | CVSS: 8.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-4463", "url": "https://www.cve.org/CVERecord?id=CVE-2020-4463"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-4463"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote...", "vendor": "IBM", "product": "Maximo Asset Management", "added_date": "2025-08-31T00:00:00.000Z", "cvss_score": 8.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "d5922e90-271d-4780-ab70-cb02beb84cd1", "vulnerability": {"vulnId": "CVE-2020-7136", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-31T00:00:00+00:00"}, "gcve": {"object_uuid": "d5922e90-271d-4780-ab70-cb02beb84cd1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-31T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-08-31T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. Hewlett Packard... | Affected: Hewlett Packard Enterprise / Smart Update Manager (SUM) | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-7136", "url": "https://www.cve.org/CVERecord?id=CVE-2020-7136"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-7136"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. Hewlett Packard...", "vendor": "Hewlett Packard Enterprise", "product": "Smart Update Manager (SUM)", "added_date": "2025-08-31T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a46991e2-80f4-437c-bf3c-5b25476719e8", "vulnerability": {"vulnId": "CVE-2019-8446", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a46991e2-80f4-437c-bf3c-5b25476719e8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-30T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-08-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation... | Affected: Atlassian / Jira | CVSS: 5.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2019-8446", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8446"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-8446"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation...", "vendor": "Atlassian", "product": "Jira", "added_date": "2025-08-30T00:00:00.000Z", "cvss_score": 5.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "5247bee8-a193-405a-a04c-4cf252d41f28", "vulnerability": {"vulnId": "CVE-2025-8424", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-28T11:25:26+00:00"}, "gcve": {"object_uuid": "5247bee8-a193-405a-a04c-4cf252d41f28", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-28T11:25:26+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-08-28T11:25:26+00:00"}, "scope": {"notes": "KEVIntel entry: Improper access control on the NetScaler Management Interface | Affected: NetScaler / ADC, Gateway | CVSS: 8.7 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-8424", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8424"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-8424"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Improper access control on the NetScaler Management Interface", "vendor": "NetScaler", "product": "ADC, Gateway", "added_date": "2025-08-28T11:25:26.000Z", "cvss_score": 8.7, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "7c38a723-28df-4732-9dd6-3588f17163be", "vulnerability": {"vulnId": "CVE-2025-7776", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-28T11:25:26+00:00"}, "gcve": {"object_uuid": "7c38a723-28df-4732-9dd6-3588f17163be", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-28T11:25:26+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-08-28T11:25:26+00:00"}, "scope": {"notes": "KEVIntel entry: Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service | Affected: NetScaler / ADC, Gateway | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-7776", "url": "https://www.cve.org/CVERecord?id=CVE-2025-7776"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-7776"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service", "vendor": "NetScaler", "product": "ADC, Gateway", "added_date": "2025-08-28T11:25:26.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "2958f820-2b71-4267-a725-6454e77447e8", "vulnerability": {"vulnId": "CVE-2020-7209", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-28T00:00:00+00:00"}, "gcve": {"object_uuid": "2958f820-2b71-4267-a725-6454e77447e8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-28T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-08-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2. | Affected: Hewlett Packard / LinuxKI | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-7209", "url": "https://www.cve.org/CVERecord?id=CVE-2020-7209"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-7209"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.", "vendor": "Hewlett Packard", "product": "LinuxKI", "added_date": "2025-08-28T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "6e1f087f-c035-4b78-acc2-dc4f6f33fcdd", "vulnerability": {"vulnId": "CVE-2023-43177", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-28T00:00:00+00:00"}, "gcve": {"object_uuid": "6e1f087f-c035-4b78-acc2-dc4f6f33fcdd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-28T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2025-08-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes. | Affected: CrushFTP / CrushFTP | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-43177", "url": "https://www.cve.org/CVERecord?id=CVE-2023-43177"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-43177"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes.", "vendor": "CrushFTP", "product": "CrushFTP", "added_date": "2025-08-28T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "920314fa-4f3f-415a-9549-457ad15f8c02", "vulnerability": {"vulnId": "CVE-2022-40022", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-22T00:00:00+00:00"}, "gcve": {"object_uuid": "920314fa-4f3f-415a-9549-457ad15f8c02", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-22T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-08-22T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability. | Affected: Microchip Technology / SyncServer S650 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-40022", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40022"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-40022"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability.", "vendor": "Microchip Technology", "product": "SyncServer S650", "added_date": "2025-08-22T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "9b4abf57-60e3-4043-96c6-2cd0fe8730ad", "vulnerability": {"vulnId": "CVE-2021-22053", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-21T00:00:00+00:00"}, "gcve": {"object_uuid": "9b4abf57-60e3-4043-96c6-2cd0fe8730ad", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-08-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within... | Affected: VMware / Spring Cloud Netflix Hystrix Dashboard | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-22053", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22053"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-22053"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within...", "vendor": "VMware", "product": "Spring Cloud Netflix Hystrix Dashboard", "added_date": "2025-08-21T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "5043b6f2-5497-4037-a012-613a153331c4", "vulnerability": {"vulnId": "CVE-2023-45038", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-21T00:00:00+00:00"}, "gcve": {"object_uuid": "5043b6f2-5497-4037-a012-613a153331c4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-08-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Music Station | Affected: QNAP Systems Inc. / Music Station | CVSS: 4.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-45038", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45038"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-45038"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Music Station", "vendor": "QNAP Systems Inc.", "product": "Music Station", "added_date": "2025-08-21T00:00:00.000Z", "cvss_score": 4.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "94fcf035-b5f7-405b-b716-e40e181cdc59", "vulnerability": {"vulnId": "CVE-2024-7029", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-20T00:00:00+00:00"}, "gcve": {"object_uuid": "94fcf035-b5f7-405b-b716-e40e181cdc59", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-20T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-08-20T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Command Injection in AVTech AVM1203 (IP Camera) | Affected: AVTech / AVM1203 (IP Camera) | CVSS: 8.7 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-7029", "url": "https://www.cve.org/CVERecord?id=CVE-2024-7029"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-7029"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Command Injection in AVTech AVM1203 (IP Camera)", "vendor": "AVTech", "product": "AVM1203 (IP Camera)", "added_date": "2025-08-20T00:00:00.000Z", "cvss_score": 8.7, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "64337998-7de2-407d-913f-2903f5ee094f", "vulnerability": {"vulnId": "CVE-2019-12593", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-20T00:00:00+00:00"}, "gcve": {"object_uuid": "64337998-7de2-407d-913f-2903f5ee094f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-20T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-08-20T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory... | Affected: IceWarp / IceWarp Mail Server | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2019-12593", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12593"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-12593"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory...", "vendor": "IceWarp", "product": "IceWarp Mail Server", "added_date": "2025-08-20T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "19d15b63-9032-49c7-973f-f2bfe0009987", "vulnerability": {"vulnId": "CVE-2014-2321", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-20T00:00:00+00:00"}, "gcve": {"object_uuid": "19d15b63-9032-49c7-973f-f2bfe0009987", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-20T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-08-20T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated... | Affected: ZTE / F460 and F660 cable modems | CVSS: 10.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2014-2321", "url": "https://www.cve.org/CVERecord?id=CVE-2014-2321"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-2321"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated...", "vendor": "ZTE", "product": "F460 and F660 cable modems", "added_date": "2025-08-20T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "e0be8531-0bdc-4c99-b864-2d82c2142a6d", "vulnerability": {"vulnId": "CVE-2025-52970", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-18T14:08:46+00:00"}, "gcve": {"object_uuid": "e0be8531-0bdc-4c99-b864-2d82c2142a6d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-18T14:08:46+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-08-18T14:08:46+00:00"}, "scope": {"notes": "KEVIntel entry: A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10... | Affected: Fortinet / FortiWeb | CVSS: 7.7 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-52970", "url": "https://www.cve.org/CVERecord?id=CVE-2025-52970"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-52970"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10...", "vendor": "Fortinet", "product": "FortiWeb", "added_date": "2025-08-18T14:08:46.000Z", "cvss_score": 7.7, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "29436274-95e8-45cd-8289-bca1011be814", "vulnerability": {"vulnId": "CVE-2020-2507", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-16T00:00:00+00:00"}, "gcve": {"object_uuid": "29436274-95e8-45cd-8289-bca1011be814", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-16T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-08-16T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: command injection vulnerability in Helpdesk | Affected: QNAP Systems Inc. / Helpdesk | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-2507", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2507"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-2507"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "command injection vulnerability in Helpdesk", "vendor": "QNAP Systems Inc.", "product": "Helpdesk", "added_date": "2025-08-16T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "44dc0dc9-9c7f-41fb-8c6f-bd9519bc338c", "vulnerability": {"vulnId": "CVE-2024-7339", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-15T00:00:00+00:00"}, "gcve": {"object_uuid": "44dc0dc9-9c7f-41fb-8c6f-bd9519bc338c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-08-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: TVT DVR TD-2104TS-CL queryDevInfo information disclosure | Affected: TVT / DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM), AVISION DVR AV108T | CVSS: 6.9 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-7339", "url": "https://www.cve.org/CVERecord?id=CVE-2024-7339"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-7339"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "TVT DVR TD-2104TS-CL queryDevInfo information disclosure", "vendor": "TVT", "product": "DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM), AVISION DVR AV108T", "added_date": "2025-08-15T00:00:00.000Z", "cvss_score": 6.9, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "d5d37f84-d333-4fde-9f65-6e293fe3ee51", "vulnerability": {"vulnId": "CVE-2025-25256", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-13T20:30:58+00:00"}, "gcve": {"object_uuid": "d5d37f84-d333-4fde-9f65-6e293fe3ee51", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-13T20:30:58+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-08-13T20:30:58+00:00"}, "scope": {"notes": "KEVIntel entry: An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version... | Affected: Fortinet / FortiSIEM | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-25256", "url": "https://www.cve.org/CVERecord?id=CVE-2025-25256"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-25256"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version...", "vendor": "Fortinet", "product": "FortiSIEM", "added_date": "2025-08-13T20:30:58.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "fdd88d28-1f70-40ff-825f-b311c5bb4f2c", "vulnerability": {"vulnId": "CVE-2025-4371", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-11T15:31:59+00:00"}, "gcve": {"object_uuid": "fdd88d28-1f70-40ff-825f-b311c5bb4f2c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-11T15:31:59+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-08-11T15:31:59+00:00"}, "scope": {"notes": "KEVIntel entry: A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to... | Affected: Lenovo / 510 FHD Webcam, Performance FHD Webcam | CVSS: 7.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-4371", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4371"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-4371"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to...", "vendor": "Lenovo", "product": "510 FHD Webcam, Performance FHD Webcam", "added_date": "2025-08-11T15:31:59.000Z", "cvss_score": 7.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "8cf58555-5974-44f2-a26d-711908841d2f", "vulnerability": {"vulnId": "CVE-2018-1217", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-09T00:00:00+00:00"}, "gcve": {"object_uuid": "8cf58555-5974-44f2-a26d-711908841d2f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-09T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-08-09T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is... | Affected: Dell EMC / Avamar, Integrated Data Protection Appliance | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-1217", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1217"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-1217"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is...", "vendor": "Dell EMC", "product": "Avamar, Integrated Data Protection Appliance", "added_date": "2025-08-09T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "c97dcf9b-970f-450b-9519-47e7ba03da93", "vulnerability": {"vulnId": "CVE-2017-1000028", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-07T00:00:00+00:00"}, "gcve": {"object_uuid": "c97dcf9b-970f-450b-9519-47e7ba03da93", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-08-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that... | Affected: Oracle / GlassFish Server Open Source Edition | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2017-1000028", "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000028"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-1000028"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that...", "vendor": "Oracle", "product": "GlassFish Server Open Source Edition", "added_date": "2025-08-07T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "3fa1d605-f9a8-4d6c-b6ba-57bdac56c7ad", "vulnerability": {"vulnId": "CVE-2019-8442", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-07T00:00:00+00:00"}, "gcve": {"object_uuid": "3fa1d605-f9a8-4d6c-b6ba-57bdac56c7ad", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-08-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0... | Affected: Atlassian / Jira | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2019-8442", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8442"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-8442"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0...", "vendor": "Atlassian", "product": "Jira", "added_date": "2025-08-07T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "6aabc0db-b8ed-44ea-b385-24e24c362af1", "vulnerability": {"vulnId": "CVE-2025-54987", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-06T15:30:06+00:00"}, "gcve": {"object_uuid": "6aabc0db-b8ed-44ea-b385-24e24c362af1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-06T15:30:06+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-08-06T15:30:06+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code... | Affected: Trend Micro, Inc. / Trend Micro Apex One | CVSS: 9.4 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-54987", "url": "https://www.cve.org/CVERecord?id=CVE-2025-54987"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-54987"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code...", "vendor": "Trend Micro, Inc.", "product": "Trend Micro Apex One", "added_date": "2025-08-06T15:30:06.000Z", "cvss_score": 9.4, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "6fca76ac-fdfb-4b43-9ada-fc4c94b1f2fd", "vulnerability": {"vulnId": "CVE-2022-28219", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-04T00:00:00+00:00"}, "gcve": {"object_uuid": "6fca76ac-fdfb-4b43-9ada-fc4c94b1f2fd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-04T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-08-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution. | Affected: Zoho / ManageEngine ADAudit Plus | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-28219", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28219"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-28219"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.", "vendor": "Zoho", "product": "ManageEngine ADAudit Plus", "added_date": "2025-08-04T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "ea7defac-034c-4f75-84ad-20cf4beff055", "vulnerability": {"vulnId": "CVE-2025-30220", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-02T00:00:00+00:00"}, "gcve": {"object_uuid": "ea7defac-034c-4f75-84ad-20cf4beff055", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-02T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-08-02T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: GeoTools, GeoServer, and GeoNetwork XML External Entity (XXE) Processing Vulnerability in XSD schema handling | Affected: geoserver / geoserver | CVSS: 9.9 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-30220", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30220"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-30220"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "GeoTools, GeoServer, and GeoNetwork XML External Entity (XXE) Processing Vulnerability in XSD schema handling", "vendor": "geoserver", "product": "geoserver", "added_date": "2025-08-02T00:00:00.000Z", "cvss_score": 9.9, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "66e501cb-9bbf-4446-87d1-50e7a968f399", "vulnerability": {"vulnId": "CVE-2020-17506", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-02T00:00:00+00:00"}, "gcve": {"object_uuid": "66e501cb-9bbf-4446-87d1-50e7a968f399", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-02T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-08-02T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL... | Affected: Artica / Web Proxy | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-17506", "url": "https://www.cve.org/CVERecord?id=CVE-2020-17506"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-17506"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL...", "vendor": "Artica", "product": "Web Proxy", "added_date": "2025-08-02T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "f4668b38-3485-44e0-8c6a-437518707360", "vulnerability": {"vulnId": "CVE-2022-26833", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-01T00:00:00+00:00"}, "gcve": {"object_uuid": "f4668b38-3485-44e0-8c6a-437518707360", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-01T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-08-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A... | Affected: Open Automation Software / OAS Platform | CVSS: 9.4 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-26833", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26833"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-26833"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A...", "vendor": "Open Automation Software", "product": "OAS Platform", "added_date": "2025-08-01T00:00:00.000Z", "cvss_score": 9.4, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a7d0b2dd-c605-4270-8c0b-cb513a9566e7", "vulnerability": {"vulnId": "CVE-2019-20074", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-01T00:00:00+00:00"}, "gcve": {"object_uuid": "a7d0b2dd-c605-4270-8c0b-cb513a9566e7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-01T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-08-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page. | Affected: Netis / DL4323 | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2019-20074", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20074"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-20074"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page.", "vendor": "Netis", "product": "DL4323", "added_date": "2025-08-01T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "7af594db-7bf5-43e1-8b9d-99d97562f142", "vulnerability": {"vulnId": "CVE-2025-34027", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-01T00:00:00+00:00"}, "gcve": {"object_uuid": "7af594db-7bf5-43e1-8b9d-99d97562f142", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-01T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-08-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Versa Concerto Authentication Bypass File Write Remote Code Execution | Affected: Versa / Concerto | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-34027", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34027"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-34027"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Versa Concerto Authentication Bypass File Write Remote Code Execution", "vendor": "Versa", "product": "Concerto", "added_date": "2025-08-01T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "617c13d5-216c-4652-a6f0-ac71f6195e6e", "vulnerability": {"vulnId": "CVE-2018-12296", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-01T00:00:00+00:00"}, "gcve": {"object_uuid": "617c13d5-216c-4652-a6f0-ac71f6195e6e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-01T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-08-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Insufficient access control in /api/external/7.0/system.System.get_infos in Seagate NAS OS version 4.3.15.1 allows attackers to obtain information... | Affected: Seagate / NAS OS | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-12296", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12296"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-12296"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Insufficient access control in /api/external/7.0/system.System.get_infos in Seagate NAS OS version 4.3.15.1 allows attackers to obtain information...", "vendor": "Seagate", "product": "NAS OS", "added_date": "2025-08-01T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "3e29c4bf-788b-45dd-9e31-5c1cd769301c", "vulnerability": {"vulnId": "CVE-2024-48455", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-01T00:00:00+00:00"}, "gcve": {"object_uuid": "3e29c4bf-788b-45dd-9e31-5c1cd769301c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-01T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-08-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327... | Affected: Netis / Wifi6 Router NX10, Wifi 11AC Router NC65, Wifi 11AC Router NC63, Wifi 11AC Router NC21, Wifi Router MW5360 | CVSS: 2.7 (LOW) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-48455", "url": "https://www.cve.org/CVERecord?id=CVE-2024-48455"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-48455"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327...", "vendor": "Netis", "product": "Wifi6 Router NX10, Wifi 11AC Router NC65, Wifi 11AC Router NC63, Wifi 11AC Router NC21, Wifi Router MW5360", "added_date": "2025-08-01T00:00:00.000Z", "cvss_score": 2.7, "epss_score": null, "cvss_severity": "LOW", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "6bd49e8c-edf4-448f-9de6-7950af17ca4d", "vulnerability": {"vulnId": "CVE-2024-50967", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-01T00:00:00+00:00"}, "gcve": {"object_uuid": "6bd49e8c-edf4-448f-9de6-7950af17ca4d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-01T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-08-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The /rest/rights/ REST API endpoint in Becon DATAGerry through 2.2.0 contains an Incorrect Access Control vulnerability. An attacker can remotely... | Affected: Becon / DATAGerry | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-50967", "url": "https://www.cve.org/CVERecord?id=CVE-2024-50967"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-50967"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The /rest/rights/ REST API endpoint in Becon DATAGerry through 2.2.0 contains an Incorrect Access Control vulnerability. An attacker can remotely...", "vendor": "Becon", "product": "DATAGerry", "added_date": "2025-08-01T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "c35a9d9c-740a-4d18-aac9-fcfc0684a6d5", "vulnerability": {"vulnId": "CVE-2023-6023", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-01T00:00:00+00:00"}, "gcve": {"object_uuid": "c35a9d9c-740a-4d18-aac9-fcfc0684a6d5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-01T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-08-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: ModelDB Local File Include | Affected: vertaai / vertaai/modeldb | CVSS: 8.6 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-6023", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6023"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-6023"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "ModelDB Local File Include", "vendor": "vertaai", "product": "vertaai/modeldb", "added_date": "2025-08-01T00:00:00.000Z", "cvss_score": 8.6, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "21e964a2-525e-4690-a3b2-bd879f0a69e2", "vulnerability": {"vulnId": "CVE-2025-5394", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-31T08:05:53+00:00"}, "gcve": {"object_uuid": "21e964a2-525e-4690-a3b2-bd879f0a69e2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-31T08:05:53+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-31T08:05:53+00:00"}, "scope": {"notes": "KEVIntel entry: Alone \u2013 Charity Multipurpose Non-profit WordPress Theme <= 7.8.3 - Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin Installation | Affected: Bearsthemes / Alone \u2013 Charity Multipurpose Non-profit WordPress Theme | CVSS: 9.8 (CRITICAL) | EPSS: 0.47809 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-5394", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5394"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-5394"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Alone \u2013 Charity Multipurpose Non-profit WordPress Theme <= 7.8.3 - Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin Installation", "vendor": "Bearsthemes", "product": "Alone \u2013 Charity Multipurpose Non-profit WordPress Theme", "added_date": "2025-07-31T08:05:53.000Z", "cvss_score": 9.8, "epss_score": 0.47809, "cvss_severity": "CRITICAL", "epss_percentile": 0.987, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "92e200e1-8ceb-49e3-b31d-3fd63828965e", "vulnerability": {"vulnId": "CVE-2022-45933", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-31T00:00:00+00:00"}, "gcve": {"object_uuid": "92e200e1-8ceb-49e3-b31d-3fd63828965e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-31T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-31T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication,... | Affected: KubeView / KubeView | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-45933", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45933"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-45933"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication,...", "vendor": "KubeView", "product": "KubeView", "added_date": "2025-07-31T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "1a70b7b8-a2e3-4f7c-962a-bdd5e91cec65", "vulnerability": {"vulnId": "CVE-2022-47075", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-31T00:00:00+00:00"}, "gcve": {"object_uuid": "1a70b7b8-a2e3-4f7c-962a-bdd5e91cec65", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-31T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-31T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to... | Affected: Smart Office / Smart Office Web | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-47075", "url": "https://www.cve.org/CVERecord?id=CVE-2022-47075"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-47075"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to...", "vendor": "Smart Office", "product": "Smart Office Web", "added_date": "2025-07-31T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "94a70c99-c7fa-44cf-8590-6a6b6e2bb79f", "vulnerability": {"vulnId": "CVE-2023-36144", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-31T00:00:00+00:00"}, "gcve": {"object_uuid": "94a70c99-c7fa-44cf-8590-6a6b6e2bb79f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-31T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-31T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the... | Affected: Intelbras / Switch SG 2404 MR | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-36144", "url": "https://www.cve.org/CVERecord?id=CVE-2023-36144"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-36144"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the...", "vendor": "Intelbras", "product": "Switch SG 2404 MR", "added_date": "2025-07-31T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "cce9a7ce-cca8-406e-9b6b-334eb3eb0eb7", "vulnerability": {"vulnId": "CVE-2022-31656", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-31T00:00:00+00:00"}, "gcve": {"object_uuid": "cce9a7ce-cca8-406e-9b6b-334eb3eb0eb7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-31T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-31T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users.... | Affected: VMware / Workspace ONE Access, Identity Manager, vRealize Automation | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-31656", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31656"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-31656"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users....", "vendor": "VMware", "product": "Workspace ONE Access, Identity Manager, vRealize Automation", "added_date": "2025-07-31T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "712d85dc-e382-4e6f-8f28-41688d88fa62", "vulnerability": {"vulnId": "CVE-2022-1026", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-31T00:00:00+00:00"}, "gcve": {"object_uuid": "712d85dc-e382-4e6f-8f28-41688d88fa62", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-31T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-31T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Kyocera Net View Address Book Exposure | Affected: Kyocera / Multifunction Printer Net Viewer | CVSS: 8.6 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-1026", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1026"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-1026"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Kyocera Net View Address Book Exposure", "vendor": "Kyocera", "product": "Multifunction Printer Net Viewer", "added_date": "2025-07-31T00:00:00.000Z", "cvss_score": 8.6, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "61953ee6-3162-4fe5-844d-efa03175a275", "vulnerability": {"vulnId": "CVE-2024-8181", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-30T00:00:00+00:00"}, "gcve": {"object_uuid": "61953ee6-3162-4fe5-844d-efa03175a275", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-30T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Flowise Authentication Bypass | Affected: FlowiseAI / Flowise | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-8181", "url": "https://www.cve.org/CVERecord?id=CVE-2024-8181"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-8181"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Flowise Authentication Bypass", "vendor": "FlowiseAI", "product": "Flowise", "added_date": "2025-07-30T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "76c6c320-cffd-458b-a4a9-92101503d6fb", "vulnerability": {"vulnId": "CVE-2022-23961", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-30T00:00:00+00:00"}, "gcve": {"object_uuid": "76c6c320-cffd-458b-a4a9-92101503d6fb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-30T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In Thruk Monitoring through 2.46.3, the login field of the login form is vulnerable to reflected XSS. This vulnerability can be exploited by... | Affected: Thruk / Thruk Monitoring | CVSS: 6.1 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-23961", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23961"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-23961"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In Thruk Monitoring through 2.46.3, the login field of the login form is vulnerable to reflected XSS. This vulnerability can be exploited by...", "vendor": "Thruk", "product": "Thruk Monitoring", "added_date": "2025-07-30T00:00:00.000Z", "cvss_score": 6.1, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "10446927-ea05-4fbd-88b3-df5f3d4fad7d", "vulnerability": {"vulnId": "CVE-2025-41646", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-30T00:00:00+00:00"}, "gcve": {"object_uuid": "10446927-ea05-4fbd-88b3-df5f3d4fad7d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-30T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: RevPi Webstatus application is vulnerable to an authentication bypass | Affected: Kunbus / Revolution Pi webstatus | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-41646", "url": "https://www.cve.org/CVERecord?id=CVE-2025-41646"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-41646"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "RevPi Webstatus application is vulnerable to an authentication bypass", "vendor": "Kunbus", "product": "Revolution Pi webstatus", "added_date": "2025-07-30T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "8e700e67-0cb0-433c-971a-77bfb61e5134", "vulnerability": {"vulnId": "CVE-2023-30258", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-29T00:00:00+00:00"}, "gcve": {"object_uuid": "8e700e67-0cb0-433c-971a-77bfb61e5134", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-29T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-29T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated... | Affected: MagnusSolution / magnusbilling | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-30258", "url": "https://www.cve.org/CVERecord?id=CVE-2023-30258"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-30258"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated...", "vendor": "MagnusSolution", "product": "magnusbilling", "added_date": "2025-07-29T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "5a812427-0660-4420-86a6-39240a518455", "vulnerability": {"vulnId": "CVE-2023-45852", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-29T00:00:00+00:00"}, "gcve": {"object_uuid": "5a812427-0660-4420-86a6-39240a518455", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-29T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-29T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell... | Affected: Viessmann / Vitogate 300 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-45852", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45852"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-45852"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell...", "vendor": "Viessmann", "product": "Vitogate 300", "added_date": "2025-07-29T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "ac26dbc2-4f61-456c-b79b-cd832cc5c196", "vulnerability": {"vulnId": "CVE-2020-11991", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-29T00:00:00+00:00"}, "gcve": {"object_uuid": "ac26dbc2-4f61-456c-b79b-cd832cc5c196", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-29T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-29T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to... | Affected: Apache / Cocoon | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-11991", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11991"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-11991"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to...", "vendor": "Apache", "product": "Cocoon", "added_date": "2025-07-29T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "c4851613-959e-4e6c-bbf9-4f679fcc1967", "vulnerability": {"vulnId": "CVE-2023-34993", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-29T00:00:00+00:00"}, "gcve": {"object_uuid": "c4851613-959e-4e6c-bbf9-4f679fcc1967", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-29T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-29T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and... | Affected: Fortinet / FortiWLM | CVSS: 9.6 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-34993", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34993"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-34993"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and...", "vendor": "Fortinet", "product": "FortiWLM", "added_date": "2025-07-29T00:00:00.000Z", "cvss_score": 9.6, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "5815f94d-336b-4531-8485-efd51414b7c4", "vulnerability": {"vulnId": "CVE-2021-21479", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-27T00:00:00+00:00"}, "gcve": {"object_uuid": "5815f94d-336b-4531-8485-efd51414b7c4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-27T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-27T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the... | Affected: SAP SE / SCIMono | CVSS: 8.1 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-21479", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21479"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-21479"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the...", "vendor": "SAP SE", "product": "SCIMono", "added_date": "2025-07-27T00:00:00.000Z", "cvss_score": 8.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "ca8dadc9-1693-4fcb-a5b4-5383ee97974f", "vulnerability": {"vulnId": "CVE-2023-35844", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-27T00:00:00+00:00"}, "gcve": {"object_uuid": "ca8dadc9-1693-4fcb-a5b4-5383ee97974f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-27T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-27T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure... | Affected: Lightdash / Lightdash | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-35844", "url": "https://www.cve.org/CVERecord?id=CVE-2023-35844"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-35844"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure...", "vendor": "Lightdash", "product": "Lightdash", "added_date": "2025-07-27T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "c1ed6e14-f205-486b-a5ba-02282420d4b1", "vulnerability": {"vulnId": "CVE-2019-18393", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-27T00:00:00+00:00"}, "gcve": {"object_uuid": "c1ed6e14-f205-486b-a5ba-02282420d4b1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-27T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-27T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory,... | Affected: Ignite Realtime / Openfire | CVSS: 5.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2019-18393", "url": "https://www.cve.org/CVERecord?id=CVE-2019-18393"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-18393"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory,...", "vendor": "Ignite Realtime", "product": "Openfire", "added_date": "2025-07-27T00:00:00.000Z", "cvss_score": 5.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "c15d6a25-01cb-4e9f-8fc2-098d12449ef4", "vulnerability": {"vulnId": "CVE-2025-53771", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-26T07:00:31+00:00"}, "gcve": {"object_uuid": "c15d6a25-01cb-4e9f-8fc2-098d12449ef4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-26T07:00:31+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-26T07:00:31+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft SharePoint Server Spoofing Vulnerability | Affected: Microsoft / Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-53771", "url": "https://www.cve.org/CVERecord?id=CVE-2025-53771"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-53771"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft SharePoint Server Spoofing Vulnerability", "vendor": "Microsoft", "product": "Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition", "added_date": "2025-07-26T07:00:31.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "e8367bc6-4d8f-482f-81dd-7d83b7847c8c", "vulnerability": {"vulnId": "CVE-2021-43287", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-26T00:00:00+00:00"}, "gcve": {"object_uuid": "e8367bc6-4d8f-482f-81dd-7d83b7847c8c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to... | Affected: ThoughtWorks / GoCD | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-43287", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43287"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-43287"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to...", "vendor": "ThoughtWorks", "product": "GoCD", "added_date": "2025-07-26T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "7f7ef44f-ffc7-4314-99e7-a122d4d95837", "vulnerability": {"vulnId": "CVE-2021-21087", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-26T00:00:00+00:00"}, "gcve": {"object_uuid": "7f7ef44f-ffc7-4314-99e7-a122d4d95837", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: ColdFusion Improper neutralization of web input during page generation could lead to arbitrary JavaScript execution in the browser | Affected: Adobe / ColdFusion | CVSS: 5.4 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-21087", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21087"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-21087"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "ColdFusion Improper neutralization of web input during page generation could lead to arbitrary JavaScript execution in the browser", "vendor": "Adobe", "product": "ColdFusion", "added_date": "2025-07-26T00:00:00.000Z", "cvss_score": 5.4, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "3c6a932b-adc7-4a59-92f2-2d37e14bd4d7", "vulnerability": {"vulnId": "CVE-2022-21500", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-26T00:00:00+00:00"}, "gcve": {"object_uuid": "3c6a932b-adc7-4a59-92f2-2d37e14bd4d7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in Oracle E-Business Suite (component: Manage Proxies). The supported version that is affected is 12.2. Easily exploitable... | Affected: Oracle Corporation / User Management | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-21500", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21500"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-21500"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in Oracle E-Business Suite (component: Manage Proxies). The supported version that is affected is 12.2. Easily exploitable...", "vendor": "Oracle Corporation", "product": "User Management", "added_date": "2025-07-26T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "7e2a177d-1127-482f-8c90-3562797d5306", "vulnerability": {"vulnId": "CVE-2016-0457", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-26T00:00:00+00:00"}, "gcve": {"object_uuid": "7e2a177d-1127-482f-8c90-3562797d5306", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unspecified vulnerability in the Application Mgmt Pack for E-Business Suite component in Oracle E-Business Suite 12.1 and 12.2 allows remote... | Affected: Oracle / E-Business Suite | CVSS: 5.0 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2016-0457", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0457"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-0457"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unspecified vulnerability in the Application Mgmt Pack for E-Business Suite component in Oracle E-Business Suite 12.1 and 12.2 allows remote...", "vendor": "Oracle", "product": "E-Business Suite", "added_date": "2025-07-26T00:00:00.000Z", "cvss_score": 5.0, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a2606227-267f-4dcf-98c9-1ed0920e467a", "vulnerability": {"vulnId": "CVE-2019-18371", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-25T00:00:00+00:00"}, "gcve": {"object_uuid": "a2606227-267f-4dcf-98c9-1ed0920e467a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. There is a directory traversal vulnerability to read arbitrary files... | Affected: Xiaomi / Mi WiFi R3G | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2019-18371", "url": "https://www.cve.org/CVERecord?id=CVE-2019-18371"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-18371"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. There is a directory traversal vulnerability to read arbitrary files...", "vendor": "Xiaomi", "product": "Mi WiFi R3G", "added_date": "2025-07-25T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "2111c92c-4b5a-4a30-ad2b-d7073292f644", "vulnerability": {"vulnId": "CVE-2025-52914", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-24T17:29:30+00:00"}, "gcve": {"object_uuid": "2111c92c-4b5a-4a30-ad2b-d7073292f644", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-24T17:29:30+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-24T17:29:30+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 (10.0.1.101) could allow an authenticated... | Affected: Mitel / MiCollab | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-52914", "url": "https://www.cve.org/CVERecord?id=CVE-2025-52914"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-52914"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 (10.0.1.101) could allow an authenticated...", "vendor": "Mitel", "product": "MiCollab", "added_date": "2025-07-24T17:29:30.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "d933e489-50b1-4552-b648-ea8a5202b8e5", "vulnerability": {"vulnId": "CVE-2024-10586", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-24T00:00:00+00:00"}, "gcve": {"object_uuid": "d933e489-50b1-4552-b648-ea8a5202b8e5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Debug Tool <= 2.2 - Unauthenticated Arbitrary File Creation | Affected: eugenbobrowski / Debug Tool | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-10586", "url": "https://www.cve.org/CVERecord?id=CVE-2024-10586"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-10586"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Debug Tool <= 2.2 - Unauthenticated Arbitrary File Creation", "vendor": "eugenbobrowski", "product": "Debug Tool", "added_date": "2025-07-24T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "cbf970a7-a4de-48dd-9103-1ab555239b8f", "vulnerability": {"vulnId": "CVE-2020-26073", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-24T00:00:00+00:00"}, "gcve": {"object_uuid": "cbf970a7-a4de-48dd-9103-1ab555239b8f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco SD-WAN vManage Directory Traversal Vulnerability | Affected: Cisco / Cisco Catalyst SD-WAN Manager | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-26073", "url": "https://www.cve.org/CVERecord?id=CVE-2020-26073"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-26073"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco SD-WAN vManage Directory Traversal Vulnerability", "vendor": "Cisco", "product": "Cisco Catalyst SD-WAN Manager", "added_date": "2025-07-24T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "96feac0b-fb61-48f8-8942-943f8ba8383a", "vulnerability": {"vulnId": "CVE-2024-46938", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-24T00:00:00+00:00"}, "gcve": {"object_uuid": "96feac0b-fb61-48f8-8942-943f8ba8383a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through... | Affected: Sitecore / Experience Platform, Experience Manager, Experience Commerce | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-46938", "url": "https://www.cve.org/CVERecord?id=CVE-2024-46938"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-46938"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through...", "vendor": "Sitecore", "product": "Experience Platform, Experience Manager, Experience Commerce", "added_date": "2025-07-24T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "de16379d-5ef5-4b1a-90d5-95ed9e5528fa", "vulnerability": {"vulnId": "CVE-2020-27986", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-23T00:00:00+00:00"}, "gcve": {"object_uuid": "de16379d-5ef5-4b1a-90d5-95ed9e5528fa", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE:... | Affected: SonarSource / SonarQube | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-27986", "url": "https://www.cve.org/CVERecord?id=CVE-2020-27986"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-27986"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE:...", "vendor": "SonarSource", "product": "SonarQube", "added_date": "2025-07-23T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "301eb79d-6149-49c1-9170-6debc9b5e91c", "vulnerability": {"vulnId": "CVE-2021-21402", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-23T00:00:00+00:00"}, "gcve": {"object_uuid": "301eb79d-6149-49c1-9170-6debc9b5e91c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unauthenticated Arbitrary File Access in Jellyfin | Affected: jellyfin / jellyfin | CVSS: 7.7 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-21402", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21402"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-21402"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unauthenticated Arbitrary File Access in Jellyfin", "vendor": "jellyfin", "product": "jellyfin", "added_date": "2025-07-23T00:00:00.000Z", "cvss_score": 7.7, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "17163605-42a3-4120-958c-fd8dd0903bdb", "vulnerability": {"vulnId": "CVE-2022-23347", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-23T00:00:00+00:00"}, "gcve": {"object_uuid": "17163605-42a3-4120-958c-fd8dd0903bdb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks. | Affected: BigAnt Software / BigAnt Server | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-23347", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23347"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-23347"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks.", "vendor": "BigAnt Software", "product": "BigAnt Server", "added_date": "2025-07-23T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "2b800cff-30f2-4f18-9e6e-093681e8c460", "vulnerability": {"vulnId": "CVE-2025-20282", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-22T18:33:36+00:00"}, "gcve": {"object_uuid": "2b800cff-30f2-4f18-9e6e-093681e8c460", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-22T18:33:36+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-22T18:33:36+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco ISE API Unauthenticated Remote Code Execution Vulnerability | Affected: Cisco / Cisco Identity Services Engine Software | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-20282", "url": "https://www.cve.org/CVERecord?id=CVE-2025-20282"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-20282"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco ISE API Unauthenticated Remote Code Execution Vulnerability", "vendor": "Cisco", "product": "Cisco Identity Services Engine Software", "added_date": "2025-07-22T18:33:36.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "45854388-630f-4a0e-a07a-919bc42a7741", "vulnerability": {"vulnId": "CVE-2022-29014", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-21T00:00:00+00:00"}, "gcve": {"object_uuid": "45854388-630f-4a0e-a07a-919bc42a7741", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A local file inclusion vulnerability in Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to read arbitrary files. | Affected: Razer / Sila Gaming Router | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-29014", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29014"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-29014"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A local file inclusion vulnerability in Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to read arbitrary files.", "vendor": "Razer", "product": "Sila Gaming Router", "added_date": "2025-07-21T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "4c4ef9eb-d3f0-423b-abbc-332d29917359", "vulnerability": {"vulnId": "CVE-2022-0952", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-21T00:00:00+00:00"}, "gcve": {"object_uuid": "4c4ef9eb-d3f0-423b-abbc-332d29917359", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Options Update | Affected: Unknown / Sitemap by click5 | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-0952", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0952"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-0952"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Options Update", "vendor": "Unknown", "product": "Sitemap by click5", "added_date": "2025-07-21T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "408ac02e-f734-4703-94e9-544eb58bbcd1", "vulnerability": {"vulnId": "CVE-2023-45878", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-21T00:00:00+00:00"}, "gcve": {"object_uuid": "408ac02e-f734-4703-94e9-544eb58bbcd1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubrics_visualise_saveAjax.phps does not require authentication. The... | Affected: GibbonEdu / Gibbon | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-45878", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45878"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-45878"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubrics_visualise_saveAjax.phps does not require authentication. The...", "vendor": "GibbonEdu", "product": "Gibbon", "added_date": "2025-07-21T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "baaaaac6-f792-42e7-a0ea-30b46c5648ff", "vulnerability": {"vulnId": "CVE-2022-22242", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-21T00:00:00+00:00"}, "gcve": {"object_uuid": "baaaaac6-f792-42e7-a0ea-30b46c5648ff", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Junos OS: Cross-site Scripting (XSS) vulnerability in J-Web | Affected: Juniper Networks / Junos OS | CVSS: 6.1 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-22242", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22242"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-22242"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Junos OS: Cross-site Scripting (XSS) vulnerability in J-Web", "vendor": "Juniper Networks", "product": "Junos OS", "added_date": "2025-07-21T00:00:00.000Z", "cvss_score": 6.1, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "15e65e66-2737-435e-810e-d516f3721fc5", "vulnerability": {"vulnId": "CVE-2025-32819", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-16T17:25:30+00:00"}, "gcve": {"object_uuid": "15e65e66-2737-435e-810e-d516f3721fc5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-16T17:25:30+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-16T17:25:30+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an... | Affected: SonicWall / SMA100 | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-32819", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32819"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-32819"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an...", "vendor": "SonicWall", "product": "SMA100", "added_date": "2025-07-16T17:25:30.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "0d7febba-34c8-4d8f-801a-10c55e69a1e7", "vulnerability": {"vulnId": "CVE-2021-20039", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-16T17:25:30+00:00"}, "gcve": {"object_uuid": "0d7febba-34c8-4d8f-801a-10c55e69a1e7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-16T17:25:30+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-16T17:25:30+00:00"}, "scope": {"notes": "KEVIntel entry: Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated... | Affected: SonicWall / SonicWall SMA100 | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-20039", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20039"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-20039"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated...", "vendor": "SonicWall", "product": "SonicWall SMA100", "added_date": "2025-07-16T17:25:30.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "8dc19c63-d198-4dc6-af28-c1e83730f57c", "vulnerability": {"vulnId": "CVE-2025-1727", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-16T13:04:25+00:00"}, "gcve": {"object_uuid": "8dc19c63-d198-4dc6-af28-c1e83730f57c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-16T13:04:25+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-16T13:04:25+00:00"}, "scope": {"notes": "KEVIntel entry: End-of-Train and Head-of-Train Remote Linking Protocol Weak Authentication | Affected: End-of-Train and Head-of-Train remote linking protocol / End-of-Train and Head-of-Train remote linking protocol | CVSS: 7.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-1727", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1727"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-1727"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "End-of-Train and Head-of-Train Remote Linking Protocol Weak Authentication", "vendor": "End-of-Train and Head-of-Train remote linking protocol", "product": "End-of-Train and Head-of-Train remote linking protocol", "added_date": "2025-07-16T13:04:25.000Z", "cvss_score": 7.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "98d62ba7-c714-432b-8b49-cd47909a0fc9", "vulnerability": {"vulnId": "CVE-2021-30497", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-16T00:00:00+00:00"}, "gcve": {"object_uuid": "98d62ba7-c714-432b-8b49-cd47909a0fc9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-16T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-16T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath... | Affected: Ivanti / Avalanche | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-30497", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30497"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-30497"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath...", "vendor": "Ivanti", "product": "Avalanche", "added_date": "2025-07-16T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "3461a1a0-ea41-47bf-97f5-ae639c2e53d6", "vulnerability": {"vulnId": "CVE-2023-6114", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-16T00:00:00+00:00"}, "gcve": {"object_uuid": "3461a1a0-ea41-47bf-97f5-ae639c2e53d6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-16T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-16T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure | Affected: Unknown / Duplicator, Duplicator Pro | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-6114", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6114"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-6114"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure", "vendor": "Unknown", "product": "Duplicator, Duplicator Pro", "added_date": "2025-07-16T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "9d050410-2e39-4767-9e22-9d96a2d1666b", "vulnerability": {"vulnId": "CVE-2019-2768", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-15T00:00:00+00:00"}, "gcve": {"object_uuid": "9d050410-2e39-4767-9e22-9d96a2d1666b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). The... | Affected: Oracle Corporation / BI Publisher (formerly XML Publisher) | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2019-2768", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2768"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-2768"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). The...", "vendor": "Oracle Corporation", "product": "BI Publisher (formerly XML Publisher)", "added_date": "2025-07-15T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "400d17a0-7088-4e0b-ac68-5d835e733142", "vulnerability": {"vulnId": "CVE-2020-35580", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-14T00:00:00+00:00"}, "gcve": {"object_uuid": "400d17a0-7088-4e0b-ac68-5d835e733142", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-14T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files... | Affected: SearchBlox / SearchBlox | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-35580", "url": "https://www.cve.org/CVERecord?id=CVE-2020-35580"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-35580"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files...", "vendor": "SearchBlox", "product": "SearchBlox", "added_date": "2025-07-14T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "41701c80-ec83-4b43-9b96-54bdaf8de023", "vulnerability": {"vulnId": "CVE-2023-32235", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-14T00:00:00+00:00"}, "gcve": {"object_uuid": "41701c80-ec83-4b43-9b96-54bdaf8de023", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-14T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory... | Affected: Ghost / Ghost | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-32235", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32235"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-32235"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory...", "vendor": "Ghost", "product": "Ghost", "added_date": "2025-07-14T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a4117a12-4261-4ce6-ae48-e7b0be400e84", "vulnerability": {"vulnId": "CVE-2022-46381", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-14T00:00:00+00:00"}, "gcve": {"object_uuid": "a4117a12-4261-4ce6-ae48-e7b0be400e84", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-14T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). This... | Affected: Linear / eMerge E3-Series | CVSS: 6.1 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-46381", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46381"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-46381"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). This...", "vendor": "Linear", "product": "eMerge E3-Series", "added_date": "2025-07-14T00:00:00.000Z", "cvss_score": 6.1, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "fbb562bf-ae2e-49e3-a444-cd36cbc95264", "vulnerability": {"vulnId": "CVE-2021-45420", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-14T00:00:00+00:00"}, "gcve": {"object_uuid": "fbb562bf-ae2e-49e3-a444-cd36cbc95264", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-14T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and... | Affected: Emerson / Dixell XWEB-500 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-45420", "url": "https://www.cve.org/CVERecord?id=CVE-2021-45420"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-45420"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and...", "vendor": "Emerson", "product": "Dixell XWEB-500", "added_date": "2025-07-14T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "ab1bafbf-75cb-41ee-a273-3c911a86b81b", "vulnerability": {"vulnId": "CVE-2025-32462", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-12T17:37:26+00:00"}, "gcve": {"object_uuid": "ab1bafbf-75cb-41ee-a273-3c911a86b81b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-12T17:37:26+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-12T17:37:26+00:00"}, "scope": {"notes": "KEVIntel entry: Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute... | Affected: Sudo project / Sudo | CVSS: 2.8 (LOW) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-32462", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32462"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-32462"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute...", "vendor": "Sudo project", "product": "Sudo", "added_date": "2025-07-12T17:37:26.000Z", "cvss_score": 2.8, "epss_score": null, "cvss_severity": "LOW", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "de0ebdc6-bdf8-42ff-b46d-36dd0824f78d", "vulnerability": {"vulnId": "CVE-2021-33690", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-11T00:00:00+00:00"}, "gcve": {"object_uuid": "de0ebdc6-bdf8-42ff-b46d-36dd0824f78d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions... | Affected: SAP SE / SAP NetWeaver Development Infrastructure (Component Build Service) | CVSS: 9.9 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-33690", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33690"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-33690"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions...", "vendor": "SAP SE", "product": "SAP NetWeaver Development Infrastructure (Component Build Service)", "added_date": "2025-07-11T00:00:00.000Z", "cvss_score": 9.9, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "541f8855-d3f5-49c8-bca2-92c2cd593027", "vulnerability": {"vulnId": "CVE-2020-15227", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-11T00:00:00+00:00"}, "gcve": {"object_uuid": "541f8855-d3f5-49c8-bca2-92c2cd593027", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Remote Code Execution vulnerability | Affected: nette / application | CVSS: 8.7 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-15227", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15227"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-15227"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Remote Code Execution vulnerability", "vendor": "nette", "product": "application", "added_date": "2025-07-11T00:00:00.000Z", "cvss_score": 8.7, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "9d7073a0-8431-418f-9292-189bf6df461a", "vulnerability": {"vulnId": "CVE-2025-4578", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-10T21:00:04+00:00"}, "gcve": {"object_uuid": "9d7073a0-8431-418f-9292-189bf6df461a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-10T21:00:04+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-10T21:00:04+00:00"}, "scope": {"notes": "KEVIntel entry: File Provider <= 1.2.3 - Unauthenticated SQLi | Affected: Unknown / File Provider | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-4578", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4578"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-4578"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "File Provider <= 1.2.3 - Unauthenticated SQLi", "vendor": "Unknown", "product": "File Provider", "added_date": "2025-07-10T21:00:04.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "6532a0da-5869-4d25-9ef4-403e8aa8bb41", "vulnerability": {"vulnId": "CVE-2020-28188", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-09T00:00:00+00:00"}, "gcve": {"object_uuid": "6532a0da-5869-4d25-9ef4-403e8aa8bb41", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-09T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-09T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via... | Affected: TerraMaster / TOS | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-28188", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28188"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-28188"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via...", "vendor": "TerraMaster", "product": "TOS", "added_date": "2025-07-09T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "9352b942-7c8b-4f9f-b52c-1e8582a72e8f", "vulnerability": {"vulnId": "CVE-2025-6192", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-08T15:46:22+00:00"}, "gcve": {"object_uuid": "9352b942-7c8b-4f9f-b52c-1e8582a72e8f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-08T15:46:22+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-08T15:46:22+00:00"}, "scope": {"notes": "KEVIntel entry: Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-6192", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6192"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-6192"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted...", "vendor": "Google", "product": "Chrome", "added_date": "2025-07-08T15:46:22.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "84d0b10e-94d0-4621-b8f9-1e33828f512e", "vulnerability": {"vulnId": "CVE-2025-5959", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-08T15:46:22+00:00"}, "gcve": {"object_uuid": "84d0b10e-94d0-4621-b8f9-1e33828f512e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-08T15:46:22+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-08T15:46:22+00:00"}, "scope": {"notes": "KEVIntel entry: Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-5959", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5959"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-5959"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted...", "vendor": "Google", "product": "Chrome", "added_date": "2025-07-08T15:46:22.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "69cd0770-a1f8-4b0a-a073-19a08a2174d9", "vulnerability": {"vulnId": "CVE-2025-6191", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-08T15:46:22+00:00"}, "gcve": {"object_uuid": "69cd0770-a1f8-4b0a-a073-19a08a2174d9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-08T15:46:22+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-08T15:46:22+00:00"}, "scope": {"notes": "KEVIntel entry: Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-6191", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6191"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-6191"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a...", "vendor": "Google", "product": "Chrome", "added_date": "2025-07-08T15:46:22.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "5a933c6d-0a76-42e2-ba26-cdd814571bb0", "vulnerability": {"vulnId": "CVE-2023-35885", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-08T00:00:00+00:00"}, "gcve": {"object_uuid": "5a933c6d-0a76-42e2-ba26-cdd814571bb0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication. | Affected: CloudPanel / CloudPanel 2 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-35885", "url": "https://www.cve.org/CVERecord?id=CVE-2023-35885"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-35885"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.", "vendor": "CloudPanel", "product": "CloudPanel 2", "added_date": "2025-07-08T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "00c0b32c-3588-4bae-bccb-59b142d4f3c1", "vulnerability": {"vulnId": "CVE-2023-1177", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-07T00:00:00+00:00"}, "gcve": {"object_uuid": "00c0b32c-3588-4bae-bccb-59b142d4f3c1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Path Traversal: '\\..\\filename' in mlflow/mlflow | Affected: mlflow / mlflow/mlflow | CVSS: 9.3 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-1177", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1177"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-1177"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Path Traversal: '\\..\\filename' in mlflow/mlflow", "vendor": "mlflow", "product": "mlflow/mlflow", "added_date": "2025-07-07T00:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "7c452d36-eb5e-4957-8ffd-bda4c0f90205", "vulnerability": {"vulnId": "CVE-2023-3836", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-07T00:00:00+00:00"}, "gcve": {"object_uuid": "7c452d36-eb5e-4957-8ffd-bda4c0f90205", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Dahua Smart Park Management unrestricted upload | Affected: Dahua / Smart Park Management | CVSS: 6.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-3836", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3836"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-3836"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Dahua Smart Park Management unrestricted upload", "vendor": "Dahua", "product": "Smart Park Management", "added_date": "2025-07-07T00:00:00.000Z", "cvss_score": 6.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "224a32d8-46e7-4f0d-940c-16efe9053b68", "vulnerability": {"vulnId": "CVE-2023-23333", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-07T00:00:00+00:00"}, "gcve": {"object_uuid": "224a32d8-46e7-4f0d-940c-16efe9053b68", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions... | Affected: SolarView / SolarView Compact | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-23333", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23333"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-23333"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions...", "vendor": "SolarView", "product": "SolarView Compact", "added_date": "2025-07-07T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "b60c6e65-3eb1-4bef-bb16-7849ffe214d7", "vulnerability": {"vulnId": "CVE-2023-26802", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-07T00:00:00+00:00"}, "gcve": {"object_uuid": "b60c6e65-3eb1-4bef-bb16-7849ffe214d7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue in the component /network_config/nsg_masq.cgi of DCN (Digital China Networks) DCBI-Netlog-LAB v1.0 allows attackers to bypass... | Affected: Digital China Networks / DCBI-Netlog-LAB | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-26802", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26802"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-26802"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue in the component /network_config/nsg_masq.cgi of DCN (Digital China Networks) DCBI-Netlog-LAB v1.0 allows attackers to bypass...", "vendor": "Digital China Networks", "product": "DCBI-Netlog-LAB", "added_date": "2025-07-07T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "3213ef45-23ff-4203-a078-bbd9fca820fc", "vulnerability": {"vulnId": "CVE-2023-52028", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-07T00:00:00+00:00"}, "gcve": {"object_uuid": "3213ef45-23ff-4203-a078-bbd9fca820fc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setTracerouteCfg function. | Affected: TOTOlink / A3700R | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-52028", "url": "https://www.cve.org/CVERecord?id=CVE-2023-52028"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-52028"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setTracerouteCfg function.", "vendor": "TOTOlink", "product": "A3700R", "added_date": "2025-07-07T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "8f9316d5-cccd-496e-9750-99ab9b0786b6", "vulnerability": {"vulnId": "CVE-2023-28343", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-07T00:00:00+00:00"}, "gcve": {"object_uuid": "8f9316d5-cccd-496e-9750-99ab9b0786b6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone... | Affected: Altenergy / Power Control Software | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-28343", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28343"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-28343"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone...", "vendor": "Altenergy", "product": "Power Control Software", "added_date": "2025-07-07T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "755d3299-d75d-4dca-a392-7761a196cd80", "vulnerability": {"vulnId": "CVE-2023-34659", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-07T00:00:00+00:00"}, "gcve": {"object_uuid": "755d3299-d75d-4dca-a392-7761a196cd80", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface. | Affected: jeecg / jeecg-boot | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-34659", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34659"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-34659"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface.", "vendor": "jeecg", "product": "jeecg-boot", "added_date": "2025-07-07T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "18ec0e77-a755-4fe1-86de-613e0ea9ce6a", "vulnerability": {"vulnId": "CVE-2023-30625", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-07T00:00:00+00:00"}, "gcve": {"object_uuid": "18ec0e77-a755-4fe1-86de-613e0ea9ce6a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: rudder-server vulnerable to SQL Injection | Affected: rudderlabs / rudder-server | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-30625", "url": "https://www.cve.org/CVERecord?id=CVE-2023-30625"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-30625"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "rudder-server vulnerable to SQL Injection", "vendor": "rudderlabs", "product": "rudder-server", "added_date": "2025-07-07T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a7a70f06-c940-419a-b0d1-f746c1638efa", "vulnerability": {"vulnId": "CVE-2023-31465", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-07T00:00:00+00:00"}, "gcve": {"object_uuid": "a7a70f06-c940-419a-b0d1-f746c1638efa", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to... | Affected: FSMLabs / TimeKeeper | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-31465", "url": "https://www.cve.org/CVERecord?id=CVE-2023-31465"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-31465"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to...", "vendor": "FSMLabs", "product": "TimeKeeper", "added_date": "2025-07-07T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "306aa1cb-c62b-42ec-ab15-0deb1f4f8421", "vulnerability": {"vulnId": "CVE-2023-31446", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-07T00:00:00+00:00"}, "gcve": {"object_uuid": "306aa1cb-c62b-42ec-ab15-0deb1f4f8421", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This... | Affected: Cassia Networks / Cassia Gateway | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-31446", "url": "https://www.cve.org/CVERecord?id=CVE-2023-31446"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-31446"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This...", "vendor": "Cassia Networks", "product": "Cassia Gateway", "added_date": "2025-07-07T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "1cf3840f-81a1-41b3-b3f8-43f846f279d4", "vulnerability": {"vulnId": "CVE-2023-34960", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-07T00:00:00+00:00"}, "gcve": {"object_uuid": "1cf3840f-81a1-41b3-b3f8-43f846f279d4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands... | Affected: Chamilo / Chamilo | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-34960", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34960"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-34960"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands...", "vendor": "Chamilo", "product": "Chamilo", "added_date": "2025-07-07T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "0eb0e46a-f67d-4e9c-95a7-ffac73704674", "vulnerability": {"vulnId": "CVE-2022-36509", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-07T00:00:00+00:00"}, "gcve": {"object_uuid": "0eb0e46a-f67d-4e9c-95a7-ffac73704674", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: H3C GR3200 MiniGR1B0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList. | Affected: H3C / GR3200 MiniGR1B0V100R014 | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-36509", "url": "https://www.cve.org/CVERecord?id=CVE-2022-36509"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-36509"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "H3C GR3200 MiniGR1B0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList.", "vendor": "H3C", "product": "GR3200 MiniGR1B0V100R014", "added_date": "2025-07-07T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "14f24ee8-80d0-4e64-95f5-860268b17881", "vulnerability": {"vulnId": "CVE-2023-3710", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-07T00:00:00+00:00"}, "gcve": {"object_uuid": "14f24ee8-80d0-4e64-95f5-860268b17881", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Printer web page invalid command execution | Affected: Honeywell / PM23/43, PC23/43, PD43, PM42, PX4ie/6ie, PX45/65, PD45, PX240, PX940, PM45, RP2f/RP4f | CVSS: 9.9 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-3710", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3710"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-3710"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Printer web page invalid command execution", "vendor": "Honeywell", "product": "PM23/43, PC23/43, PD43, PM42, PX4ie/6ie, PX45/65, PD45, PX240, PX940, PM45, RP2f/RP4f", "added_date": "2025-07-07T00:00:00.000Z", "cvss_score": 9.9, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "4f2ac37f-1fee-4469-b91a-2fc54855f812", "vulnerability": {"vulnId": "CVE-2023-29919", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-07T00:00:00+00:00"}, "gcve": {"object_uuid": "4f2ac37f-1fee-4469-b91a-2fc54855f812", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not... | Affected: SolarView / SolarView Compact | CVSS: 9.1 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-29919", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29919"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-29919"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not...", "vendor": "SolarView", "product": "SolarView Compact", "added_date": "2025-07-07T00:00:00.000Z", "cvss_score": 9.1, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "25a793fc-1e81-49e2-9f04-eee2f7ae6f2a", "vulnerability": {"vulnId": "CVE-2023-34133", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-07T00:00:00+00:00"}, "gcve": {"object_uuid": "25a793fc-1e81-49e2-9f04-eee2f7ae6f2a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an... | Affected: SonicWall / GMS, Analytics | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-34133", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34133"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-34133"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an...", "vendor": "SonicWall", "product": "GMS, Analytics", "added_date": "2025-07-07T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "ca6c7af0-ce43-4012-b7ec-aee49a83cf28", "vulnerability": {"vulnId": "CVE-2023-25135", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-07T00:00:00+00:00"}, "gcve": {"object_uuid": "ca6c7af0-ce43-4012-b7ec-aee49a83cf28", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers... | Affected: vBulletin / vBulletin | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-25135", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25135"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-25135"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers...", "vendor": "vBulletin", "product": "vBulletin", "added_date": "2025-07-07T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "40c5be38-cfc5-41ca-ab1d-d1aee6f8bf06", "vulnerability": {"vulnId": "CVE-2023-46347", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-07T00:00:00+00:00"}, "gcve": {"object_uuid": "40c5be38-cfc5-41ca-ab1d-d1aee6f8bf06", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In the module \"Step by Step products Pack\" (ndk_steppingpack) version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL... | Affected: NDK Design / Step by Step products Pack | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-46347", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46347"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-46347"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In the module \"Step by Step products Pack\" (ndk_steppingpack) version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL...", "vendor": "NDK Design", "product": "Step by Step products Pack", "added_date": "2025-07-07T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "d2f0e4a5-f564-47e9-a381-94c7260af910", "vulnerability": {"vulnId": "CVE-2024-36111", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-07T00:00:00+00:00"}, "gcve": {"object_uuid": "d2f0e4a5-f564-47e9-a381-94c7260af910", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: KubePi's JWT token validation has a defect | Affected: 1Panel-dev / KubePi | CVSS: 6.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-36111", "url": "https://www.cve.org/CVERecord?id=CVE-2024-36111"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-36111"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "KubePi's JWT token validation has a defect", "vendor": "1Panel-dev", "product": "KubePi", "added_date": "2025-07-07T00:00:00.000Z", "cvss_score": 6.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "7df6096c-78a3-44b1-a04f-8dc8d2bff452", "vulnerability": {"vulnId": "CVE-2023-33831", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-07T00:00:00+00:00"}, "gcve": {"object_uuid": "7df6096c-78a3-44b1-a04f-8dc8d2bff452", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a... | Affected: FUXA / FUXA | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-33831", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33831"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-33831"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a...", "vendor": "FUXA", "product": "FUXA", "added_date": "2025-07-07T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "47352fb0-064e-4603-97f9-d47b29e3bbef", "vulnerability": {"vulnId": "CVE-2023-23489", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-07T00:00:00+00:00"}, "gcve": {"object_uuid": "47352fb0-064e-4603-97f9-d47b29e3bbef", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthenticated SQL injection vulnerability in the 's'... | Affected: Easy Digital Downloads / WordPress Plugin | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-23489", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23489"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-23489"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthenticated SQL injection vulnerability in the 's'...", "vendor": "Easy Digital Downloads", "product": "WordPress Plugin", "added_date": "2025-07-07T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "3fdaec84-d4d5-4614-8497-740d33f72b47", "vulnerability": {"vulnId": "CVE-2023-31478", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-07T00:00:00+00:00"}, "gcve": {"object_uuid": "3fdaec84-d4d5-4614-8497-740d33f72b47", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and... | Affected: GL.iNet / GL.iNet devices | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-31478", "url": "https://www.cve.org/CVERecord?id=CVE-2023-31478"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-31478"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and...", "vendor": "GL.iNet", "product": "GL.iNet devices", "added_date": "2025-07-07T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "1920d6ab-942e-4548-a7ed-225613dfb3bc", "vulnerability": {"vulnId": "CVE-2023-22478", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-07T00:00:00+00:00"}, "gcve": {"object_uuid": "1920d6ab-942e-4548-a7ed-225613dfb3bc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: KubePi is vulnerable to missing authorization | Affected: KubeOperator / KubePi | CVSS: 7.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-22478", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22478"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-22478"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "KubePi is vulnerable to missing authorization", "vendor": "KubeOperator", "product": "KubePi", "added_date": "2025-07-07T00:00:00.000Z", "cvss_score": 7.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "5dff140f-4ff9-49ac-a1a7-b37b27e44bc5", "vulnerability": {"vulnId": "CVE-2023-46574", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-07T00:00:00+00:00"}, "gcve": {"object_uuid": "5dff140f-4ff9-49ac-a1a7-b37b27e44bc5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the... | Affected: TOTOLINK / A3700R | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-46574", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46574"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-46574"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the...", "vendor": "TOTOLINK", "product": "A3700R", "added_date": "2025-07-07T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "b8c5841c-c8da-4dfd-9ba9-4d7dd490cea7", "vulnerability": {"vulnId": "CVE-2023-1698", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-07T00:00:00+00:00"}, "gcve": {"object_uuid": "b8c5841c-c8da-4dfd-9ba9-4d7dd490cea7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: WAGO: WBM Command Injection in multiple products | Affected: WAGO / Compact Controller CC100, Edge Controller, PFC100, PFC200, Touch Panel 600 Advanced Line, Touch Panel 600 Marine Line, Touch Panel 600 Standard Line | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-1698", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1698"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-1698"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WAGO: WBM Command Injection in multiple products", "vendor": "WAGO", "product": "Compact Controller CC100, Edge Controller, PFC100, PFC200, Touch Panel 600 Advanced Line, Touch Panel 600 Marine Line, Touch Panel 600 Standard Line", "added_date": "2025-07-07T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "1892ab2a-a029-4517-8922-7d906defafa3", "vulnerability": {"vulnId": "CVE-2023-4450", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-07T00:00:00+00:00"}, "gcve": {"object_uuid": "1892ab2a-a029-4517-8922-7d906defafa3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: jeecgboot JimuReport Template injection | Affected: jeecgboot / JimuReport | CVSS: 6.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-4450", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4450"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-4450"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "jeecgboot JimuReport Template injection", "vendor": "jeecgboot", "product": "JimuReport", "added_date": "2025-07-07T00:00:00.000Z", "cvss_score": 6.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "615ac098-380a-43cf-8da2-81045bb1fada", "vulnerability": {"vulnId": "CVE-2023-49070", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-07T00:00:00+00:00"}, "gcve": {"object_uuid": "615ac098-380a-43cf-8da2-81045bb1fada", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Pre-auth RCE in Apache Ofbiz 18.12.09 due to XML-RPC still present | Affected: Apache Software Foundation / Apache OFBiz | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-49070", "url": "https://www.cve.org/CVERecord?id=CVE-2023-49070"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-49070"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Pre-auth RCE in Apache Ofbiz 18.12.09 due to XML-RPC still present", "vendor": "Apache Software Foundation", "product": "Apache OFBiz", "added_date": "2025-07-07T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "147d8a74-925a-498a-9d25-331d14d378df", "vulnerability": {"vulnId": "CVE-2023-4634", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-07T00:00:00+00:00"}, "gcve": {"object_uuid": "147d8a74-925a-498a-9d25-331d14d378df", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including,... | Affected: dglingren / Media Library Assistant | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-4634", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4634"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-4634"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including,...", "vendor": "dglingren", "product": "Media Library Assistant", "added_date": "2025-07-07T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "16bee407-6257-4282-84ae-bea1a10d00eb", "vulnerability": {"vulnId": "CVE-2023-1454", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-07T00:00:00+00:00"}, "gcve": {"object_uuid": "16bee407-6257-4282-84ae-bea1a10d00eb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: jeecg-boot qurestSql sql injection | Affected: jeecg / jeecg-boot | CVSS: 6.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-1454", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1454"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-1454"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "jeecg-boot qurestSql sql injection", "vendor": "jeecg", "product": "jeecg-boot", "added_date": "2025-07-07T00:00:00.000Z", "cvss_score": 6.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "196c14bd-edc0-4904-98a3-43c03c5290fc", "vulnerability": {"vulnId": "CVE-2022-22897", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-06T00:00:00+00:00"}, "gcve": {"object_uuid": "196c14bd-edc0-4904-98a3-43c03c5290fc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-06T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for... | Affected: PrestaShop / ApolloTheme AP PageBuilder | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-22897", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22897"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-22897"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for...", "vendor": "PrestaShop", "product": "ApolloTheme AP PageBuilder", "added_date": "2025-07-06T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "084d1df9-17f5-48a8-9211-ab0672802db5", "vulnerability": {"vulnId": "CVE-2020-35235", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-06T00:00:00+00:00"}, "gcve": {"object_uuid": "084d1df9-17f5-48a8-9211-ab0672802db5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-06T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access... | Affected: WordPress / secure-file-manager | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-35235", "url": "https://www.cve.org/CVERecord?id=CVE-2020-35235"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-35235"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access...", "vendor": "WordPress", "product": "secure-file-manager", "added_date": "2025-07-06T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "82b2c6ac-0798-4bf9-a342-d574050bf433", "vulnerability": {"vulnId": "CVE-2022-0781", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-06T00:00:00+00:00"}, "gcve": {"object_uuid": "82b2c6ac-0798-4bf9-a342-d574050bf433", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-06T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Nirweb support < 2.8.2 - Unauthenticated SQLi | Affected: Unknown / Nirweb support | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-0781", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0781"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-0781"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Nirweb support < 2.8.2 - Unauthenticated SQLi", "vendor": "Unknown", "product": "Nirweb support", "added_date": "2025-07-06T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "e18d54ea-dc4e-433c-ba2d-a5dd6240ef50", "vulnerability": {"vulnId": "CVE-2021-41266", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-06T00:00:00+00:00"}, "gcve": {"object_uuid": "e18d54ea-dc4e-433c-ba2d-a5dd6240ef50", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-06T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Authentication bypass issue in the Operator Console | Affected: minio / console | CVSS: 8.6 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-41266", "url": "https://www.cve.org/CVERecord?id=CVE-2021-41266"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-41266"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Authentication bypass issue in the Operator Console", "vendor": "minio", "product": "console", "added_date": "2025-07-06T00:00:00.000Z", "cvss_score": 8.6, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "3148ea73-3485-496e-b111-924866fefa86", "vulnerability": {"vulnId": "CVE-2022-25487", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-06T00:00:00+00:00"}, "gcve": {"object_uuid": "3148ea73-3485-496e-b111-924866fefa86", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-06T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php. | Affected: Atom CMS / Atom CMS | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-25487", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25487"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-25487"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php.", "vendor": "Atom CMS", "product": "Atom CMS", "added_date": "2025-07-06T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "549afa81-95ce-4e9e-b934-a98ca672197b", "vulnerability": {"vulnId": "CVE-2022-1952", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-06T00:00:00+00:00"}, "gcve": {"object_uuid": "549afa81-95ce-4e9e-b934-a98ca672197b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-06T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: eaSYNC < 1.1.16 - Unauthenticated Arbitrary File Upload | Affected: Unknown / Free Booking Plugin for Hotels, Restaurant and Car Rental \u2013 eaSYNC | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-1952", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1952"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-1952"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "eaSYNC < 1.1.16 - Unauthenticated Arbitrary File Upload", "vendor": "Unknown", "product": "Free Booking Plugin for Hotels, Restaurant and Car Rental \u2013 eaSYNC", "added_date": "2025-07-06T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "df2b05c7-2fd2-475d-8eb2-93b83273e155", "vulnerability": {"vulnId": "CVE-2021-24442", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-06T00:00:00+00:00"}, "gcve": {"object_uuid": "df2b05c7-2fd2-475d-8eb2-93b83273e155", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-06T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Poll, Survey, Questionnaire and Voting system < 1.5.3 - Unauthenticated Blind SQL Injection | Affected: wpdevart / Poll, Survey, Questionnaire and Voting system | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-24442", "url": "https://www.cve.org/CVERecord?id=CVE-2021-24442"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-24442"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Poll, Survey, Questionnaire and Voting system < 1.5.3 - Unauthenticated Blind SQL Injection", "vendor": "wpdevart", "product": "Poll, Survey, Questionnaire and Voting system", "added_date": "2025-07-06T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "e946bb7b-e783-4147-b971-e2fb48089fc9", "vulnerability": {"vulnId": "CVE-2022-2488", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-06T00:00:00+00:00"}, "gcve": {"object_uuid": "e946bb7b-e783-4147-b971-e2fb48089fc9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-06T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: WAVLINK WN535K2/WN535K3 touchlist_sync.cgi os command injection | Affected: WAVLINK / WN535K2, WN535K3 | CVSS: 8.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-2488", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2488"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-2488"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WAVLINK WN535K2/WN535K3 touchlist_sync.cgi os command injection", "vendor": "WAVLINK", "product": "WN535K2, WN535K3", "added_date": "2025-07-06T00:00:00.000Z", "cvss_score": 8.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "6281f78f-ad06-460a-b6bd-1e9fb06db98e", "vulnerability": {"vulnId": "CVE-2019-15642", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-05T00:00:00+00:00"}, "gcve": {"object_uuid": "6281f78f-ad06-460a-b6bd-1e9fb06db98e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-05T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval... | Affected: Webmin / Webmin | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2019-15642", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15642"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-15642"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval...", "vendor": "Webmin", "product": "Webmin", "added_date": "2025-07-05T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "9d9eb6e0-b0f0-46c5-a134-94946bf911d2", "vulnerability": {"vulnId": "CVE-2016-10108", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-05T00:00:00+00:00"}, "gcve": {"object_uuid": "9d9eb6e0-b0f0-46c5-a134-94946bf911d2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-05T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified... | Affected: Western Digital / MyCloud NAS | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2016-10108", "url": "https://www.cve.org/CVERecord?id=CVE-2016-10108"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-10108"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified...", "vendor": "Western Digital", "product": "MyCloud NAS", "added_date": "2025-07-05T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a06c2b12-5d1b-4c91-ac88-d5dbe056b36c", "vulnerability": {"vulnId": "CVE-2018-16159", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-05T00:00:00+00:00"}, "gcve": {"object_uuid": "a06c2b12-5d1b-4c91-ac88-d5dbe056b36c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-05T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php... | Affected: WordPress / Gift Vouchers plugin | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-16159", "url": "https://www.cve.org/CVERecord?id=CVE-2018-16159"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-16159"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php...", "vendor": "WordPress", "product": "Gift Vouchers plugin", "added_date": "2025-07-05T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "9162d711-d2d8-4b3a-83af-9e721d4f7eb0", "vulnerability": {"vulnId": "CVE-2011-3600", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-05T00:00:00+00:00"}, "gcve": {"object_uuid": "9162d711-d2d8-4b3a-83af-9e721d4f7eb0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-05T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with... | Affected: OFBiz / OFBiz | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2011-3600", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3600"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2011-3600"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with...", "vendor": "OFBiz", "product": "OFBiz", "added_date": "2025-07-05T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "487dbfc2-eb91-4f3b-b77f-6bc74138a3b3", "vulnerability": {"vulnId": "CVE-2018-1000130", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-05T00:00:00+00:00"}, "gcve": {"object_uuid": "487dbfc2-eb91-4f3b-b77f-6bc74138a3b3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-05T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on... | Affected: Jolokia / Jolokia agent | CVSS: 8.1 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-1000130", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000130"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-1000130"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on...", "vendor": "Jolokia", "product": "Jolokia agent", "added_date": "2025-07-05T00:00:00.000Z", "cvss_score": 8.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "1ac1e243-283e-4f9c-bb3e-a35d09f40f63", "vulnerability": {"vulnId": "CVE-2018-1335", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-05T00:00:00+00:00"}, "gcve": {"object_uuid": "1ac1e243-283e-4f9c-bb3e-a35d09f40f63", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-05T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the... | Affected: Apache Software Foundation / Apache Tika | CVSS: 8.1 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-1335", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1335"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-1335"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the...", "vendor": "Apache Software Foundation", "product": "Apache Tika", "added_date": "2025-07-05T00:00:00.000Z", "cvss_score": 8.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "972ed98f-41dd-4e28-9fff-14c3cc913f63", "vulnerability": {"vulnId": "CVE-2017-6090", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-05T00:00:00+00:00"}, "gcve": {"object_uuid": "972ed98f-41dd-4e28-9fff-14c3cc913f63", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-05T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute... | Affected: PhpCollab / PhpCollab | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2017-6090", "url": "https://www.cve.org/CVERecord?id=CVE-2017-6090"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-6090"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute...", "vendor": "PhpCollab", "product": "PhpCollab", "added_date": "2025-07-05T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "00de84ff-89d6-42ce-9de7-5bb70704b58f", "vulnerability": {"vulnId": "CVE-2018-11686", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-03T00:00:00+00:00"}, "gcve": {"object_uuid": "00de84ff-89d6-42ce-9de7-5bb70704b58f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Publish Service in FlexPaper (later renamed FlowPaper) 2.3.6 allows remote code execution via setup.php and change_config.php. | Affected: FlowPaper / FlexPaper | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-11686", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11686"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-11686"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Publish Service in FlexPaper (later renamed FlowPaper) 2.3.6 allows remote code execution via setup.php and change_config.php.", "vendor": "FlowPaper", "product": "FlexPaper", "added_date": "2025-07-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "e26e4f62-a161-4a1f-8b9e-b5ef6290c70b", "vulnerability": {"vulnId": "CVE-2019-20933", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-01T00:00:00+00:00"}, "gcve": {"object_uuid": "e26e4f62-a161-4a1f-8b9e-b5ef6290c70b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-01T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may... | Affected: InfluxData / InfluxDB | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2019-20933", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20933"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-20933"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may...", "vendor": "InfluxData", "product": "InfluxDB", "added_date": "2025-07-01T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "c1d015e0-8b85-4a66-9098-a997dc27431c", "vulnerability": {"vulnId": "CVE-2022-25237", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-01T00:00:00+00:00"}, "gcve": {"object_uuid": "c1d015e0-8b85-4a66-9098-a997dc27431c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-01T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the... | Affected: Bonitasoft / Bonita Web | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-25237", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25237"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-25237"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the...", "vendor": "Bonitasoft", "product": "Bonita Web", "added_date": "2025-07-01T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "59f834f0-76d4-4716-b2ef-558b5a47ab30", "vulnerability": {"vulnId": "CVE-2019-12276", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-01T00:00:00+00:00"}, "gcve": {"object_uuid": "59f834f0-76d4-4716-b2ef-558b5a47ab30", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-01T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated... | Affected: GrandNode / GrandNode | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2019-12276", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12276"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-12276"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated...", "vendor": "GrandNode", "product": "GrandNode", "added_date": "2025-07-01T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "391a5df1-cb85-40cc-9db4-9d67596b9ae9", "vulnerability": {"vulnId": "CVE-2021-33564", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-01T00:00:00+00:00"}, "gcve": {"object_uuid": "391a5df1-cb85-40cc-9db4-9d67596b9ae9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-01T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a... | Affected: markevans / Dragonfly | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-33564", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33564"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-33564"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a...", "vendor": "markevans", "product": "Dragonfly", "added_date": "2025-07-01T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "fdfaec49-3d4b-4140-8fbc-14afc4da808d", "vulnerability": {"vulnId": "CVE-2021-31602", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-01T00:00:00+00:00"}, "gcve": {"object_uuid": "fdfaec49-3d4b-4140-8fbc-14afc4da808d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-01T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has... | Affected: Hitachi Vantara / Pentaho | CVSS: 5.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-31602", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31602"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-31602"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has...", "vendor": "Hitachi Vantara", "product": "Pentaho", "added_date": "2025-07-01T00:00:00.000Z", "cvss_score": 5.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "ac54338f-0c32-4c59-a5ed-536c0e9ab33e", "vulnerability": {"vulnId": "CVE-2023-35813", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-01T00:00:00+00:00"}, "gcve": {"object_uuid": "ac54338f-0c32-4c59-a5ed-536c0e9ab33e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-01T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-07-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3. | Affected: Sitecore / Experience Manager, Experience Platform, Experience Commerce | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-35813", "url": "https://www.cve.org/CVERecord?id=CVE-2023-35813"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-35813"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.", "vendor": "Sitecore", "product": "Experience Manager, Experience Platform, Experience Commerce", "added_date": "2025-07-01T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "d1497018-e617-4a39-ad64-0aea1048f07b", "vulnerability": {"vulnId": "CVE-2021-21389", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "d1497018-e617-4a39-ad64-0aea1048f07b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-30T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: BuddyPress privilege escalation via REST API | Affected: buddypress / BuddyPress | CVSS: 8.1 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-21389", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21389"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-21389"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "BuddyPress privilege escalation via REST API", "vendor": "buddypress", "product": "BuddyPress", "added_date": "2025-06-30T00:00:00.000Z", "cvss_score": 8.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "c24fe5cc-9899-4a77-8d91-3de0bceaaea5", "vulnerability": {"vulnId": "CVE-2023-51467", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "c24fe5cc-9899-4a77-8d91-3de0bceaaea5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-30T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Apache OFBiz: Pre-authentication Remote Code Execution (RCE) vulnerability | Affected: Apache Software Foundation / Apache OFBiz | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-51467", "url": "https://www.cve.org/CVERecord?id=CVE-2023-51467"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-51467"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Apache OFBiz: Pre-authentication Remote Code Execution (RCE) vulnerability", "vendor": "Apache Software Foundation", "product": "Apache OFBiz", "added_date": "2025-06-30T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "22717a12-fa9a-4475-95ff-f03be7aa0483", "vulnerability": {"vulnId": "CVE-2020-21650", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "22717a12-fa9a-4475-95ff-f03be7aa0483", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-30T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \\controller\\Config.php, which can be exploited via the add()... | Affected: Myucms / Myucms v2.2.1 | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-21650", "url": "https://www.cve.org/CVERecord?id=CVE-2020-21650"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-21650"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \\controller\\Config.php, which can be exploited via the add()...", "vendor": "Myucms", "product": "Myucms v2.2.1", "added_date": "2025-06-30T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "88b24fc3-90fd-47c0-8e6c-3b64e8c56b2f", "vulnerability": {"vulnId": "CVE-2021-29441", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-28T00:00:00+00:00"}, "gcve": {"object_uuid": "88b24fc3-90fd-47c0-8e6c-3b64e8c56b2f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Authentication bypass | Affected: alibaba / nacos | CVSS: 8.6 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-29441", "url": "https://www.cve.org/CVERecord?id=CVE-2021-29441"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-29441"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Authentication bypass", "vendor": "alibaba", "product": "nacos", "added_date": "2025-06-28T00:00:00.000Z", "cvss_score": 8.6, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "474a6820-e6ce-48d7-a39d-f5f8c51aa291", "vulnerability": {"vulnId": "CVE-2019-9733", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-28T00:00:00+00:00"}, "gcve": {"object_uuid": "474a6820-e6ce-48d7-a39d-f5f8c51aa291", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in JFrog Artifactory 6.7.3. By default, the access-admin account is used to reset the password of the admin account in case... | Affected: JFrog / Artifactory | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2019-9733", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9733"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-9733"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in JFrog Artifactory 6.7.3. By default, the access-admin account is used to reset the password of the admin account in case...", "vendor": "JFrog", "product": "Artifactory", "added_date": "2025-06-28T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "2b728038-ec23-4239-9abf-35feea7cd27b", "vulnerability": {"vulnId": "CVE-2023-36934", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-27T09:50:50+00:00"}, "gcve": {"object_uuid": "2b728038-ec23-4239-9abf-35feea7cd27b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-27T09:50:50+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-27T09:50:50+00:00"}, "scope": {"notes": "KEVIntel entry: In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4... | Affected: Progress / MOVEit Transfer | CVSS: 9.1 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-36934", "url": "https://www.cve.org/CVERecord?id=CVE-2023-36934"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-36934"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4...", "vendor": "Progress", "product": "MOVEit Transfer", "added_date": "2025-06-27T09:50:50.000Z", "cvss_score": 9.1, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "1b7ef6de-9a54-49bc-b1f3-6ffe5b92282d", "vulnerability": {"vulnId": "CVE-2020-29597", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-27T00:00:00+00:00"}, "gcve": {"object_uuid": "1b7ef6de-9a54-49bc-b1f3-6ffe5b92282d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-27T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-27T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows unauthenticated attackers to... | Affected: IncomCMS / IncomCMS 2.0 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-29597", "url": "https://www.cve.org/CVERecord?id=CVE-2020-29597"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-29597"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows unauthenticated attackers to...", "vendor": "IncomCMS", "product": "IncomCMS 2.0", "added_date": "2025-06-27T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "6316d7a4-82c1-4c1d-b903-af3fccd18023", "vulnerability": {"vulnId": "CVE-2020-35713", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-27T00:00:00+00:00"}, "gcve": {"object_uuid": "6316d7a4-82c1-4c1d-b903-af3fccd18023", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-27T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-27T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell... | Affected: Belkin / LINKSYS RE6500 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-35713", "url": "https://www.cve.org/CVERecord?id=CVE-2020-35713"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-35713"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell...", "vendor": "Belkin", "product": "LINKSYS RE6500", "added_date": "2025-06-27T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "8af41d07-d32a-4517-94e6-a4c3d14b34e5", "vulnerability": {"vulnId": "CVE-2024-32640", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-26T00:00:00+00:00"}, "gcve": {"object_uuid": "8af41d07-d32a-4517-94e6-a4c3d14b34e5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: MasaCMS SQL Injection vulnerability | Affected: MasaCMS / MasaCMS | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-32640", "url": "https://www.cve.org/CVERecord?id=CVE-2024-32640"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-32640"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "MasaCMS SQL Injection vulnerability", "vendor": "MasaCMS", "product": "MasaCMS", "added_date": "2025-06-26T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "63d07c26-57c5-4d3d-88ac-0a81334d1ec9", "vulnerability": {"vulnId": "CVE-2024-9047", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-26T00:00:00+00:00"}, "gcve": {"object_uuid": "63d07c26-57c5-4d3d-88ac-0a81334d1ec9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: WordPress File Upload <= 4.24.11 - Unauthenticated Path Traversal to Arbitrary File Read and Deletion in wfu_file_downloader.php | Affected: nickboss / WordPress File Upload | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-9047", "url": "https://www.cve.org/CVERecord?id=CVE-2024-9047"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-9047"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WordPress File Upload <= 4.24.11 - Unauthenticated Path Traversal to Arbitrary File Read and Deletion in wfu_file_downloader.php", "vendor": "nickboss", "product": "WordPress File Upload", "added_date": "2025-06-26T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "9b9dacbf-8358-4ce2-9ffc-5b35fbf658b7", "vulnerability": {"vulnId": "CVE-2024-38289", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-26T00:00:00+00:00"}, "gcve": {"object_uuid": "9b9dacbf-8358-4ce2-9ffc-5b35fbf658b7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A boolean-based SQL injection issue in the Virtual Meeting Password (VMP) endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote... | Affected: R-HUB / TurboMeeting | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-38289", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38289"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-38289"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A boolean-based SQL injection issue in the Virtual Meeting Password (VMP) endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote...", "vendor": "R-HUB", "product": "TurboMeeting", "added_date": "2025-06-26T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "e390efce-fc2b-44bd-8ed1-1fa7e00d7851", "vulnerability": {"vulnId": "CVE-2024-42640", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-26T00:00:00+00:00"}, "gcve": {"object_uuid": "e390efce-fc2b-44bd-8ed1-1fa7e00d7851", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability... | Affected: adonespitogo / angular-base64-upload | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-42640", "url": "https://www.cve.org/CVERecord?id=CVE-2024-42640"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-42640"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability...", "vendor": "adonespitogo", "product": "angular-base64-upload", "added_date": "2025-06-26T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "84ef92e8-8f04-4ba1-a726-6f2a492acedf", "vulnerability": {"vulnId": "CVE-2024-48307", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-26T00:00:00+00:00"}, "gcve": {"object_uuid": "84ef92e8-8f04-4ba1-a726-6f2a492acedf", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData. | Affected: JeecgBoot / JeecgBoot | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-48307", "url": "https://www.cve.org/CVERecord?id=CVE-2024-48307"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-48307"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData.", "vendor": "JeecgBoot", "product": "JeecgBoot", "added_date": "2025-06-26T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "f9a8ba2a-692a-41ca-9585-19a2b637ac5e", "vulnerability": {"vulnId": "CVE-2024-1698", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-26T00:00:00+00:00"}, "gcve": {"object_uuid": "f9a8ba2a-692a-41ca-9585-19a2b637ac5e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The NotificationX \u2013 Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor plugin for WordPress is... | Affected: wpdevteam / NotificationX \u2013 Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-1698", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1698"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-1698"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The NotificationX \u2013 Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor plugin for WordPress is...", "vendor": "wpdevteam", "product": "NotificationX \u2013 Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor", "added_date": "2025-06-26T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "8e24caf7-cc97-4c4c-963f-486654490b18", "vulnerability": {"vulnId": "CVE-2024-37032", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-26T00:00:00+00:00"}, "gcve": {"object_uuid": "8e24caf7-cc97-4c4c-963f-486654490b18", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the... | Affected: Ollama / Ollama | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-37032", "url": "https://www.cve.org/CVERecord?id=CVE-2024-37032"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-37032"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the...", "vendor": "Ollama", "product": "Ollama", "added_date": "2025-06-26T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "d932f82d-3a8e-4fbf-b3ee-0dabde0882d9", "vulnerability": {"vulnId": "CVE-2024-5827", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-26T00:00:00+00:00"}, "gcve": {"object_uuid": "d932f82d-3a8e-4fbf-b3ee-0dabde0882d9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Arbitrary File Write by Prompt Injection via DuckDB SQL in vanna-ai/vanna | Affected: vanna-ai / vanna-ai/vanna | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-5827", "url": "https://www.cve.org/CVERecord?id=CVE-2024-5827"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-5827"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Arbitrary File Write by Prompt Injection via DuckDB SQL in vanna-ai/vanna", "vendor": "vanna-ai", "product": "vanna-ai/vanna", "added_date": "2025-06-26T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "baee748c-b468-46ac-bd52-0ff1cc851728", "vulnerability": {"vulnId": "CVE-2024-43360", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-26T00:00:00+00:00"}, "gcve": {"object_uuid": "baee748c-b468-46ac-bd52-0ff1cc851728", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: ZoneMinder Time-based SQL Injection | Affected: ZoneMinder / zoneminder | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-43360", "url": "https://www.cve.org/CVERecord?id=CVE-2024-43360"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-43360"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "ZoneMinder Time-based SQL Injection", "vendor": "ZoneMinder", "product": "zoneminder", "added_date": "2025-06-26T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "8add21eb-b876-4d88-955a-82be8e575b9f", "vulnerability": {"vulnId": "CVE-2024-8856", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-26T00:00:00+00:00"}, "gcve": {"object_uuid": "8add21eb-b876-4d88-955a-82be8e575b9f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Backup and Staging by WP Time Capsule <= 1.22.21 - Unauthenticated Arbitrary File Upload | Affected: revmakx / Backup and Staging by WP Time Capsule | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-8856", "url": "https://www.cve.org/CVERecord?id=CVE-2024-8856"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-8856"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Backup and Staging by WP Time Capsule <= 1.22.21 - Unauthenticated Arbitrary File Upload", "vendor": "revmakx", "product": "Backup and Staging by WP Time Capsule", "added_date": "2025-06-26T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "bd05b5e9-3f8f-408d-a7eb-c9cc8b9f7230", "vulnerability": {"vulnId": "CVE-2024-50498", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-26T00:00:00+00:00"}, "gcve": {"object_uuid": "bd05b5e9-3f8f-408d-a7eb-c9cc8b9f7230", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: WordPress WP Query Console plugin <= 1.0 - Remote Code Execution (RCE) vulnerability | Affected: Ajit Bohra / WP Query Console | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-50498", "url": "https://www.cve.org/CVERecord?id=CVE-2024-50498"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-50498"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WordPress WP Query Console plugin <= 1.0 - Remote Code Execution (RCE) vulnerability", "vendor": "Ajit Bohra", "product": "WP Query Console", "added_date": "2025-06-26T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "5ec6c824-e334-440d-9224-80b591742a42", "vulnerability": {"vulnId": "CVE-2024-6396", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-26T00:00:00+00:00"}, "gcve": {"object_uuid": "5ec6c824-e334-440d-9224-80b591742a42", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Arbitrary File Overwrite and Data Exfiltration in aimhubio/aim | Affected: aimhubio / aimhubio/aim | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-6396", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6396"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-6396"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Arbitrary File Overwrite and Data Exfiltration in aimhubio/aim", "vendor": "aimhubio", "product": "aimhubio/aim", "added_date": "2025-06-26T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "dad112a1-2f90-4f34-8e24-371824ef2c42", "vulnerability": {"vulnId": "CVE-2024-8877", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-26T00:00:00+00:00"}, "gcve": {"object_uuid": "dad112a1-2f90-4f34-8e24-371824ef2c42", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SQL Injection | Affected: Riello / Netman 204 | CVSS: 6.9 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-8877", "url": "https://www.cve.org/CVERecord?id=CVE-2024-8877"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-8877"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SQL Injection", "vendor": "Riello", "product": "Netman 204", "added_date": "2025-06-26T00:00:00.000Z", "cvss_score": 6.9, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "534aaaec-3eac-4939-af60-1670fddae021", "vulnerability": {"vulnId": "CVE-2024-7954", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-26T00:00:00+00:00"}, "gcve": {"object_uuid": "534aaaec-3eac-4939-af60-1670fddae021", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SPIP porte_plume Plugin Arbitrary PHP Execution | Affected: SPIP / SPIP | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-7954", "url": "https://www.cve.org/CVERecord?id=CVE-2024-7954"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-7954"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SPIP porte_plume Plugin Arbitrary PHP Execution", "vendor": "SPIP", "product": "SPIP", "added_date": "2025-06-26T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "00ff4abd-41c1-4b3c-9fc7-2ff05513309c", "vulnerability": {"vulnId": "CVE-2024-45507", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-26T00:00:00+00:00"}, "gcve": {"object_uuid": "00ff4abd-41c1-4b3c-9fc7-2ff05513309c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Apache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE | Affected: Apache Software Foundation / Apache OFBiz | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-45507", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45507"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-45507"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Apache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE", "vendor": "Apache Software Foundation", "product": "Apache OFBiz", "added_date": "2025-06-26T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "e820e848-8121-4bc8-91d3-4c4d8f765d99", "vulnerability": {"vulnId": "CVE-2024-27956", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-26T00:00:00+00:00"}, "gcve": {"object_uuid": "e820e848-8121-4bc8-91d3-4c4d8f765d99", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: WordPress Automatic plugin <= 3.92.0 - Unauthenticated Arbitrary SQL Execution vulnerability | Affected: ValvePress / Automatic | CVSS: 9.9 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-27956", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27956"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-27956"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WordPress Automatic plugin <= 3.92.0 - Unauthenticated Arbitrary SQL Execution vulnerability", "vendor": "ValvePress", "product": "Automatic", "added_date": "2025-06-26T00:00:00.000Z", "cvss_score": 9.9, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "986b7c65-c189-46e7-b102-cc12369b0eb2", "vulnerability": {"vulnId": "CVE-2024-29895", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-26T00:00:00+00:00"}, "gcve": {"object_uuid": "986b7c65-c189-46e7-b102-cc12369b0eb2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cacti command injection in cmd_realtime.php | Affected: Cacti / cacti | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-29895", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29895"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-29895"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cacti command injection in cmd_realtime.php", "vendor": "Cacti", "product": "cacti", "added_date": "2025-06-26T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "47611783-e7e1-4c88-8a13-c7a21bef6ae4", "vulnerability": {"vulnId": "CVE-2023-5148", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-26T00:00:00+00:00"}, "gcve": {"object_uuid": "47611783-e7e1-4c88-8a13-c7a21bef6ae4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: D-Link DAR-7000/DAR-8000 uploadfile.php unrestricted upload | Affected: D-Link / DAR-7000, DAR-8000 | CVSS: 6.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-5148", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5148"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-5148"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "D-Link DAR-7000/DAR-8000 uploadfile.php unrestricted upload", "vendor": "D-Link", "product": "DAR-7000, DAR-8000", "added_date": "2025-06-26T00:00:00.000Z", "cvss_score": 6.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "335b8ce8-106d-4905-a0cf-189e22a3f842", "vulnerability": {"vulnId": "CVE-2024-44849", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-26T00:00:00+00:00"}, "gcve": {"object_uuid": "335b8ce8-106d-4905-a0cf-189e22a3f842", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php. | Affected: Qualitor / Qualitor | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-44849", "url": "https://www.cve.org/CVERecord?id=CVE-2024-44849"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-44849"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php.", "vendor": "Qualitor", "product": "Qualitor", "added_date": "2025-06-26T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "ddcdfc2b-f570-4fcd-b93c-3e7cb7a79ee7", "vulnerability": {"vulnId": "CVE-2024-2389", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-26T00:00:00+00:00"}, "gcve": {"object_uuid": "ddcdfc2b-f570-4fcd-b93c-3e7cb7a79ee7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Flowmon Unauthenticated Command Injection Vulnerability | Affected: Progress Software / Flowmon | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-2389", "url": "https://www.cve.org/CVERecord?id=CVE-2024-2389"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-2389"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Flowmon Unauthenticated Command Injection Vulnerability", "vendor": "Progress Software", "product": "Flowmon", "added_date": "2025-06-26T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "d17e9fdd-7dc6-4cbb-9c75-7c1ba06775a0", "vulnerability": {"vulnId": "CVE-2024-39914", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-26T00:00:00+00:00"}, "gcve": {"object_uuid": "d17e9fdd-7dc6-4cbb-9c75-7c1ba06775a0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry:  FOG has a command injection in /fog/management/export.php?filename= | Affected: FOGProject / fogproject | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-39914", "url": "https://www.cve.org/CVERecord?id=CVE-2024-39914"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-39914"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": " FOG has a command injection in /fog/management/export.php?filename=", "vendor": "FOGProject", "product": "fogproject", "added_date": "2025-06-26T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "9e435e1e-9ed2-41bd-9134-7a5d5ad671b2", "vulnerability": {"vulnId": "CVE-2024-6205", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-26T00:00:00+00:00"}, "gcve": {"object_uuid": "9e435e1e-9ed2-41bd-9134-7a5d5ad671b2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: PayPlus Payment Gateway < 6.6.9 - Unauthenticated SQLi | Affected: Unknown / PayPlus Payment Gateway | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-6205", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6205"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-6205"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "PayPlus Payment Gateway < 6.6.9 - Unauthenticated SQLi", "vendor": "Unknown", "product": "PayPlus Payment Gateway", "added_date": "2025-06-26T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "d736e3ec-16b3-451c-b937-db30a57a14d2", "vulnerability": {"vulnId": "CVE-2024-10081", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-26T00:00:00+00:00"}, "gcve": {"object_uuid": "d736e3ec-16b3-451c-b937-db30a57a14d2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. \nAuthentication bypass... | Affected: Ericsson / CodeChecker | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-10081", "url": "https://www.cve.org/CVERecord?id=CVE-2024-10081"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-10081"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. \nAuthentication bypass...", "vendor": "Ericsson", "product": "CodeChecker", "added_date": "2025-06-26T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "81a4e960-ad40-4ff8-8bc8-087486aebe56", "vulnerability": {"vulnId": "CVE-2024-22319", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-26T00:00:00+00:00"}, "gcve": {"object_uuid": "81a4e960-ad40-4ff8-8bc8-087486aebe56", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: IBM Operational Decision Manager JDNI injection | Affected: IBM / Operational Decision Manager | CVSS: 8.1 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-22319", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22319"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-22319"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "IBM Operational Decision Manager JDNI injection", "vendor": "IBM", "product": "Operational Decision Manager", "added_date": "2025-06-26T00:00:00.000Z", "cvss_score": 8.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "9311ebff-cfc3-4687-b9f1-6703c648161a", "vulnerability": {"vulnId": "CVE-2024-57049", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-26T00:00:00+00:00"}, "gcve": {"object_uuid": "9311ebff-cfc3-4687-b9f1-6703c648161a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier permits unauthorized individuals to bypass the... | Affected: TP-Link / Archer C20 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-57049", "url": "https://www.cve.org/CVERecord?id=CVE-2024-57049"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-57049"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier permits unauthorized individuals to bypass the...", "vendor": "TP-Link", "product": "Archer C20", "added_date": "2025-06-26T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "66f05051-d61d-4152-bc0e-9cebb3939429", "vulnerability": {"vulnId": "CVE-2024-1061", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-26T00:00:00+00:00"}, "gcve": {"object_uuid": "66f05051-d61d-4152-bc0e-9cebb3939429", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The 'HTML5 Video Player' WordPress Plugin, version < 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the 'id' parameter in... | CVSS: 8.6 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-1061", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1061"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-1061"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The 'HTML5 Video Player' WordPress Plugin, version < 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the 'id' parameter in...", "vendor": "", "product": "", "added_date": "2025-06-26T00:00:00.000Z", "cvss_score": 8.6, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "bd790144-a04c-4077-8b32-b4a5b4c7c5f8", "vulnerability": {"vulnId": "CVE-2024-28255", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-26T00:00:00+00:00"}, "gcve": {"object_uuid": "bd790144-a04c-4077-8b32-b4a5b4c7c5f8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Authentication Bypass in OpenMetadata | Affected: open-metadata / OpenMetadata | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-28255", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28255"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-28255"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Authentication Bypass in OpenMetadata", "vendor": "open-metadata", "product": "OpenMetadata", "added_date": "2025-06-26T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "370865de-631c-4aed-9fbe-d20f6c243f91", "vulnerability": {"vulnId": "CVE-2024-29973", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-26T00:00:00+00:00"}, "gcve": {"object_uuid": "370865de-631c-4aed-9fbe-d20f6c243f91", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: ** UNSUPPORTED WHEN ASSIGNED **\nThe command injection vulnerability in the \u201csetCookie\u201d parameter in Zyxel NAS326 firmware versions before... | Affected: Zyxel / NAS326 firmware, NAS542 firmware | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-29973", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29973"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-29973"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "** UNSUPPORTED WHEN ASSIGNED **\nThe command injection vulnerability in the \u201csetCookie\u201d parameter in Zyxel NAS326 firmware versions before...", "vendor": "Zyxel", "product": "NAS326 firmware, NAS542 firmware", "added_date": "2025-06-26T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "c79cc01a-9c0f-4290-9c78-5f70c7fc8641", "vulnerability": {"vulnId": "CVE-2023-26775", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-25T00:00:00+00:00"}, "gcve": {"object_uuid": "c79cc01a-9c0f-4290-9c78-5f70c7fc8641", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the... | Affected: Monitorr / Monitorr | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-26775", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26775"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-26775"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the...", "vendor": "Monitorr", "product": "Monitorr", "added_date": "2025-06-25T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "067a96c9-f6f0-47e5-819b-c0a6068348a1", "vulnerability": {"vulnId": "CVE-2020-12800", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-25T00:00:00+00:00"}, "gcve": {"object_uuid": "067a96c9-f6f0-47e5-819b-c0a6068348a1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution... | Affected: WordPress / drag-and-drop-multiple-file-upload-contact-form-7 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-12800", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12800"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-12800"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution...", "vendor": "WordPress", "product": "drag-and-drop-multiple-file-upload-contact-form-7", "added_date": "2025-06-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "4beadc5c-b08c-4c73-8533-10f71a4bb34b", "vulnerability": {"vulnId": "CVE-2020-24589", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-25T00:00:00+00:00"}, "gcve": {"object_uuid": "4beadc5c-b08c-4c73-8533-10f71a4bb34b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks. | Affected: WSO2 / API Manager | CVSS: 9.1 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-24589", "url": "https://www.cve.org/CVERecord?id=CVE-2020-24589"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-24589"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks.", "vendor": "WSO2", "product": "API Manager", "added_date": "2025-06-25T00:00:00.000Z", "cvss_score": 9.1, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "97d17281-7f62-4380-a126-6dcdefda042e", "vulnerability": {"vulnId": "CVE-2020-12720", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-25T00:00:00+00:00"}, "gcve": {"object_uuid": "97d17281-7f62-4380-a126-6dcdefda042e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control. | Affected: vBulletin / vBulletin | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-12720", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12720"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-12720"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.", "vendor": "vBulletin", "product": "vBulletin", "added_date": "2025-06-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "4fec1eee-d7bc-488d-8d3c-f718e88f063c", "vulnerability": {"vulnId": "CVE-2020-13167", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-25T00:00:00+00:00"}, "gcve": {"object_uuid": "4fec1eee-d7bc-488d-8d3c-f718e88f063c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches... | Affected: Netsweeper / Netsweeper | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-13167", "url": "https://www.cve.org/CVERecord?id=CVE-2020-13167"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-13167"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches...", "vendor": "Netsweeper", "product": "Netsweeper", "added_date": "2025-06-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "47053e28-a09b-4d5c-9909-3302e27c1f97", "vulnerability": {"vulnId": "CVE-2020-17456", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-25T00:00:00+00:00"}, "gcve": {"object_uuid": "47053e28-a09b-4d5c-9909-3302e27c1f97", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page. | Affected: SEOWON INTECH / SLC-130 and SLR-120S | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-17456", "url": "https://www.cve.org/CVERecord?id=CVE-2020-17456"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-17456"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page.", "vendor": "SEOWON INTECH", "product": "SLC-130 and SLR-120S", "added_date": "2025-06-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "31fb55a4-1694-4391-8f0b-ab44a8a5028e", "vulnerability": {"vulnId": "CVE-2025-24799", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-24T00:00:00+00:00"}, "gcve": {"object_uuid": "31fb55a4-1694-4391-8f0b-ab44a8a5028e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: GLPI allows unauthenticated SQL injection through the inventory endpoint | Affected: glpi-project / glpi | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-24799", "url": "https://www.cve.org/CVERecord?id=CVE-2025-24799"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-24799"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "GLPI allows unauthenticated SQL injection through the inventory endpoint", "vendor": "glpi-project", "product": "glpi", "added_date": "2025-06-24T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "b714986c-748e-4e0d-aa0b-c0b93ce2b752", "vulnerability": {"vulnId": "CVE-2025-26319", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-24T00:00:00+00:00"}, "gcve": {"object_uuid": "b714986c-748e-4e0d-aa0b-c0b93ce2b752", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments. | Affected: FlowiseAI / Flowise | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-26319", "url": "https://www.cve.org/CVERecord?id=CVE-2025-26319"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-26319"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments.", "vendor": "FlowiseAI", "product": "Flowise", "added_date": "2025-06-24T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "cea1a388-388b-4e43-9eee-789f3cd5def0", "vulnerability": {"vulnId": "CVE-2025-2294", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-24T00:00:00+00:00"}, "gcve": {"object_uuid": "cea1a388-388b-4e43-9eee-789f3cd5def0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion | Affected: extendthemes / Kubio AI Page Builder | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-2294", "url": "https://www.cve.org/CVERecord?id=CVE-2025-2294"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-2294"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion", "vendor": "extendthemes", "product": "Kubio AI Page Builder", "added_date": "2025-06-24T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "d920d147-4ad6-44c0-b360-8c379d9ac88f", "vulnerability": {"vulnId": "CVE-2025-27112", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-24T00:00:00+00:00"}, "gcve": {"object_uuid": "d920d147-4ad6-44c0-b360-8c379d9ac88f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Navidrome has authentication bypass in Subsonic API with non-existent username | Affected: navidrome / navidrome | CVSS: 6.9 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-27112", "url": "https://www.cve.org/CVERecord?id=CVE-2025-27112"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-27112"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Navidrome has authentication bypass in Subsonic API with non-existent username", "vendor": "navidrome", "product": "navidrome", "added_date": "2025-06-24T00:00:00.000Z", "cvss_score": 6.9, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "9d356c94-f5a5-408c-a45d-de8d5f099701", "vulnerability": {"vulnId": "CVE-2025-2777", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-24T00:00:00+00:00"}, "gcve": {"object_uuid": "9d356c94-f5a5-408c-a45d-de8d5f099701", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SysAid On-Prem <= 23.3.40 lshw Proceessing XML External Entity Injection | Affected: SysAid / SysAid On-Prem | CVSS: 9.3 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-2777", "url": "https://www.cve.org/CVERecord?id=CVE-2025-2777"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-2777"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SysAid On-Prem <= 23.3.40 lshw Proceessing XML External Entity Injection", "vendor": "SysAid", "product": "SysAid On-Prem", "added_date": "2025-06-24T00:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "271f6bea-9146-4f49-8d72-df3d72e6de71", "vulnerability": {"vulnId": "CVE-2025-26793", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-24T00:00:00+00:00"}, "gcve": {"object_uuid": "271f6bea-9146-4f49-8d72-df3d72e6de71", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username... | Affected: Hirsch / Enterphone MESH | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-26793", "url": "https://www.cve.org/CVERecord?id=CVE-2025-26793"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-26793"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username...", "vendor": "Hirsch", "product": "Enterphone MESH", "added_date": "2025-06-24T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "999b8fab-8aff-4087-8c56-9ece781b6e6a", "vulnerability": {"vulnId": "CVE-2025-0944", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-23T11:41:47+00:00"}, "gcve": {"object_uuid": "999b8fab-8aff-4087-8c56-9ece781b6e6a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-23T11:41:47+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-23T11:41:47+00:00"}, "scope": {"notes": "KEVIntel entry: itsourcecode Tailoring Management System customerview.php sql injection | Affected: itsourcecode / Tailoring Management System | CVSS: 5.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-0944", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0944"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-0944"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "itsourcecode Tailoring Management System customerview.php sql injection", "vendor": "itsourcecode", "product": "Tailoring Management System", "added_date": "2025-06-23T11:41:47.000Z", "cvss_score": 5.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "69784192-6d04-4793-b93b-2b55896725c8", "vulnerability": {"vulnId": "CVE-2021-24285", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-23T00:00:00+00:00"}, "gcve": {"object_uuid": "69784192-6d04-4793-b93b-2b55896725c8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Car Seller - Auto Classifieds Script <= 2.1.0 - Unauthenticated SQL Injection | Affected: Unknown / Car Seller - Auto Classifieds Script | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-24285", "url": "https://www.cve.org/CVERecord?id=CVE-2021-24285"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-24285"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Car Seller - Auto Classifieds Script <= 2.1.0 - Unauthenticated SQL Injection", "vendor": "Unknown", "product": "Car Seller - Auto Classifieds Script", "added_date": "2025-06-23T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "44c20f17-2ba8-4afc-9d6c-83e65b8b4259", "vulnerability": {"vulnId": "CVE-2022-47945", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "44c20f17-2ba8-4afc-9d6c-83e65b8b4259", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled... | Affected: ThinkPHP / ThinkPHP Framework | CVSS: 9.8 (CRITICAL) | EPSS: 0.15505 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-47945", "url": "https://www.cve.org/CVERecord?id=CVE-2022-47945"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-47945"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled...", "vendor": "ThinkPHP", "product": "ThinkPHP Framework", "added_date": "2025-06-21T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.15505, "cvss_severity": "CRITICAL", "epss_percentile": 0.9638, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "42c81ef4-30e0-4283-821b-c52b6d441a00", "vulnerability": {"vulnId": "CVE-2025-0868", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "42c81ef4-30e0-4283-821b-c52b6d441a00", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Remote Code Execution in DocsGPT | Affected: Arc53 / DocsGPT | CVSS: 9.3 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-0868", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0868"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-0868"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Remote Code Execution in DocsGPT", "vendor": "Arc53", "product": "DocsGPT", "added_date": "2025-06-21T00:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "680732ab-385c-4c2d-9e2c-7152fddf7c88", "vulnerability": {"vulnId": "CVE-2021-22707", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "680732ab-385c-4c2d-9e2c-7152fddf7c88", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink... | Affected: Schneider Electric / EVlink City, EVlink Parking, EVlink Smart Wallbox | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-22707", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22707"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-22707"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink...", "vendor": "Schneider Electric", "product": "EVlink City, EVlink Parking, EVlink Smart Wallbox", "added_date": "2025-06-21T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "c3ffa3ae-bbd1-4185-ad3f-071a9575a8d7", "vulnerability": {"vulnId": "CVE-2018-0127", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "c3ffa3ae-bbd1-4185-ad3f-071a9575a8d7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an... | Affected: Cisco / RV132W ADSL2+ Wireless-N VPN Router, RV134W VDSL2 Wireless-AC VPN Router | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-0127", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0127"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-0127"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an...", "vendor": "Cisco", "product": "RV132W ADSL2+ Wireless-N VPN Router, RV134W VDSL2 Wireless-AC VPN Router", "added_date": "2025-06-21T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a7d03dc0-e8c2-49ff-a513-7fde1ada7543", "vulnerability": {"vulnId": "CVE-2001-0537", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "a7d03dc0-e8c2-49ff-a513-7fde1ada7543", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being... | Affected: Cisco / IOS | CVSS: 9.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2001-0537", "url": "https://www.cve.org/CVERecord?id=CVE-2001-0537"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2001-0537"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being...", "vendor": "Cisco", "product": "IOS", "added_date": "2025-06-21T00:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "204a31cb-6926-417b-9e6b-928eca82fdbc", "vulnerability": {"vulnId": "CVE-2018-19276", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "204a31cb-6926-417b-9e6b-928eca82fdbc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary... | Affected: OpenMRS / OpenMRS | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-19276", "url": "https://www.cve.org/CVERecord?id=CVE-2018-19276"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-19276"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary...", "vendor": "OpenMRS", "product": "OpenMRS", "added_date": "2025-06-21T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "fad37226-4638-4d90-bd75-7e41c427be6c", "vulnerability": {"vulnId": "CVE-2020-13117", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "fad37226-4638-4d90-bd75-7e41c427be6c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Wavlink WN575A4, WN579X3, and WN530G3A devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a... | Affected: Wavlink / WN575A4, WN579X3, WN530G3A | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-13117", "url": "https://www.cve.org/CVERecord?id=CVE-2020-13117"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-13117"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Wavlink WN575A4, WN579X3, and WN530G3A devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a...", "vendor": "Wavlink", "product": "WN575A4, WN579X3, WN530G3A", "added_date": "2025-06-21T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "943fb918-6736-48c0-b957-3779264c9470", "vulnerability": {"vulnId": "CVE-2017-8226", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-20T00:00:00+00:00"}, "gcve": {"object_uuid": "943fb918-6736-48c0-b957-3779264c9470", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-20T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-20T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default credentials that are hardcoded in the firmware and can be extracted by anyone who... | Affected: Amcrest / IPM-721S | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2017-8226", "url": "https://www.cve.org/CVERecord?id=CVE-2017-8226"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-8226"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default credentials that are hardcoded in the firmware and can be extracted by anyone who...", "vendor": "Amcrest", "product": "IPM-721S", "added_date": "2025-06-20T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "e356ad1a-c8eb-4e1a-9293-056d34ddbeb4", "vulnerability": {"vulnId": "CVE-2017-1000170", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-20T00:00:00+00:00"}, "gcve": {"object_uuid": "e356ad1a-c8eb-4e1a-9293-056d34ddbeb4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-20T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-20T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: jqueryFileTree 2.1.5 and older Directory Traversal | Affected: jqueryFileTree / jqueryFileTree | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2017-1000170", "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000170"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-1000170"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "jqueryFileTree 2.1.5 and older Directory Traversal", "vendor": "jqueryFileTree", "product": "jqueryFileTree", "added_date": "2025-06-20T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a0afd231-f4af-4ba3-af17-843944d99d53", "vulnerability": {"vulnId": "CVE-2025-1974", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-20T00:00:00+00:00"}, "gcve": {"object_uuid": "a0afd231-f4af-4ba3-af17-843944d99d53", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-20T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-20T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: ingress-nginx admission controller RCE escalation | Affected: kubernetes / ingress-nginx | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-1974", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1974"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-1974"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "ingress-nginx admission controller RCE escalation", "vendor": "kubernetes", "product": "ingress-nginx", "added_date": "2025-06-20T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "d46cff69-483e-48b0-8cd0-5906d5cd8fc7", "vulnerability": {"vulnId": "CVE-2021-41293", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-20T00:00:00+00:00"}, "gcve": {"object_uuid": "d46cff69-483e-48b0-8cd0-5906d5cd8fc7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-20T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-20T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: ECOA BAS controller - Path Traversal-3 | Affected: ECOA / ECS Router Controller ECS (FLASH), RiskBuster Terminator E6L45, RiskBuster System RB 3.0.0, RiskBuster System TRANE 1.0, Graphic Control Software, SmartHome II E9246, RiskTerminator | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-41293", "url": "https://www.cve.org/CVERecord?id=CVE-2021-41293"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-41293"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "ECOA BAS controller - Path Traversal-3", "vendor": "ECOA", "product": "ECS Router Controller ECS (FLASH), RiskBuster Terminator E6L45, RiskBuster System RB 3.0.0, RiskBuster System TRANE 1.0, Graphic Control Software, SmartHome II E9246, RiskTerminator", "added_date": "2025-06-20T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "d7b235e9-cb64-40bb-8518-3d9fd47aa6ef", "vulnerability": {"vulnId": "CVE-2018-14912", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-20T00:00:00+00:00"}, "gcve": {"object_uuid": "d7b235e9-cb64-40bb-8518-3d9fd47aa6ef", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-20T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-20T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a... | Affected: Zx2c4 / CGit | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-14912", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14912"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-14912"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a...", "vendor": "Zx2c4", "product": "CGit", "added_date": "2025-06-20T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "b250f5b9-26f1-465f-af87-1b54d05b0576", "vulnerability": {"vulnId": "CVE-2020-11455", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-20T00:00:00+00:00"}, "gcve": {"object_uuid": "b250f5b9-26f1-465f-af87-1b54d05b0576", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-20T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-20T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php. | Affected: LimeSurvey / LimeSurvey | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-11455", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11455"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-11455"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.", "vendor": "LimeSurvey", "product": "LimeSurvey", "added_date": "2025-06-20T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "0331cccd-db28-495a-a6b9-322f4703e26b", "vulnerability": {"vulnId": "CVE-2018-11222", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-20T00:00:00+00:00"}, "gcve": {"object_uuid": "0331cccd-db28-495a-a6b9-322f4703e26b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-20T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-20T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php... | Affected: Artica / Pandora FMS | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-11222", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11222"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-11222"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php...", "vendor": "Artica", "product": "Pandora FMS", "added_date": "2025-06-20T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "d4e355c0-740c-4fa7-ad06-f53e656703f6", "vulnerability": {"vulnId": "CVE-2024-7120", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-19T00:00:00+00:00"}, "gcve": {"object_uuid": "d4e355c0-740c-4fa7-ad06-f53e656703f6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-19T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-19T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface list_base_config.php os command injection | Affected: Raisecom / MSG1200, MSG2100E, MSG2200, MSG2300 | CVSS: 5.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-7120", "url": "https://www.cve.org/CVERecord?id=CVE-2024-7120"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-7120"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface list_base_config.php os command injection", "vendor": "Raisecom", "product": "MSG1200, MSG2100E, MSG2200, MSG2300", "added_date": "2025-06-19T00:00:00.000Z", "cvss_score": 5.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "4c21366a-c5d5-489f-8f93-c91fe5fb0efa", "vulnerability": {"vulnId": "CVE-2025-23121", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-18T12:32:38+00:00"}, "gcve": {"object_uuid": "4c21366a-c5d5-489f-8f93-c91fe5fb0efa", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-18T12:32:38+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-18T12:32:38+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user | Affected: Veeam / Backup and Recovery | CVSS: 9.9 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-23121", "url": "https://www.cve.org/CVERecord?id=CVE-2025-23121"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-23121"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user", "vendor": "Veeam", "product": "Backup and Recovery", "added_date": "2025-06-18T12:32:38.000Z", "cvss_score": 9.9, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "71bb8cd4-934a-4d7f-9903-9ae74a843ef0", "vulnerability": {"vulnId": "CVE-2021-29442", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-18T00:00:00+00:00"}, "gcve": {"object_uuid": "71bb8cd4-934a-4d7f-9903-9ae74a843ef0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Authentication bypass | Affected: alibaba / nacos | CVSS: 8.6 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-29442", "url": "https://www.cve.org/CVERecord?id=CVE-2021-29442"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-29442"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Authentication bypass", "vendor": "alibaba", "product": "nacos", "added_date": "2025-06-18T00:00:00.000Z", "cvss_score": 8.6, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "6906484d-a1e7-41b0-b3d3-57a3c5e6d698", "vulnerability": {"vulnId": "CVE-2024-9644", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-18T00:00:00+00:00"}, "gcve": {"object_uuid": "6906484d-a1e7-41b0-b3d3-57a3c5e6d698", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Four-Faith F3x36 bapply.cgi Auth Bypass | Affected: Four-Faith / F3x36 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-9644", "url": "https://www.cve.org/CVERecord?id=CVE-2024-9644"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-9644"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Four-Faith F3x36 bapply.cgi Auth Bypass", "vendor": "Four-Faith", "product": "F3x36", "added_date": "2025-06-18T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "0326134b-80c4-4b93-86c3-0c749429d2cf", "vulnerability": {"vulnId": "CVE-2025-4123", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-17T15:00:06+00:00"}, "gcve": {"object_uuid": "0326134b-80c4-4b93-86c3-0c749429d2cf", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-17T15:00:06+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-17T15:00:06+00:00"}, "scope": {"notes": "KEVIntel entry: A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers... | Affected: Grafana / Grafana | CVSS: 7.6 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-4123", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4123"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-4123"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers...", "vendor": "Grafana", "product": "Grafana", "added_date": "2025-06-17T15:00:06.000Z", "cvss_score": 7.6, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "4f08eacc-3b70-4934-b50a-66d4f037e451", "vulnerability": {"vulnId": "CVE-2022-0540", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-17T00:00:00+00:00"}, "gcve": {"object_uuid": "4f08eacc-3b70-4934-b50a-66d4f037e451", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-17T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-17T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This... | Affected: Atlassian / Jira Core Server, Jira Software Server, Jira Software Data Center, Jira Service Management Server, Jira Service Management Data Center | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-0540", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0540"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-0540"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This...", "vendor": "Atlassian", "product": "Jira Core Server, Jira Software Server, Jira Software Data Center, Jira Service Management Server, Jira Service Management Data Center", "added_date": "2025-06-17T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "bf63cf3e-a6e6-49be-ba08-7165f7073e95", "vulnerability": {"vulnId": "CVE-2022-31847", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-17T00:00:00+00:00"}, "gcve": {"object_uuid": "bf63cf3e-a6e6-49be-ba08-7165f7073e95", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-17T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-17T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via... | Affected: WAVLINK / WN579 X3 | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-31847", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31847"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-31847"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via...", "vendor": "WAVLINK", "product": "WN579 X3", "added_date": "2025-06-17T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "174465a9-38d9-4ad8-85a5-80f9a4be6a17", "vulnerability": {"vulnId": "CVE-2022-39960", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-17T00:00:00+00:00"}, "gcve": {"object_uuid": "174465a9-38d9-4ad8-85a5-80f9a4be6a17", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-17T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-17T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to... | Affected: Atlassian / Jira | CVSS: 5.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-39960", "url": "https://www.cve.org/CVERecord?id=CVE-2022-39960"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-39960"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to...", "vendor": "Atlassian", "product": "Jira", "added_date": "2025-06-17T00:00:00.000Z", "cvss_score": 5.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "32511910-7b51-4b34-b93b-97d54760e6f0", "vulnerability": {"vulnId": "CVE-2022-48164", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-17T00:00:00+00:00"}, "gcve": {"object_uuid": "32511910-7b51-4b34-b93b-97d54760e6f0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-17T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-17T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to... | Affected: Wavlink / WL-WN533A8 | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-48164", "url": "https://www.cve.org/CVERecord?id=CVE-2022-48164"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-48164"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to...", "vendor": "Wavlink", "product": "WL-WN533A8", "added_date": "2025-06-17T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "e143b6d7-441e-484b-98b3-377a670abd7e", "vulnerability": {"vulnId": "CVE-2020-8209", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-14T00:00:00+00:00"}, "gcve": {"object_uuid": "e143b6d7-441e-484b-98b3-377a670abd7e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-14T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before... | Affected: Citrix / XenMobile Server | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-8209", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8209"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-8209"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before...", "vendor": "Citrix", "product": "XenMobile Server", "added_date": "2025-06-14T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "57207169-2275-4dc7-90f5-0fec873f84ea", "vulnerability": {"vulnId": "CVE-2020-8191", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-14T00:00:00+00:00"}, "gcve": {"object_uuid": "57207169-2275-4dc7-90f5-0fec873f84ea", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-14T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix... | Affected: Citrix / Citrix ADC and Citrix Gateway | CVSS: 6.1 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-8191", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8191"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-8191"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix...", "vendor": "Citrix", "product": "Citrix ADC and Citrix Gateway", "added_date": "2025-06-14T00:00:00.000Z", "cvss_score": 6.1, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "3ea72056-b9ec-40ef-bc78-05e7cad00f03", "vulnerability": {"vulnId": "CVE-2019-12987", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-13T00:00:00+00:00"}, "gcve": {"object_uuid": "3ea72056-b9ec-40ef-bc78-05e7cad00f03", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6). | Affected: Citrix / SD-WAN | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2019-12987", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12987"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-12987"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6).", "vendor": "Citrix", "product": "SD-WAN", "added_date": "2025-06-13T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "c33bcec8-5659-419b-9e7e-d53b051f13fd", "vulnerability": {"vulnId": "CVE-2019-12985", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-13T00:00:00+00:00"}, "gcve": {"object_uuid": "c33bcec8-5659-419b-9e7e-d53b051f13fd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6). | Affected: Citrix / SD-WAN | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2019-12985", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12985"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-12985"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6).", "vendor": "Citrix", "product": "SD-WAN", "added_date": "2025-06-13T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "2df2fabb-8ab3-4790-82bf-2ec11020069f", "vulnerability": {"vulnId": "CVE-2019-12986", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-13T00:00:00+00:00"}, "gcve": {"object_uuid": "2df2fabb-8ab3-4790-82bf-2ec11020069f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6). | Affected: Citrix / SD-WAN | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2019-12986", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12986"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-12986"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6).", "vendor": "Citrix", "product": "SD-WAN", "added_date": "2025-06-13T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "84fea293-6ea2-4cc6-b6f2-1c6dd2b65f62", "vulnerability": {"vulnId": "CVE-2019-12990", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-13T00:00:00+00:00"}, "gcve": {"object_uuid": "84fea293-6ea2-4cc6-b6f2-1c6dd2b65f62", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal. | Affected: Citrix / SD-WAN | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2019-12990", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12990"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-12990"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal.", "vendor": "Citrix", "product": "SD-WAN", "added_date": "2025-06-13T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "5b61db64-54b9-422d-b685-c2c4f1be0c2f", "vulnerability": {"vulnId": "CVE-2021-20837", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-13T00:00:00+00:00"}, "gcve": {"object_uuid": "5b61db64-54b9-422d-b685-c2c4f1be0c2f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002... | Affected: Six Apart Ltd. / Movable Type | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-20837", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20837"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-20837"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002...", "vendor": "Six Apart Ltd.", "product": "Movable Type", "added_date": "2025-06-13T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "9067c34f-976d-4d32-a5ea-f53bc834a2c4", "vulnerability": {"vulnId": "CVE-2021-34624", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-12T00:00:00+00:00"}, "gcve": {"object_uuid": "9067c34f-976d-4d32-a5ea-f53bc834a2c4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-12T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-12T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: ProfilePress 3.0 - 3.1.3 - Arbitrary File Upload in File Uploader Component | Affected: ProfilePress / ProfilePress | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-34624", "url": "https://www.cve.org/CVERecord?id=CVE-2021-34624"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-34624"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "ProfilePress 3.0 - 3.1.3 - Arbitrary File Upload in File Uploader Component", "vendor": "ProfilePress", "product": "ProfilePress", "added_date": "2025-06-12T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "724e74d8-78de-4f55-907c-c87b4367ef0c", "vulnerability": {"vulnId": "CVE-2023-1020", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-12T00:00:00+00:00"}, "gcve": {"object_uuid": "724e74d8-78de-4f55-907c-c87b4367ef0c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-12T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-12T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated SQLi | Affected: Unknown / Steveas WP Live Chat Shoutbox | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-1020", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1020"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-1020"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated SQLi", "vendor": "Unknown", "product": "Steveas WP Live Chat Shoutbox", "added_date": "2025-06-12T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "0f7e9dbb-cf7e-403e-946b-39c340d6845f", "vulnerability": {"vulnId": "CVE-2025-32713", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-11T07:01:39+00:00"}, "gcve": {"object_uuid": "0f7e9dbb-cf7e-403e-946b-39c340d6845f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-11T07:01:39+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-11T07:01:39+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Common Log File System Driver Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-32713", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32713"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-32713"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2025-06-11T07:01:39.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "faafa126-7e61-4811-888f-fe1f2cc4f180", "vulnerability": {"vulnId": "CVE-2025-29828", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-11T07:01:39+00:00"}, "gcve": {"object_uuid": "faafa126-7e61-4811-888f-fe1f2cc4f180", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-11T07:01:39+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-11T07:01:39+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Schannel Remote Code Execution Vulnerability | Affected: Microsoft / Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 8.1 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-29828", "url": "https://www.cve.org/CVERecord?id=CVE-2025-29828"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-29828"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Schannel Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2025-06-11T07:01:39.000Z", "cvss_score": 8.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "016865d2-e899-4020-b63e-f2c76dbebca7", "vulnerability": {"vulnId": "CVE-2025-47162", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-11T07:01:39+00:00"}, "gcve": {"object_uuid": "016865d2-e899-4020-b63e-f2c76dbebca7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-11T07:01:39+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-11T07:01:39+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Office Remote Code Execution Vulnerability | Affected: Microsoft / Microsoft 365 Apps for Enterprise, Microsoft Office 2016, Microsoft Office 2019, Microsoft Office for Android, Microsoft Office LTSC 2021, Microsoft Office LTSC 2024, Microsoft Office LTSC for Mac 2021, Microsoft Office LTSC for Mac 2024 | CVSS: 8.4 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-47162", "url": "https://www.cve.org/CVERecord?id=CVE-2025-47162"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-47162"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Office Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Microsoft 365 Apps for Enterprise, Microsoft Office 2016, Microsoft Office 2019, Microsoft Office for Android, Microsoft Office LTSC 2021, Microsoft Office LTSC 2024, Microsoft Office LTSC for Mac 2021, Microsoft Office LTSC for Mac 2024", "added_date": "2025-06-11T07:01:39.000Z", "cvss_score": 8.4, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "95d559e4-6932-4165-8df5-3fc04ffa35c8", "vulnerability": {"vulnId": "CVE-2025-3052", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-11T07:01:39+00:00"}, "gcve": {"object_uuid": "95d559e4-6932-4165-8df5-3fc04ffa35c8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-11T07:01:39+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-11T07:01:39+00:00"}, "scope": {"notes": "KEVIntel entry: An arbitrary write vulnerability in Microsoft signed UEFI firmware from DT Research Inc. | Affected: DT Research / BiosFlashShell, Dtbios | CVSS: 8.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-3052", "url": "https://www.cve.org/CVERecord?id=CVE-2025-3052"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-3052"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An arbitrary write vulnerability in Microsoft signed UEFI firmware from DT Research Inc.", "vendor": "DT Research", "product": "BiosFlashShell, Dtbios", "added_date": "2025-06-11T07:01:39.000Z", "cvss_score": 8.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "54e5b6e8-9b92-409d-b263-ec1d386397a3", "vulnerability": {"vulnId": "CVE-2025-47172", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-11T07:01:39+00:00"}, "gcve": {"object_uuid": "54e5b6e8-9b92-409d-b263-ec1d386397a3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-11T07:01:39+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-11T07:01:39+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft SharePoint Server Remote Code Execution Vulnerability | Affected: Microsoft / Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-47172", "url": "https://www.cve.org/CVERecord?id=CVE-2025-47172"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-47172"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft SharePoint Server Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition", "added_date": "2025-06-11T07:01:39.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "46eb3119-2ccd-4a3b-9838-a95d782e70ff", "vulnerability": {"vulnId": "CVE-2025-33070", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-11T07:01:39+00:00"}, "gcve": {"object_uuid": "46eb3119-2ccd-4a3b-9838-a95d782e70ff", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-11T07:01:39+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-11T07:01:39+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Netlogon Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 8.1 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-33070", "url": "https://www.cve.org/CVERecord?id=CVE-2025-33070"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-33070"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Netlogon Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2025-06-11T07:01:39.000Z", "cvss_score": 8.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "92fc1d30-cca3-412a-a9c3-fc84118a57c7", "vulnerability": {"vulnId": "CVE-2025-33071", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-11T07:01:39+00:00"}, "gcve": {"object_uuid": "92fc1d30-cca3-412a-a9c3-fc84118a57c7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-11T07:01:39+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-11T07:01:39+00:00"}, "scope": {"notes": "KEVIntel entry: Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability | Affected: Microsoft / Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 8.1 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-33071", "url": "https://www.cve.org/CVERecord?id=CVE-2025-33071"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-33071"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2025-06-11T07:01:39.000Z", "cvss_score": 8.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "472ba204-a5b5-431a-ab5a-be98aa4bc91b", "vulnerability": {"vulnId": "CVE-2021-29203", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-11T00:00:00+00:00"}, "gcve": {"object_uuid": "472ba204-a5b5-431a-ab5a-be98aa4bc91b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management... | Affected: Hewlett Packard Enterprise / HPE Edgeline Infrastructure Manager | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-29203", "url": "https://www.cve.org/CVERecord?id=CVE-2021-29203"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-29203"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management...", "vendor": "Hewlett Packard Enterprise", "product": "HPE Edgeline Infrastructure Manager", "added_date": "2025-06-11T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "bdb1971d-323f-4fd7-96ce-75650aed510f", "vulnerability": {"vulnId": "CVE-2021-24762", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-11T00:00:00+00:00"}, "gcve": {"object_uuid": "bdb1971d-323f-4fd7-96ce-75650aed510f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Perfect Survey < 1.5.2 - Unauthenticated SQL Injection | Affected: Unknown / Perfect Survey | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-24762", "url": "https://www.cve.org/CVERecord?id=CVE-2021-24762"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-24762"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Perfect Survey < 1.5.2 - Unauthenticated SQL Injection", "vendor": "Unknown", "product": "Perfect Survey", "added_date": "2025-06-11T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "9c6af336-66bc-40a0-b2c4-684dd1f244e1", "vulnerability": {"vulnId": "CVE-2021-24499", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-11T00:00:00+00:00"}, "gcve": {"object_uuid": "9c6af336-66bc-40a0-b2c4-684dd1f244e1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Workreap theme < 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution | Affected: Unknown / Workreap | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-24499", "url": "https://www.cve.org/CVERecord?id=CVE-2021-24499"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-24499"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Workreap theme < 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution", "vendor": "Unknown", "product": "Workreap", "added_date": "2025-06-11T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "7155f03b-498f-4211-8f43-aa4d3bfed634", "vulnerability": {"vulnId": "CVE-2021-36356", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-11T00:00:00+00:00"}, "gcve": {"object_uuid": "7155f03b-498f-4211-8f43-aa4d3bfed634", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts... | Affected: KRAMER / VIAware | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-36356", "url": "https://www.cve.org/CVERecord?id=CVE-2021-36356"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-36356"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts...", "vendor": "KRAMER", "product": "VIAware", "added_date": "2025-06-11T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "41e8e23e-290a-440f-8888-0ed35bfa56f4", "vulnerability": {"vulnId": "CVE-2021-21234", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-10T00:00:00+00:00"}, "gcve": {"object_uuid": "41e8e23e-290a-440f-8888-0ed35bfa56f4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Directory Traversal | Affected: lukashinsch / spring-boot-actuator-logview | CVSS: 7.7 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-21234", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21234"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-21234"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Directory Traversal", "vendor": "lukashinsch", "product": "spring-boot-actuator-logview", "added_date": "2025-06-10T00:00:00.000Z", "cvss_score": 7.7, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "ca6241af-7b48-43d8-832e-d332fbe24699", "vulnerability": {"vulnId": "CVE-2024-32735", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-10T00:00:00+00:00"}, "gcve": {"object_uuid": "ca6241af-7b48-43d8-832e-d332fbe24699", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: CyberPower PowerPanel Enterprise Missing Authentication | Affected: CyberPower / CyberPower PowerPanel Enterprise | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-32735", "url": "https://www.cve.org/CVERecord?id=CVE-2024-32735"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-32735"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "CyberPower PowerPanel Enterprise Missing Authentication", "vendor": "CyberPower", "product": "CyberPower PowerPanel Enterprise", "added_date": "2025-06-10T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "3904c4cd-6cb7-4574-a8a1-83c082eb8a04", "vulnerability": {"vulnId": "CVE-2009-0545", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-10T00:00:00+00:00"}, "gcve": {"object_uuid": "3904c4cd-6cb7-4574-a8a1-83c082eb8a04", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type... | Affected: ZeroShell / ZeroShell | CVSS: 10.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2009-0545", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0545"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2009-0545"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type...", "vendor": "ZeroShell", "product": "ZeroShell", "added_date": "2025-06-10T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a7334689-ae33-449a-a5dc-f815e594f669", "vulnerability": {"vulnId": "CVE-2023-47248", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-09T00:00:00+00:00"}, "gcve": {"object_uuid": "a7334689-ae33-449a-a5dc-f815e594f669", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-09T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-09T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: PyArrow, PyArrow: Arbitrary code execution when loading a malicious data file | Affected: Apache Software Foundation / PyArrow | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-47248", "url": "https://www.cve.org/CVERecord?id=CVE-2023-47248"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-47248"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "PyArrow, PyArrow: Arbitrary code execution when loading a malicious data file", "vendor": "Apache Software Foundation", "product": "PyArrow", "added_date": "2025-06-09T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "6daf9866-7376-420d-b5fc-ba76df9f586e", "vulnerability": {"vulnId": "CVE-2020-13942", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-09T00:00:00+00:00"}, "gcve": {"object_uuid": "6daf9866-7376-420d-b5fc-ba76df9f586e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-09T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-09T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Remote Code Execution in Apache Unomi | Affected: Apache Software Foundation / Apache Unomi | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-13942", "url": "https://www.cve.org/CVERecord?id=CVE-2020-13942"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-13942"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Remote Code Execution in Apache Unomi", "vendor": "Apache Software Foundation", "product": "Apache Unomi", "added_date": "2025-06-09T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "6923fcd3-4d8f-447d-99f5-b8fc6b535db9", "vulnerability": {"vulnId": "CVE-2020-11546", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "6923fcd3-4d8f-447d-99f5-b8fc6b535db9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An... | Affected: SuperWebMailer / SuperWebMailer | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-11546", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11546"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-11546"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An...", "vendor": "SuperWebMailer", "product": "SuperWebMailer", "added_date": "2025-06-08T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "4cb51556-0c13-4549-a541-32ba15305bf4", "vulnerability": {"vulnId": "CVE-2019-1821", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "4cb51556-0c13-4549-a541-32ba15305bf4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities | Affected: Cisco / Cisco Prime Infrastructure | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2019-1821", "url": "https://www.cve.org/CVERecord?id=CVE-2019-1821"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-1821"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities", "vendor": "Cisco", "product": "Cisco Prime Infrastructure", "added_date": "2025-06-08T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "231cccac-1bfd-4086-89fb-477a6c0ef494", "vulnerability": {"vulnId": "CVE-2019-18818", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "231cccac-1bfd-4086-89fb-477a6c0ef494", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and... | Affected: strapi / strapi | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2019-18818", "url": "https://www.cve.org/CVERecord?id=CVE-2019-18818"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-18818"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and...", "vendor": "strapi", "product": "strapi", "added_date": "2025-06-08T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "89f6654d-ec7e-417a-83d4-1cf9803e26b6", "vulnerability": {"vulnId": "CVE-2018-3810", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-07T00:00:00+00:00"}, "gcve": {"object_uuid": "89f6654d-ec7e-417a-83d4-1cf9803e26b6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to... | Affected: Oturia / Smart Google Code Inserter | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-3810", "url": "https://www.cve.org/CVERecord?id=CVE-2018-3810"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-3810"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to...", "vendor": "Oturia", "product": "Smart Google Code Inserter", "added_date": "2025-06-07T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "620fee6c-b8c2-4058-8eef-0f223af1764c", "vulnerability": {"vulnId": "CVE-2014-3206", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-07T00:00:00+00:00"}, "gcve": {"object_uuid": "620fee6c-b8c2-4058-8eef-0f223af1764c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the... | Affected: Seagate / BlackArmor NAS | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2014-3206", "url": "https://www.cve.org/CVERecord?id=CVE-2014-3206"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-3206"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the...", "vendor": "Seagate", "product": "BlackArmor NAS", "added_date": "2025-06-07T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "33bcd840-314b-44b2-ac0b-90cd13326568", "vulnerability": {"vulnId": "CVE-2020-36112", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-07T00:00:00+00:00"}, "gcve": {"object_uuid": "33bcd840-314b-44b2-ac0b-90cd13326568", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in... | Affected: CSE / Bookstore | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-36112", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36112"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-36112"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in...", "vendor": "CSE", "product": "Bookstore", "added_date": "2025-06-07T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "44330e8c-96e2-4bdb-b384-701c5e261f6d", "vulnerability": {"vulnId": "CVE-2018-2894", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-07T00:00:00+00:00"}, "gcve": {"object_uuid": "44330e8c-96e2-4bdb-b384-701c5e261f6d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are... | Affected: Oracle Corporation / WebLogic Server | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-2894", "url": "https://www.cve.org/CVERecord?id=CVE-2018-2894"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-2894"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are...", "vendor": "Oracle Corporation", "product": "WebLogic Server", "added_date": "2025-06-07T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "1f647c15-aa2b-48d0-ae18-f13e0ffdf367", "vulnerability": {"vulnId": "CVE-2022-0867", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-07T00:00:00+00:00"}, "gcve": {"object_uuid": "1f647c15-aa2b-48d0-ae18-f13e0ffdf367", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: ARPrice Lite < 3.6.1 - Unauthenticated SQLi | Affected: Unknown / Pricing Table Plugin | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-0867", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0867"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-0867"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "ARPrice Lite < 3.6.1 - Unauthenticated SQLi", "vendor": "Unknown", "product": "Pricing Table Plugin", "added_date": "2025-06-07T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "4e907660-ecfc-4954-91f6-f1468725f996", "vulnerability": {"vulnId": "CVE-2018-10942", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-07T00:00:00+00:00"}, "gcve": {"object_uuid": "4e907660-ecfc-4954-91f6-f1468725f996", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: modules/attributewizardpro/file_upload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4.0.1 through 1.6.1.18 allows remote attackers to... | Affected: PrestaShop / Attribute Wizard addon | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-10942", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10942"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-10942"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "modules/attributewizardpro/file_upload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4.0.1 through 1.6.1.18 allows remote attackers to...", "vendor": "PrestaShop", "product": "Attribute Wizard addon", "added_date": "2025-06-07T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "56f352d1-9d75-45ef-ab4f-35c2ffdad79a", "vulnerability": {"vulnId": "CVE-2021-30168", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-06T00:00:00+00:00"}, "gcve": {"object_uuid": "56f352d1-9d75-45ef-ab4f-35c2ffdad79a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-06T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: MERIT LILIN ENT.CO.,LTD. P2/Z2/P3/Z3 IP camera - Sensitive Data Exposure-1 | Affected: MERIT LILIN ENT.CO.,LTD. / P2/Z2/P3/Z3 IP camera firmware | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-30168", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30168"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-30168"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "MERIT LILIN ENT.CO.,LTD. P2/Z2/P3/Z3 IP camera - Sensitive Data Exposure-1", "vendor": "MERIT LILIN ENT.CO.,LTD.", "product": "P2/Z2/P3/Z3 IP camera firmware", "added_date": "2025-06-06T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a58a143a-ccae-4e5e-a5de-8d13b44480bb", "vulnerability": {"vulnId": "CVE-2018-16763", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-06T00:00:00+00:00"}, "gcve": {"object_uuid": "a58a143a-ccae-4e5e-a5de-8d13b44480bb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-06T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote... | Affected: Daylight Studio / FUEL CMS | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-16763", "url": "https://www.cve.org/CVERecord?id=CVE-2018-16763"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-16763"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote...", "vendor": "Daylight Studio", "product": "FUEL CMS", "added_date": "2025-06-06T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "85589222-a6a8-41d3-95d4-508b1e8468da", "vulnerability": {"vulnId": "CVE-2022-0786", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-06T00:00:00+00:00"}, "gcve": {"object_uuid": "85589222-a6a8-41d3-95d4-508b1e8468da", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-06T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: KiviCare < 2.3.9 - Unauthenticated SQLi | Affected: Unknown / KiviCare \u2013 Clinic & Patient Management System (EHR) | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-0786", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0786"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-0786"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "KiviCare < 2.3.9 - Unauthenticated SQLi", "vendor": "Unknown", "product": "KiviCare \u2013 Clinic & Patient Management System (EHR)", "added_date": "2025-06-06T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "652bf166-bbbd-40b0-b81d-a67d965e0cb7", "vulnerability": {"vulnId": "CVE-2022-41840", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-06T00:00:00+00:00"}, "gcve": {"object_uuid": "652bf166-bbbd-40b0-b81d-a67d965e0cb7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-06T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: WordPress Welcart eCommerce plugin <= 2.7.7 - Unauth. Directory Traversal vulnerability | Affected: Collne Inc. / Welcart e-Commerce (WordPress plugin) | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-41840", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41840"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-41840"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WordPress Welcart eCommerce plugin <= 2.7.7 - Unauth. Directory Traversal vulnerability", "vendor": "Collne Inc.", "product": "Welcart e-Commerce (WordPress plugin)", "added_date": "2025-06-06T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "80e20367-6c79-401a-8ce9-99ac4bddc284", "vulnerability": {"vulnId": "CVE-2022-24260", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-06T00:00:00+00:00"}, "gcve": {"object_uuid": "80e20367-6c79-401a-8ce9-99ac4bddc284", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-06T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level. | Affected: Voipmonitor / Voipmonitor GUI | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-24260", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24260"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-24260"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level.", "vendor": "Voipmonitor", "product": "Voipmonitor GUI", "added_date": "2025-06-06T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "8608318b-2bc7-4a53-8ebe-b2291f477509", "vulnerability": {"vulnId": "CVE-2022-25369", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-06T00:00:00+00:00"}, "gcve": {"object_uuid": "8608318b-2bc7-4a53-8ebe-b2291f477509", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-06T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in Dynamicweb before 9.12.8. An attacker can add a new administrator user without authentication. This flaw exists due to a... | Affected: Dynamicweb / Dynamicweb | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-25369", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25369"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-25369"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in Dynamicweb before 9.12.8. An attacker can add a new administrator user without authentication. This flaw exists due to a...", "vendor": "Dynamicweb", "product": "Dynamicweb", "added_date": "2025-06-06T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "56dd9606-081b-415f-98a8-c86d5c410243", "vulnerability": {"vulnId": "CVE-2020-10548", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-06T00:00:00+00:00"}, "gcve": {"object_uuid": "56dd9606-081b-415f-98a8-c86d5c410243", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-06T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in... | Affected: rConfig / rConfig | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-10548", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10548"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-10548"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in...", "vendor": "rConfig", "product": "rConfig", "added_date": "2025-06-06T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "64ed8552-4d50-4249-97f4-9168dd15f056", "vulnerability": {"vulnId": "CVE-2023-2648", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-05T09:08:41+00:00"}, "gcve": {"object_uuid": "64ed8552-4d50-4249-97f4-9168dd15f056", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-05T09:08:41+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-05T09:08:41+00:00"}, "scope": {"notes": "KEVIntel entry: Weaver E-Office uploadify.php unrestricted upload | Affected: Weaver / E-Office | CVSS: 6.3 (MEDIUM) | EPSS: 0.92333 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-2648", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2648"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-2648"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Weaver E-Office uploadify.php unrestricted upload", "vendor": "Weaver", "product": "E-Office", "added_date": "2025-06-05T09:08:41.357Z", "cvss_score": 6.3, "epss_score": 0.92333, "cvss_severity": "MEDIUM", "epss_percentile": 0.99709, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "549b6faf-8afb-4c96-86f8-3b5bd95faec3", "vulnerability": {"vulnId": "CVE-2024-11238", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-05T09:08:33+00:00"}, "gcve": {"object_uuid": "549b6faf-8afb-4c96-86f8-3b5bd95faec3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-05T09:08:33+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-05T09:08:33+00:00"}, "scope": {"notes": "KEVIntel entry: Landray EKP sysUiComponent.do delPreviewFile path traversal | Affected: Landray / EKP | CVSS: 6.9 (MEDIUM) | EPSS: 0.0024 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-11238", "url": "https://www.cve.org/CVERecord?id=CVE-2024-11238"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-11238"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Landray EKP sysUiComponent.do delPreviewFile path traversal", "vendor": "Landray", "product": "EKP", "added_date": "2025-06-05T09:08:33.869Z", "cvss_score": 6.9, "epss_score": 0.0024, "cvss_severity": "MEDIUM", "epss_percentile": 0.47175, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "4dd850e0-091d-4c7c-8d0a-5ffa4f5c68ff", "vulnerability": {"vulnId": "CVE-2023-47218", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-05T09:08:26+00:00"}, "gcve": {"object_uuid": "4dd850e0-091d-4c7c-8d0a-5ffa4f5c68ff", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-05T09:08:26+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-05T09:08:26+00:00"}, "scope": {"notes": "KEVIntel entry: QTS, QuTS hero, QuTScloud | Affected: QNAP Systems Inc. / QTS, QuTS hero, QuTScloud | CVSS: 5.8 (MEDIUM) | EPSS: 0.92646 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-47218", "url": "https://www.cve.org/CVERecord?id=CVE-2023-47218"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-47218"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "QTS, QuTS hero, QuTScloud", "vendor": "QNAP Systems Inc.", "product": "QTS, QuTS hero, QuTScloud", "added_date": "2025-06-05T09:08:26.504Z", "cvss_score": 5.8, "epss_score": 0.92646, "cvss_severity": "MEDIUM", "epss_percentile": 0.99734, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "1a888bd7-2205-4bb7-a0d4-338bde691ab4", "vulnerability": {"vulnId": "CVE-2022-2487", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-05T09:08:19+00:00"}, "gcve": {"object_uuid": "1a888bd7-2205-4bb7-a0d4-338bde691ab4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-05T09:08:19+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-05T09:08:19+00:00"}, "scope": {"notes": "KEVIntel entry: WAVLINK WN535K2/WN535K3 nightled.cgi os command injection | Affected: WAVLINK / WN535K2, WN535K3 | CVSS: 8.0 (HIGH) | EPSS: 0.94158 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-2487", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2487"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-2487"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WAVLINK WN535K2/WN535K3 nightled.cgi os command injection", "vendor": "WAVLINK", "product": "WN535K2, WN535K3", "added_date": "2025-06-05T09:08:19.477Z", "cvss_score": 8.0, "epss_score": 0.94158, "cvss_severity": "HIGH", "epss_percentile": 0.99901, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "079c2576-e6eb-4c80-83f2-965f949eb773", "vulnerability": {"vulnId": "CVE-2020-7980", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-05T09:08:12+00:00"}, "gcve": {"object_uuid": "079c2576-e6eb-4c80-83f2-965f949eb773", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-05T09:08:12+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-05T09:08:12+00:00"}, "scope": {"notes": "KEVIntel entry: Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI.... | Affected: Intellian / Aptus Web | CVSS: 9.8 (CRITICAL) | EPSS: 0.93352 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-7980", "url": "https://www.cve.org/CVERecord?id=CVE-2020-7980"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-7980"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI....", "vendor": "Intellian", "product": "Aptus Web", "added_date": "2025-06-05T09:08:12.401Z", "cvss_score": 9.8, "epss_score": 0.93352, "cvss_severity": "CRITICAL", "epss_percentile": 0.99801, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "5db8d4cf-e68f-4cc2-8858-1ba4c28f1fe6", "vulnerability": {"vulnId": "CVE-2023-32563", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-05T09:08:04+00:00"}, "gcve": {"object_uuid": "5db8d4cf-e68f-4cc2-8858-1ba4c28f1fe6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-05T09:08:04+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-05T09:08:04+00:00"}, "scope": {"notes": "KEVIntel entry: An unauthenticated attacker could achieve the code execution through a RemoteControl server. | Affected: Ivanti / Avalanche | CVSS: 9.8 (CRITICAL) | EPSS: 0.9289 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-32563", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32563"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-32563"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An unauthenticated attacker could achieve the code execution through a RemoteControl server.", "vendor": "Ivanti", "product": "Avalanche", "added_date": "2025-06-05T09:08:04.933Z", "cvss_score": 9.8, "epss_score": 0.9289, "cvss_severity": "CRITICAL", "epss_percentile": 0.99759, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "9bb825f5-9f8b-4ec9-9048-afa8d74bc169", "vulnerability": {"vulnId": "CVE-2013-7091", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-05T09:07:57+00:00"}, "gcve": {"object_uuid": "9bb825f5-9f8b-4ec9-9048-afa8d74bc169", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-05T09:07:57+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-05T09:07:57+00:00"}, "scope": {"notes": "KEVIntel entry: Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows... | Affected: Zimbra / Zimbra Collaboration Suite | CVSS: 5.0 (MEDIUM) | EPSS: 0.92144 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2013-7091", "url": "https://www.cve.org/CVERecord?id=CVE-2013-7091"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-7091"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows...", "vendor": "Zimbra", "product": "Zimbra Collaboration Suite", "added_date": "2025-06-05T09:07:57.969Z", "cvss_score": 5.0, "epss_score": 0.92144, "cvss_severity": "MEDIUM", "epss_percentile": 0.99692, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "8d543945-5df7-42bd-a21a-ed32aa921aa5", "vulnerability": {"vulnId": "CVE-2020-15568", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-05T09:07:50+00:00"}, "gcve": {"object_uuid": "8d543945-5df7-42bd-a21a-ed32aa921aa5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-05T09:07:50+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-05T09:07:50+00:00"}, "scope": {"notes": "KEVIntel entry: TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation... | Affected: TerraMaster / TOS | CVSS: 9.8 (CRITICAL) | EPSS: 0.9312 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-15568", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15568"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-15568"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation...", "vendor": "TerraMaster", "product": "TOS", "added_date": "2025-06-05T09:07:50.716Z", "cvss_score": 9.8, "epss_score": 0.9312, "cvss_severity": "CRITICAL", "epss_percentile": 0.9978, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "bf1c2845-7c9d-4c5f-9131-f0d3d6e5ce62", "vulnerability": {"vulnId": "CVE-2022-0760", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-05T09:07:43+00:00"}, "gcve": {"object_uuid": "bf1c2845-7c9d-4c5f-9131-f0d3d6e5ce62", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-05T09:07:43+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-05T09:07:43+00:00"}, "scope": {"notes": "KEVIntel entry: Simple Link Directory < 7.7.2 - Unauthenticated SQL injection | Affected: Unknown / Simple Link Directory | CVSS: 9.8 (CRITICAL) | EPSS: 0.77716 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-0760", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0760"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-0760"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Simple Link Directory < 7.7.2 - Unauthenticated SQL injection", "vendor": "Unknown", "product": "Simple Link Directory", "added_date": "2025-06-05T09:07:43.354Z", "cvss_score": 9.8, "epss_score": 0.77716, "cvss_severity": "CRITICAL", "epss_percentile": 0.98927, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "182478ef-2471-4df0-947c-29e535158e26", "vulnerability": {"vulnId": "CVE-2021-43711", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-05T09:07:36+00:00"}, "gcve": {"object_uuid": "182478ef-2471-4df0-947c-29e535158e26", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-05T09:07:36+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-05T09:07:36+00:00"}, "scope": {"notes": "KEVIntel entry: The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. The... | Affected: TOTOLINK / EX200 | CVSS: 9.8 (CRITICAL) | EPSS: 0.15398 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-43711", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43711"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-43711"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. The...", "vendor": "TOTOLINK", "product": "EX200", "added_date": "2025-06-05T09:07:36.025Z", "cvss_score": 9.8, "epss_score": 0.15398, "cvss_severity": "CRITICAL", "epss_percentile": 0.94275, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "4f3ed44c-f42b-401e-bf7b-45535c88dd5a", "vulnerability": {"vulnId": "CVE-2021-27964", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-05T00:00:00+00:00"}, "gcve": {"object_uuid": "4f3ed44c-f42b-401e-bf7b-45535c88dd5a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-05T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to... | Affected: SonLogger / SonLogger | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-27964", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27964"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-27964"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to...", "vendor": "SonLogger", "product": "SonLogger", "added_date": "2025-06-05T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "8ff30059-6118-4e5e-acd0-ce3256774740", "vulnerability": {"vulnId": "CVE-2022-4050", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-05T00:00:00+00:00"}, "gcve": {"object_uuid": "8ff30059-6118-4e5e-acd0-ce3256774740", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-05T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: JoomSport < 5.2.8 - Unauthenticated SQLi | Affected: Unknown / JoomSport | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-4050", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4050"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-4050"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "JoomSport < 5.2.8 - Unauthenticated SQLi", "vendor": "Unknown", "product": "JoomSport", "added_date": "2025-06-05T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "6021ade7-ae6f-4734-aaff-e87415c9e94e", "vulnerability": {"vulnId": "CVE-2018-12031", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-05T00:00:00+00:00"}, "gcve": {"object_uuid": "6021ade7-ae6f-4734-aaff-e87415c9e94e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-05T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory... | Affected: Eaton / Intelligent Power Manager | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-12031", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12031"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-12031"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory...", "vendor": "Eaton", "product": "Intelligent Power Manager", "added_date": "2025-06-05T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "74bc8b4c-a405-42c6-94e3-0a96c461cd40", "vulnerability": {"vulnId": "CVE-2022-0846", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-05T00:00:00+00:00"}, "gcve": {"object_uuid": "74bc8b4c-a405-42c6-94e3-0a96c461cd40", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-05T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SpeakOut! Email Petitions < 2.14.15.1 - Unauthenticated SQLi | Affected: Unknown / SpeakOut! Email Petitions | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-0846", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0846"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-0846"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SpeakOut! Email Petitions < 2.14.15.1 - Unauthenticated SQLi", "vendor": "Unknown", "product": "SpeakOut! Email Petitions", "added_date": "2025-06-05T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "3ebef1a6-9edd-4fad-8fc0-1059c2b7113d", "vulnerability": {"vulnId": "CVE-2023-27482", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-05T00:00:00+00:00"}, "gcve": {"object_uuid": "3ebef1a6-9edd-4fad-8fc0-1059c2b7113d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-05T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor... | Affected: home-assistant / core, supervisor | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-27482", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27482"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-27482"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor...", "vendor": "home-assistant", "product": "core, supervisor", "added_date": "2025-06-05T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "2a3dc38b-f322-4094-abba-a84a852888c8", "vulnerability": {"vulnId": "CVE-2022-25322", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-05T00:00:00+00:00"}, "gcve": {"object_uuid": "2a3dc38b-f322-4094-abba-a84a852888c8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-05T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: ZEROF Web Server 2.0 allows /HandleEvent SQL Injection. | Affected: ZEROF / Web Server 2.0 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-25322", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25322"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-25322"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "ZEROF Web Server 2.0 allows /HandleEvent SQL Injection.", "vendor": "ZEROF", "product": "Web Server 2.0", "added_date": "2025-06-05T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "1a275e9a-246c-4030-8ccf-33b49e4bafa6", "vulnerability": {"vulnId": "CVE-2022-0769", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-05T00:00:00+00:00"}, "gcve": {"object_uuid": "1a275e9a-246c-4030-8ccf-33b49e4bafa6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-05T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Users Ultra <= 3.1.0 - Unauthenticated SQL Injection | Affected: Unknown / Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-0769", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0769"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-0769"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Users Ultra <= 3.1.0 - Unauthenticated SQL Injection", "vendor": "Unknown", "product": "Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin", "added_date": "2025-06-05T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "63c528b7-0ab7-4d19-90f3-35bfe4dbefe9", "vulnerability": {"vulnId": "CVE-2022-35413", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-05T00:00:00+00:00"}, "gcve": {"object_uuid": "63c528b7-0ab7-4d19-90f3-35bfe4dbefe9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-05T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential... | Affected: Penta Security Systems Inc. / WAPPLES | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-35413", "url": "https://www.cve.org/CVERecord?id=CVE-2022-35413"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-35413"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential...", "vendor": "Penta Security Systems Inc.", "product": "WAPPLES", "added_date": "2025-06-05T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "0dd2fbb5-8b34-4800-81cf-bc46e5049fff", "vulnerability": {"vulnId": "CVE-2020-35131", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-05T00:00:00+00:00"}, "gcve": {"object_uuid": "0dd2fbb5-8b34-4800-81cf-bc46e5049fff", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-05T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in... | Affected: Agentejo / Cockpit | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-35131", "url": "https://www.cve.org/CVERecord?id=CVE-2020-35131"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-35131"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in...", "vendor": "Agentejo", "product": "Cockpit", "added_date": "2025-06-05T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "90da7017-f8a7-45ce-8366-1c1689af16f4", "vulnerability": {"vulnId": "CVE-2023-41109", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-05T00:00:00+00:00"}, "gcve": {"object_uuid": "90da7017-f8a7-45ce-8366-1c1689af16f4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-05T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Command Injection. | Affected: SmartNode / SN200 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-41109", "url": "https://www.cve.org/CVERecord?id=CVE-2023-41109"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-41109"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Command Injection.", "vendor": "SmartNode", "product": "SN200", "added_date": "2025-06-05T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "7c9e227a-98a3-4b1e-8d1f-0d1565e5905d", "vulnerability": {"vulnId": "CVE-2021-24931", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-05T00:00:00+00:00"}, "gcve": {"object_uuid": "7c9e227a-98a3-4b1e-8d1f-0d1565e5905d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-05T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Secure Copy Content Protection and Content Locking < 2.8.2 - Unauthenticated SQL Injection | Affected: Unknown / Secure Copy Content Protection and Content Locking | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-24931", "url": "https://www.cve.org/CVERecord?id=CVE-2021-24931"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-24931"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Secure Copy Content Protection and Content Locking < 2.8.2 - Unauthenticated SQL Injection", "vendor": "Unknown", "product": "Secure Copy Content Protection and Content Locking", "added_date": "2025-06-05T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "587ad3bd-dea9-4c27-823a-8e93e24662cd", "vulnerability": {"vulnId": "CVE-2017-18378", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-04T00:00:00+00:00"}, "gcve": {"object_uuid": "587ad3bd-dea9-4c27-823a-8e93e24662cd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-04T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through... | Affected: NETGEAR / ReadyNAS Surveillance | CVSS: 8.4 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2017-18378", "url": "https://www.cve.org/CVERecord?id=CVE-2017-18378"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-18378"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through...", "vendor": "NETGEAR", "product": "ReadyNAS Surveillance", "added_date": "2025-06-04T00:00:00.000Z", "cvss_score": 8.4, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "326655fe-7997-4ae8-b37e-0fa7a670be2a", "vulnerability": {"vulnId": "CVE-2019-17270", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-04T00:00:00+00:00"}, "gcve": {"object_uuid": "326655fe-7997-4ae8-b37e-0fa7a670be2a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-04T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user via the... | Affected: Yachtcontrol / Yachtcontrol | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2019-17270", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17270"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-17270"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user via the...", "vendor": "Yachtcontrol", "product": "Yachtcontrol", "added_date": "2025-06-04T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "9b20dbd7-4f41-4cc6-bd25-f26ef3e102b1", "vulnerability": {"vulnId": "CVE-2017-14135", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-04T00:00:00+00:00"}, "gcve": {"object_uuid": "9b20dbd7-4f41-4cc6-bd25-f26ef3e102b1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-04T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote attackers to execute... | Affected: OpenDreambox / OpenDreambox 2.0.0 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2017-14135", "url": "https://www.cve.org/CVERecord?id=CVE-2017-14135"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-14135"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote attackers to execute...", "vendor": "OpenDreambox", "product": "OpenDreambox 2.0.0", "added_date": "2025-06-04T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "59fd2603-0fbd-44af-a518-98e6f0513815", "vulnerability": {"vulnId": "CVE-2025-5068", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-03T12:32:47+00:00"}, "gcve": {"object_uuid": "59fd2603-0fbd-44af-a518-98e6f0513815", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-03T12:32:47+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-03T12:32:47+00:00"}, "scope": {"notes": "KEVIntel entry: Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-5068", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5068"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-5068"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...", "vendor": "Google", "product": "Chrome", "added_date": "2025-06-03T12:32:47.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "8ddbb718-0219-4504-8ea2-7475db9ae713", "vulnerability": {"vulnId": "CVE-2021-37291", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-02T00:00:00+00:00"}, "gcve": {"object_uuid": "8ddbb718-0219-4504-8ea2-7475db9ae713", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-02T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-02T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the input_id POST parameter in index.php. | Affected: KevinLAB Inc / Building Energy Management System 4ST BEMS | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-37291", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37291"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-37291"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the input_id POST parameter in index.php.", "vendor": "KevinLAB Inc", "product": "Building Energy Management System 4ST BEMS", "added_date": "2025-06-02T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "5be5df4d-8298-4909-b111-d4abb30e4662", "vulnerability": {"vulnId": "CVE-2013-1965", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-01T07:33:35+00:00"}, "gcve": {"object_uuid": "5be5df4d-8298-4909-b111-d4abb30e4662", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-01T07:33:35+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-01T07:33:35+00:00"}, "scope": {"notes": "KEVIntel entry: Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a... | Affected: Apache / Struts | CVSS: 9.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2013-1965", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1965"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-1965"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a...", "vendor": "Apache", "product": "Struts", "added_date": "2025-06-01T07:33:35.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "b6f7af28-f9b7-46f0-ba13-9f176519ac8b", "vulnerability": {"vulnId": "CVE-2020-13638", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-01T00:00:00+00:00"}, "gcve": {"object_uuid": "b6f7af28-f9b7-46f0-ba13-9f176519ac8b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-01T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been... | Affected: rConfig / rConfig | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-13638", "url": "https://www.cve.org/CVERecord?id=CVE-2020-13638"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-13638"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been...", "vendor": "rConfig", "product": "rConfig", "added_date": "2025-06-01T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "93e7185c-d2d0-43c1-a775-6d99d147d114", "vulnerability": {"vulnId": "CVE-2023-26255", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-01T00:00:00+00:00"}, "gcve": {"object_uuid": "93e7185c-d2d0-43c1-a775-6d99d147d114", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-01T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An unauthenticated path traversal vulnerability affects the \"STAGIL Navigation for Jira - Menu & Themes\" plugin before 2.0.52 for Jira. By... | Affected: Atlassian / Jira | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-26255", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26255"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-26255"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An unauthenticated path traversal vulnerability affects the \"STAGIL Navigation for Jira - Menu & Themes\" plugin before 2.0.52 for Jira. By...", "vendor": "Atlassian", "product": "Jira", "added_date": "2025-06-01T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "8869c097-7c19-4784-8d8c-de7c1f188b85", "vulnerability": {"vulnId": "CVE-2023-26256", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-01T00:00:00+00:00"}, "gcve": {"object_uuid": "8869c097-7c19-4784-8d8c-de7c1f188b85", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-01T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-06-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An unauthenticated path traversal vulnerability affects the \"STAGIL Navigation for Jira - Menu & Themes\" plugin before 2.0.52 for Jira. By... | Affected: Atlassian / Jira | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-26256", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26256"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-26256"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An unauthenticated path traversal vulnerability affects the \"STAGIL Navigation for Jira - Menu & Themes\" plugin before 2.0.52 for Jira. By...", "vendor": "Atlassian", "product": "Jira", "added_date": "2025-06-01T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "6b2cac34-32ed-47be-bc12-c2acd3b05b91", "vulnerability": {"vulnId": "CVE-2025-48828", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-27T12:00:00+00:00"}, "gcve": {"object_uuid": "6b2cac34-32ed-47be-bc12-c2acd3b05b91", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-27T12:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-05-27T12:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting... | Affected: vBulletin / vBulletin | CVSS: 9.0 (CRITICAL) | EPSS: 0.48358 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-48828", "url": "https://www.cve.org/CVERecord?id=CVE-2025-48828"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-48828"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting...", "vendor": "vBulletin", "product": "vBulletin", "added_date": "2025-05-27T12:00:00.000Z", "cvss_score": 9.0, "epss_score": 0.48358, "cvss_severity": "CRITICAL", "epss_percentile": 0.98712, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "2ab65631-2d71-4854-85d9-0fa03c8027fc", "vulnerability": {"vulnId": "CVE-2025-4428", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-21T13:11:30+00:00"}, "gcve": {"object_uuid": "2ab65631-2d71-4854-85d9-0fa03c8027fc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-21T13:11:30+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-05-21T13:11:30+00:00"}, "scope": {"notes": "KEVIntel entry: Remote Code Execution | Affected: Ivanti / Endpoint Manager Mobile | CVSS: 7.2 (HIGH) | EPSS: 0.87529 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-4428", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4428"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-4428"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Remote Code Execution", "vendor": "Ivanti", "product": "Endpoint Manager Mobile", "added_date": "2025-05-21T13:11:30.190Z", "cvss_score": 7.2, "epss_score": 0.87529, "cvss_severity": "HIGH", "epss_percentile": 0.99734, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 377}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a875d577-5629-4e6c-a8db-8a7aa7e49aad", "vulnerability": {"vulnId": "CVE-2025-4427", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-21T13:11:23+00:00"}, "gcve": {"object_uuid": "a875d577-5629-4e6c-a8db-8a7aa7e49aad", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-21T13:11:23+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-05-21T13:11:23+00:00"}, "scope": {"notes": "KEVIntel entry: Authentication Bypass | Affected: Ivanti / Endpoint Manager Mobile | CVSS: 5.3 (MEDIUM) | EPSS: 0.99589 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-4427", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4427"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-4427"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Authentication Bypass", "vendor": "Ivanti", "product": "Endpoint Manager Mobile", "added_date": "2025-05-21T13:11:23.139Z", "cvss_score": 5.3, "epss_score": 0.99589, "cvss_severity": "MEDIUM", "epss_percentile": 0.99943, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 377}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6228f0fb-dfd2-4e7b-a2c9-ad4fecb2fad4", "vulnerability": {"vulnId": "CVE-2025-32709", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-21T13:11:16+00:00"}, "gcve": {"object_uuid": "6228f0fb-dfd2-4e7b-a2c9-ad4fecb2fad4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-21T13:11:16+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-05-21T13:11:16+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 7.8 (HIGH) | EPSS: 0.01658 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-32709", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32709"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-32709"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2025-05-21T13:11:16.065Z", "cvss_score": 7.8, "epss_score": 0.01658, "cvss_severity": "HIGH", "epss_percentile": 0.73563, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 377}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "331dd7f6-65f2-4550-92dd-987e88fdff96", "vulnerability": {"vulnId": "CVE-2025-32706", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-21T13:11:09+00:00"}, "gcve": {"object_uuid": "331dd7f6-65f2-4550-92dd-987e88fdff96", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-21T13:11:09+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-05-21T13:11:09+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Common Log File System Driver Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 7.8 (HIGH) | EPSS: 0.02059 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-32706", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32706"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-32706"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2025-05-21T13:11:09.018Z", "cvss_score": 7.8, "epss_score": 0.02059, "cvss_severity": "HIGH", "epss_percentile": 0.78825, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 377}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ed846a39-0a72-4b4a-8239-a061045c04af", "vulnerability": {"vulnId": "CVE-2025-32701", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-21T13:11:01+00:00"}, "gcve": {"object_uuid": "ed846a39-0a72-4b4a-8239-a061045c04af", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-21T13:11:01+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-05-21T13:11:01+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Common Log File System Driver Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 7.8 (HIGH) | EPSS: 0.01291 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-32701", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32701"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-32701"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2025-05-21T13:11:01.860Z", "cvss_score": 7.8, "epss_score": 0.01291, "cvss_severity": "HIGH", "epss_percentile": 0.66492, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 377}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "235c3783-0c32-4f2f-9632-aadcc30e2942", "vulnerability": {"vulnId": "CVE-2025-30400", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-21T13:10:54+00:00"}, "gcve": {"object_uuid": "235c3783-0c32-4f2f-9632-aadcc30e2942", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-21T13:10:54+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-05-21T13:10:54+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft DWM Core Library Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 7.8 (HIGH) | EPSS: 0.01763 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-30400", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30400"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-30400"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft DWM Core Library Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2025-05-21T13:10:54.771Z", "cvss_score": 7.8, "epss_score": 0.01763, "cvss_severity": "HIGH", "epss_percentile": 0.7513, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 377}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5461e635-af95-405d-ac18-1ab9e1dbd0da", "vulnerability": {"vulnId": "CVE-2025-30397", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-21T13:10:47+00:00"}, "gcve": {"object_uuid": "5461e635-af95-405d-ac18-1ab9e1dbd0da", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-21T13:10:47+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-05-21T13:10:47+00:00"}, "scope": {"notes": "KEVIntel entry: Scripting Engine Memory Corruption Vulnerability | Affected: Microsoft / Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 7.5 (HIGH) | EPSS: 0.21562 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-30397", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30397"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-30397"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Scripting Engine Memory Corruption Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2025-05-21T13:10:47.775Z", "cvss_score": 7.5, "epss_score": 0.21562, "cvss_severity": "HIGH", "epss_percentile": 0.97308, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 377}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "23a17d6d-04eb-4155-b81d-959ef368b52a", "vulnerability": {"vulnId": "CVE-2025-27920", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-21T13:10:40+00:00"}, "gcve": {"object_uuid": "23a17d6d-04eb-4155-b81d-959ef368b52a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-21T13:10:40+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-05-21T13:10:40+00:00"}, "scope": {"notes": "KEVIntel entry: Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in... | Affected: Srimax / Output Messenger | CVSS: 7.2 (HIGH) | EPSS: 0.01812 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-27920", "url": "https://www.cve.org/CVERecord?id=CVE-2025-27920"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-27920"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in...", "vendor": "Srimax", "product": "Output Messenger", "added_date": "2025-05-21T13:10:40.229Z", "cvss_score": 7.2, "epss_score": 0.01812, "cvss_severity": "HIGH", "epss_percentile": 0.75822, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 377}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2fa15eab-8921-420b-8ac3-8624580c2b6c", "vulnerability": {"vulnId": "CVE-2024-27443", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-21T13:10:32+00:00"}, "gcve": {"object_uuid": "2fa15eab-8921-420b-8ac3-8624580c2b6c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-21T13:10:32+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-05-21T13:10:32+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature... | Affected: Zimbra / Zimbra Collaboration (ZCS) | CVSS: 6.1 (MEDIUM) | EPSS: 0.19668 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-27443", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27443"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-27443"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature...", "vendor": "Zimbra", "product": "Zimbra Collaboration (ZCS)", "added_date": "2025-05-21T13:10:32.092Z", "cvss_score": 6.1, "epss_score": 0.19668, "cvss_severity": "MEDIUM", "epss_percentile": 0.97051, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 377}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0f73638d-c717-440c-b183-838470348052", "vulnerability": {"vulnId": "CVE-2024-11182", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-21T13:10:24+00:00"}, "gcve": {"object_uuid": "0f73638d-c717-440c-b183-838470348052", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-21T13:10:24+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-05-21T13:10:24+00:00"}, "scope": {"notes": "KEVIntel entry: Stored XSS vulnerability in MDaemon Email Server | Affected: MDaemon / Email Server | CVSS: 5.3 (MEDIUM) | EPSS: 0.16346 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-11182", "url": "https://www.cve.org/CVERecord?id=CVE-2024-11182"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-11182"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Stored XSS vulnerability in MDaemon Email Server", "vendor": "MDaemon", "product": "Email Server", "added_date": "2025-05-21T13:10:24.903Z", "cvss_score": 5.3, "epss_score": 0.16346, "cvss_severity": "MEDIUM", "epss_percentile": 0.96552, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 377}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a22d1f25-cdaa-4c56-a565-2ab9b1be6999", "vulnerability": {"vulnId": "CVE-2023-38950", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-21T13:10:17+00:00"}, "gcve": {"object_uuid": "a22d1f25-cdaa-4c56-a565-2ab9b1be6999", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-21T13:10:17+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-05-21T13:10:17+00:00"}, "scope": {"notes": "KEVIntel entry: A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a... | Affected: ZKTeco / BioTime | CVSS: 7.5 (HIGH) | EPSS: 0.8488 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-38950", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38950"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-38950"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a...", "vendor": "ZKTeco", "product": "BioTime", "added_date": "2025-05-21T13:10:17.537Z", "cvss_score": 7.5, "epss_score": 0.8488, "cvss_severity": "HIGH", "epss_percentile": 0.99681, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 377}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "fe63a8f3-7d5f-45ff-8ce1-3b241d269f01", "vulnerability": {"vulnId": "CVE-2018-17246", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-20T19:38:21+00:00"}, "gcve": {"object_uuid": "fe63a8f3-7d5f-45ff-8ce1-3b241d269f01", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-20T19:38:21+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-05-20T19:38:21+00:00"}, "scope": {"notes": "KEVIntel entry: Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana... | Affected: Elastic / Kibana | CVSS: 9.8 (CRITICAL) | EPSS: 0.93865 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-17246", "url": "https://www.cve.org/CVERecord?id=CVE-2018-17246"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-17246"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana...", "vendor": "Elastic", "product": "Kibana", "added_date": "2025-05-20T19:38:21.380Z", "cvss_score": 9.8, "epss_score": 0.93865, "cvss_severity": "CRITICAL", "epss_percentile": 0.99858, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "b56931f6-e19f-4fa7-a00a-3321f27b01e7", "vulnerability": {"vulnId": "CVE-2019-16662", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-20T19:38:13+00:00"}, "gcve": {"object_uuid": "b56931f6-e19f-4fa7-a00a-3321f27b01e7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-20T19:38:13+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-05-20T19:38:13+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php... | Affected: rConfig / rConfig | CVSS: 9.8 (CRITICAL) | EPSS: 0.94452 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2019-16662", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16662"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-16662"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php...", "vendor": "rConfig", "product": "rConfig", "added_date": "2025-05-20T19:38:13.620Z", "cvss_score": 9.8, "epss_score": 0.94452, "cvss_severity": "CRITICAL", "epss_percentile": 0.9999, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "dd889b43-c3e3-4e50-a9d6-a7a282c22c8b", "vulnerability": {"vulnId": "CVE-2024-9264", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-20T19:38:05+00:00"}, "gcve": {"object_uuid": "dd889b43-c3e3-4e50-a9d6-a7a282c22c8b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-20T19:38:05+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-05-20T19:38:05+00:00"}, "scope": {"notes": "KEVIntel entry: Grafana SQL Expressions allow for remote code execution | Affected: Grafana / Grafana | CVSS: 9.4 (CRITICAL) | EPSS: 0.92072 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-9264", "url": "https://www.cve.org/CVERecord?id=CVE-2024-9264"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-9264"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Grafana SQL Expressions allow for remote code execution", "vendor": "Grafana", "product": "Grafana", "added_date": "2025-05-20T19:38:05.933Z", "cvss_score": 9.4, "epss_score": 0.92072, "cvss_severity": "CRITICAL", "epss_percentile": 0.9968, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "ef45d215-1abf-43be-89ed-90ae9b7fc47f", "vulnerability": {"vulnId": "CVE-2024-12987", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-16T08:36:30+00:00"}, "gcve": {"object_uuid": "ef45d215-1abf-43be-89ed-90ae9b7fc47f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-16T08:36:30+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-05-16T08:36:30+00:00"}, "scope": {"notes": "KEVIntel entry: DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupload os command injection | Affected: DrayTek / Vigor2960, Vigor300B | CVSS: 6.9 (MEDIUM) | EPSS: 0.27754 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-12987", "url": "https://www.cve.org/CVERecord?id=CVE-2024-12987"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-12987"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupload os command injection", "vendor": "DrayTek", "product": "Vigor2960, Vigor300B", "added_date": "2025-05-16T08:36:30.620Z", "cvss_score": 6.9, "epss_score": 0.27754, "cvss_severity": "MEDIUM", "epss_percentile": 0.96144, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2ff50f5c-3d3b-4bc9-9f40-54bda89ecaca", "vulnerability": {"vulnId": "CVE-2024-6047", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-07T06:17:12+00:00"}, "gcve": {"object_uuid": "2ff50f5c-3d3b-4bc9-9f40-54bda89ecaca", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-07T06:17:12+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-05-07T06:17:12+00:00"}, "scope": {"notes": "KEVIntel entry: GeoVision EOL device - OS Command Injection | Affected: GeoVision / GV_DSP_LPR_V2, GV_IPCAMD_GV_BX1500, GV_IPCAMD_GV_CB220, GV_IPCAMD_GV_EBL1100, GV_IPCAMD_GV_EFD1100, GV_IPCAMD_GV_FD2410, GV_IPCAMD_GV_FD3400, GV_IPCAMD_GV_FE3401, GV_IPCAMD_GV_FE420, GV-VS14_VS14, GV_VS03, GV_VS2410, GV_VS28XX, GV_VS216XX, GV VS04A, GV VS04H, GVLX 4 V2, GVLX 4 V3, GV_IPCAMD_GV_BX130, GV_GM8186_VS14 | CVSS: 9.8 (CRITICAL) | EPSS: 0.09992 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-6047", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6047"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-6047"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "GeoVision EOL device - OS Command Injection", "vendor": "GeoVision", "product": "GV_DSP_LPR_V2, GV_IPCAMD_GV_BX1500, GV_IPCAMD_GV_CB220, GV_IPCAMD_GV_EBL1100, GV_IPCAMD_GV_EFD1100, GV_IPCAMD_GV_FD2410, GV_IPCAMD_GV_FD3400, GV_IPCAMD_GV_FE3401, GV_IPCAMD_GV_FE420, GV-VS14_VS14, GV_VS03, GV_VS2410, GV_VS28XX, GV_VS216XX, GV VS04A, GV VS04H, GVLX 4 V2, GVLX 4 V3, GV_IPCAMD_GV_BX130, GV_GM8186_VS14", "added_date": "2025-05-07T06:17:12.242Z", "cvss_score": 9.8, "epss_score": 0.09992, "cvss_severity": "CRITICAL", "epss_percentile": 0.95004, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 391}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cf1c4392-4a03-4638-8422-d6f0064f71fb", "vulnerability": {"vulnId": "CVE-2024-11120", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-07T06:17:12+00:00"}, "gcve": {"object_uuid": "cf1c4392-4a03-4638-8422-d6f0064f71fb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-07T06:17:12+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-05-07T06:17:12+00:00"}, "scope": {"notes": "KEVIntel entry: GeoVision EOL devices - OS Command Injection | Affected: GeoVision / GV-VS12, GV-VS11, GV-DSP_LPR_V3, GVLX 4 V2, GVLX 4 V3 | CVSS: 9.8 (CRITICAL) | EPSS: 0.28554 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-11120", "url": "https://www.cve.org/CVERecord?id=CVE-2024-11120"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-11120"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "GeoVision EOL devices - OS Command Injection", "vendor": "GeoVision", "product": "GV-VS12, GV-VS11, GV-DSP_LPR_V3, GVLX 4 V2, GVLX 4 V3", "added_date": "2025-05-07T06:17:12.074Z", "cvss_score": 9.8, "epss_score": 0.28554, "cvss_severity": "CRITICAL", "epss_percentile": 0.97883, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 391}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c5eb2eb3-edc2-43cc-b800-3bac3b4a61ae", "vulnerability": {"vulnId": "CVE-2025-27363", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-06T07:17:25+00:00"}, "gcve": {"object_uuid": "c5eb2eb3-edc2-43cc-b800-3bac3b4a61ae", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-06T07:17:25+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-05-06T07:17:25+00:00"}, "scope": {"notes": "KEVIntel entry: An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font... | Affected: FreeType / FreeType | CVSS: 8.1 (HIGH) | EPSS: 0.23357 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-27363", "url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-27363"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font...", "vendor": "FreeType", "product": "FreeType", "added_date": "2025-05-06T07:17:25.771Z", "cvss_score": 8.1, "epss_score": 0.23357, "cvss_severity": "HIGH", "epss_percentile": 0.97491, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 392}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d06db4f7-2315-4a19-873e-71f3299ec7dc", "vulnerability": {"vulnId": "CVE-2024-58136", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-05T08:35:41+00:00"}, "gcve": {"object_uuid": "d06db4f7-2315-4a19-873e-71f3299ec7dc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-05T08:35:41+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-05-05T08:35:41+00:00"}, "scope": {"notes": "KEVIntel entry: Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the... | Affected: yiiframework / Yii | CVSS: 9.0 (CRITICAL) | EPSS: 0.87714 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-58136", "url": "https://www.cve.org/CVERecord?id=CVE-2024-58136"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-58136"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the...", "vendor": "yiiframework", "product": "Yii", "added_date": "2025-05-05T08:35:41.245Z", "cvss_score": 9.0, "epss_score": 0.87714, "cvss_severity": "CRITICAL", "epss_percentile": 0.99737, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 393}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d9a97d99-d554-46d8-b12e-c7a4b0b6557c", "vulnerability": {"vulnId": "CVE-2025-34028", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-05T08:35:41+00:00"}, "gcve": {"object_uuid": "d9a97d99-d554-46d8-b12e-c7a4b0b6557c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-05T08:35:41+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-05-05T08:35:41+00:00"}, "scope": {"notes": "KEVIntel entry: Commvault Command Center Innovation Release <= 11.38.25 Unathenticated Install Package Path Traversal | Affected: Commvault / Command Center Innovation Release | CVSS: 9.3 (CRITICAL) | EPSS: 0.97157 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-34028", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34028"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-34028"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Commvault Command Center Innovation Release <= 11.38.25 Unathenticated Install Package Path Traversal", "vendor": "Commvault", "product": "Command Center Innovation Release", "added_date": "2025-05-05T08:35:41.213Z", "cvss_score": 9.3, "epss_score": 0.97157, "cvss_severity": "CRITICAL", "epss_percentile": 0.99886, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 393}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "72234562-a6ea-4582-8a45-2556d85077ac", "vulnerability": {"vulnId": "CVE-2025-3248", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-05T00:00:00+00:00"}, "gcve": {"object_uuid": "72234562-a6ea-4582-8a45-2556d85077ac", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-05T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-05-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code | Affected: langflow-ai / langflow | CVSS: 9.8 (CRITICAL) | EPSS: 0.99959 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-3248", "url": "https://www.cve.org/CVERecord?id=CVE-2025-3248"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-3248"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code", "vendor": "langflow-ai", "product": "langflow", "added_date": "2025-05-05T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99959, "cvss_severity": "CRITICAL", "epss_percentile": 0.99975, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "1130b358-d04c-4bc8-9be6-c217772cc224", "vulnerability": {"vulnId": "CVE-2017-9844", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-01T08:57:25+00:00"}, "gcve": {"object_uuid": "1130b358-d04c-4bc8-9be6-c217772cc224", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-01T08:57:25+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-05-01T08:57:25+00:00"}, "scope": {"notes": "KEVIntel entry: SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized... | Affected: SAP / NetWeaver | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2017-9844", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9844"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-9844"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized...", "vendor": "SAP", "product": "NetWeaver", "added_date": "2025-05-01T08:57:25.878Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "8b0356d7-8943-4bc2-94c4-bf9f7362acd5", "vulnerability": {"vulnId": "CVE-2023-44221", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-01T06:22:00+00:00"}, "gcve": {"object_uuid": "8b0356d7-8943-4bc2-94c4-bf9f7362acd5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-01T06:22:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-05-01T06:22:00+00:00"}, "scope": {"notes": "KEVIntel entry: Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative... | Affected: SonicWall / SMA100 | CVSS: 7.2 (HIGH) | EPSS: 0.74933 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-44221", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44221"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-44221"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative...", "vendor": "SonicWall", "product": "SMA100", "added_date": "2025-05-01T06:22:00.000Z", "cvss_score": 7.2, "epss_score": 0.74933, "cvss_severity": "HIGH", "epss_percentile": 0.99443, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 397}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "273d52c3-4094-4e1c-bac0-8fb88ebbe9fc", "vulnerability": {"vulnId": "CVE-2024-38475", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-01T00:00:00+00:00"}, "gcve": {"object_uuid": "273d52c3-4094-4e1c-bac0-8fb88ebbe9fc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-01T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-05-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path. | Affected: Apache Software Foundation / Apache HTTP Server | CVSS: 9.1 (CRITICAL) | EPSS: 0.99957 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-38475", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38475"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-38475"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.", "vendor": "Apache Software Foundation", "product": "Apache HTTP Server", "added_date": "2025-05-01T00:00:00.000Z", "cvss_score": 9.1, "epss_score": 0.99957, "cvss_severity": "CRITICAL", "epss_percentile": 0.99974, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8c56fd72-393e-460c-be2d-11a26865c4c2", "vulnerability": {"vulnId": "CVE-2025-3928", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-30T15:36:16+00:00"}, "gcve": {"object_uuid": "8c56fd72-393e-460c-be2d-11a26865c4c2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-30T15:36:16+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-30T15:36:16+00:00"}, "scope": {"notes": "KEVIntel entry: Commvault Web Server unspecified vulnerability | Affected: Commvault / Web Server | CVSS: 8.7 (HIGH) | EPSS: 0.01868 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-3928", "url": "https://www.cve.org/CVERecord?id=CVE-2025-3928"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-3928"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Commvault Web Server unspecified vulnerability", "vendor": "Commvault", "product": "Web Server", "added_date": "2025-04-30T15:36:16.939Z", "cvss_score": 8.7, "epss_score": 0.01868, "cvss_severity": "HIGH", "epss_percentile": 0.76585, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 398}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c3fcd6e2-c34d-4216-a820-a1fa9c90d774", "vulnerability": {"vulnId": "CVE-2025-31324", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-28T21:26:28+00:00"}, "gcve": {"object_uuid": "c3fcd6e2-c34d-4216-a820-a1fa9c90d774", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-28T21:26:28+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-28T21:26:28+00:00"}, "scope": {"notes": "KEVIntel entry: Missing Authorization check in SAP NetWeaver (Visual Composer development server) | Affected: SAP_SE / SAP NetWeaver (Visual Composer development server) | CVSS: 10.0 (CRITICAL) | EPSS: 0.99316 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-31324", "url": "https://www.cve.org/CVERecord?id=CVE-2025-31324"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-31324"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Missing Authorization check in SAP NetWeaver (Visual Composer development server)", "vendor": "SAP_SE", "product": "SAP NetWeaver (Visual Composer development server)", "added_date": "2025-04-28T21:26:28.000Z", "cvss_score": 10.0, "epss_score": 0.99316, "cvss_severity": "CRITICAL", "epss_percentile": 0.99933, "used_in_malware": "yes", "ahead_of_cisa_kev": {"unit": "day", "count": 400}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b762dd1c-0da6-43fd-a123-3c4446c8b108", "vulnerability": {"vulnId": "CVE-2017-17215", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-28T00:00:00+00:00"}, "gcve": {"object_uuid": "b762dd1c-0da6-43fd-a123-3c4446c8b108", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to... | Affected: Huawei Technologies Co., Ltd. / HG532 | CVSS: 8.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2017-17215", "url": "https://www.cve.org/CVERecord?id=CVE-2017-17215"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-17215"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to...", "vendor": "Huawei Technologies Co., Ltd.", "product": "HG532", "added_date": "2025-04-28T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "9fa31180-420a-4861-bd36-3000e177543c", "vulnerability": {"vulnId": "CVE-2023-0656", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-28T00:00:00+00:00"}, "gcve": {"object_uuid": "9fa31180-420a-4861-bd36-3000e177543c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could... | Affected: SonicWall / SonicOS | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-0656", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0656"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-0656"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could...", "vendor": "SonicWall", "product": "SonicOS", "added_date": "2025-04-28T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "66a86f3e-1f89-4fa8-8a53-42659c79c22a", "vulnerability": {"vulnId": "CVE-2024-22024", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-28T00:00:00+00:00"}, "gcve": {"object_uuid": "66a86f3e-1f89-4fa8-8a53-42659c79c22a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA... | Affected: Ivanti, Ivant  / ICS, IPS | CVSS: 8.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-22024", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22024"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-22024"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA...", "vendor": "Ivanti, Ivant ", "product": "ICS, IPS", "added_date": "2025-04-28T00:00:00.000Z", "cvss_score": 8.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "35cbb4f4-71e4-4229-aa74-9edcd6a07889", "vulnerability": {"vulnId": "CVE-2022-22274", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-28T00:00:00+00:00"}, "gcve": {"object_uuid": "35cbb4f4-71e4-4229-aa74-9edcd6a07889", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service... | Affected: SonicWall / SonicOS | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-22274", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22274"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-22274"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service...", "vendor": "SonicWall", "product": "SonicOS", "added_date": "2025-04-28T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "f982e01e-b429-4458-aff2-2dbce0e9d7f2", "vulnerability": {"vulnId": "CVE-2016-10372", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-28T00:00:00+00:00"}, "gcve": {"object_uuid": "f982e01e-b429-4458-aff2-2dbce0e9d7f2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547,... | Affected: Eir / D1000 modem | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2016-10372", "url": "https://www.cve.org/CVERecord?id=CVE-2016-10372"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-10372"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547,...", "vendor": "Eir", "product": "D1000 modem", "added_date": "2025-04-28T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "374f1f19-1169-4f89-ad9c-2c30e80e905a", "vulnerability": {"vulnId": "CVE-2023-24488", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-28T00:00:00+00:00"}, "gcve": {"object_uuid": "374f1f19-1169-4f89-ad9c-2c30e80e905a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cross site scripting | Affected: Citrix / Citrix ADC and Citrix Gateway\u202f | CVSS: 6.1 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-24488", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24488"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-24488"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cross site scripting", "vendor": "Citrix", "product": "Citrix ADC and Citrix Gateway\u202f", "added_date": "2025-04-28T00:00:00.000Z", "cvss_score": 6.1, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "ed9c700f-c33d-46f6-8450-d42d52cca1fb", "vulnerability": {"vulnId": "CVE-2019-12780", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-28T00:00:00+00:00"}, "gcve": {"object_uuid": "ed9c700f-c33d-46f6-8450-d42d52cca1fb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. A... | Affected: Belkin / Wemo Enabled Crock-Pot | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2019-12780", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12780"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-12780"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. A...", "vendor": "Belkin", "product": "Wemo Enabled Crock-Pot", "added_date": "2025-04-28T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a7241197-ea3c-4ec5-bedd-0591d9deee8c", "vulnerability": {"vulnId": "CVE-2021-25003", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-28T00:00:00+00:00"}, "gcve": {"object_uuid": "a7241197-ea3c-4ec5-bedd-0591d9deee8c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: WPCargo < 6.9.0 - Unauthenticated RCE | Affected: Unknown / WPCargo Track & Trace | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-25003", "url": "https://www.cve.org/CVERecord?id=CVE-2021-25003"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-25003"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WPCargo < 6.9.0 - Unauthenticated RCE", "vendor": "Unknown", "product": "WPCargo Track & Trace", "added_date": "2025-04-28T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "36634e60-874e-457d-b185-277699e51b43", "vulnerability": {"vulnId": "CVE-2021-27850", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-28T00:00:00+00:00"}, "gcve": {"object_uuid": "36634e60-874e-457d-b185-277699e51b43", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Bypass of the fix for CVE-2019-0195 | Affected: Apache Software Foundation / Apache Tapestry | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-27850", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27850"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-27850"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Bypass of the fix for CVE-2019-0195", "vendor": "Apache Software Foundation", "product": "Apache Tapestry", "added_date": "2025-04-28T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "33e452ef-4814-4e82-b683-9bbfe4597412", "vulnerability": {"vulnId": "CVE-2021-25899", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-28T00:00:00+00:00"}, "gcve": {"object_uuid": "33e452ef-4814-4e82-b683-9bbfe4597412", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform... | Affected: Void / Aural Rec Monitor | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-25899", "url": "https://www.cve.org/CVERecord?id=CVE-2021-25899"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-25899"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform...", "vendor": "Void", "product": "Aural Rec Monitor", "added_date": "2025-04-28T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "b9489c7d-326f-44e9-9ae7-675dd86c4867", "vulnerability": {"vulnId": "CVE-2021-25114", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-28T00:00:00+00:00"}, "gcve": {"object_uuid": "b9489c7d-326f-44e9-9ae7-675dd86c4867", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Paid Memberships Pro < 2.6.7 - Unauthenticated Blind SQL Injection | Affected: Unknown / Paid Memberships Pro | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-25114", "url": "https://www.cve.org/CVERecord?id=CVE-2021-25114"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-25114"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Paid Memberships Pro < 2.6.7 - Unauthenticated Blind SQL Injection", "vendor": "Unknown", "product": "Paid Memberships Pro", "added_date": "2025-04-28T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "905e2533-4c67-466b-b8e0-ea3631e85ad5", "vulnerability": {"vulnId": "CVE-2021-25646", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-28T00:00:00+00:00"}, "gcve": {"object_uuid": "905e2533-4c67-466b-b8e0-ea3631e85ad5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Authenticated users can override system configurations in their requests which allows them to execute arbitrary code. | Affected: Apache Software Foundation / Apache Druid | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-25646", "url": "https://www.cve.org/CVERecord?id=CVE-2021-25646"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-25646"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Authenticated users can override system configurations in their requests which allows them to execute arbitrary code.", "vendor": "Apache Software Foundation", "product": "Apache Druid", "added_date": "2025-04-28T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "ee967cdf-8289-4130-9588-ecc901255e07", "vulnerability": {"vulnId": "CVE-2021-4191", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-28T00:00:00+00:00"}, "gcve": {"object_uuid": "ee967cdf-8289-4130-9588-ecc901255e07", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with... | Affected: GitLab / GitLab | CVSS: 5.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-4191", "url": "https://www.cve.org/CVERecord?id=CVE-2021-4191"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-4191"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with...", "vendor": "GitLab", "product": "GitLab", "added_date": "2025-04-28T00:00:00.000Z", "cvss_score": 5.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "10b9d3da-00bc-4df3-853f-ab74a07d3eb9", "vulnerability": {"vulnId": "CVE-2024-3721", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-28T00:00:00+00:00"}, "gcve": {"object_uuid": "10b9d3da-00bc-4df3-853f-ab74a07d3eb9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: TBK DVR-4104/DVR-4216 os command injection | Affected: TBK / DVR-4104, DVR-4216 | CVSS: 6.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-3721", "url": "https://www.cve.org/CVERecord?id=CVE-2024-3721"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-3721"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "TBK DVR-4104/DVR-4216 os command injection", "vendor": "TBK", "product": "DVR-4104, DVR-4216", "added_date": "2025-04-28T00:00:00.000Z", "cvss_score": 6.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "5762090a-1d9d-4106-8e98-c6519ae403b6", "vulnerability": {"vulnId": "CVE-2025-42599", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-28T00:00:00+00:00"}, "gcve": {"object_uuid": "5762090a-1d9d-4106-8e98-c6519ae403b6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based buffer overflow vulnerability. Receiving a specially crafted request... | Affected: QUALITIA CO., LTD. / Active! mail 6 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-42599", "url": "https://www.cve.org/CVERecord?id=CVE-2025-42599"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-42599"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based buffer overflow vulnerability. Receiving a specially crafted request...", "vendor": "QUALITIA CO., LTD.", "product": "Active! mail 6", "added_date": "2025-04-28T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ee150d59-b9c1-4f82-ab23-8feb5528fd4f", "vulnerability": {"vulnId": "CVE-2025-1976", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-28T00:00:00+00:00"}, "gcve": {"object_uuid": "ee150d59-b9c1-4f82-ab23-8feb5528fd4f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Code injection exposure in Fabric OS 9.1.0 through 9.1.1d6 | Affected: Brocade / Fabric OS | CVSS: 8.6 (HIGH) | EPSS: 0.00033 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-1976", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1976"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-1976"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Code injection exposure in Fabric OS 9.1.0 through 9.1.1d6", "vendor": "Brocade", "product": "Fabric OS", "added_date": "2025-04-28T00:00:00.000Z", "cvss_score": 8.6, "epss_score": 0.00033, "cvss_severity": "HIGH", "epss_percentile": 0.07906, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cc566277-6788-461b-b910-577fb8b70bf6", "vulnerability": {"vulnId": "CVE-2021-32030", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-28T00:00:00+00:00"}, "gcve": {"object_uuid": "cc566277-6788-461b-b910-577fb8b70bf6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.4_384_46630 allows authentication... | Affected: ASUS / GT-AC2900, Lyra Mini | CVSS: 9.8 (CRITICAL) | EPSS: 0.99351 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-32030", "url": "https://www.cve.org/CVERecord?id=CVE-2021-32030"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-32030"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.4_384_46630 allows authentication...", "vendor": "ASUS", "product": "GT-AC2900, Lyra Mini", "added_date": "2025-04-28T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99351, "cvss_severity": "CRITICAL", "epss_percentile": 0.99934, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 400}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "bfd7fc21-11d3-430c-b08e-835289c4aa26", "vulnerability": {"vulnId": "CVE-2018-9995", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-28T00:00:00+00:00"}, "gcve": {"object_uuid": "bfd7fc21-11d3-430c-b08e-835289c4aa26", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which... | Affected: TBK / DVR4104, DVR4216 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-9995", "url": "https://www.cve.org/CVERecord?id=CVE-2018-9995"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-9995"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which...", "vendor": "TBK", "product": "DVR4104, DVR4216", "added_date": "2025-04-28T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "9d4b7e67-5377-4af8-85ce-a21181d7289e", "vulnerability": {"vulnId": "CVE-2023-38646", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-28T00:00:00+00:00"}, "gcve": {"object_uuid": "9d4b7e67-5377-4af8-85ce-a21181d7289e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the... | Affected: Metabase / Metabase | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-38646", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38646"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-38646"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the...", "vendor": "Metabase", "product": "Metabase", "added_date": "2025-04-28T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "d135672c-73e1-4254-a1c8-5f8d4fa27f5b", "vulnerability": {"vulnId": "CVE-2023-26801", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-28T00:00:00+00:00"}, "gcve": {"object_uuid": "d135672c-73e1-4254-a1c8-5f8d4fa27f5b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 were discovered to contain a command... | Affected: LB-LINK / BL-AC1900_2.0, BL-WR9000, BL-X26, BL-LTE300 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-26801", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26801"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-26801"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 were discovered to contain a command...", "vendor": "LB-LINK", "product": "BL-AC1900_2.0, BL-WR9000, BL-X26, BL-LTE300", "added_date": "2025-04-28T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "8ec83b83-7dd6-4ae3-aa64-c564c5dc949d", "vulnerability": {"vulnId": "CVE-2025-2825", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-28T00:00:00+00:00"}, "gcve": {"object_uuid": "8ec83b83-7dd6-4ae3-aa64-c564c5dc949d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: No title available | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-2825", "url": "https://www.cve.org/CVERecord?id=CVE-2025-2825"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-2825"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "No title available", "vendor": "", "product": "", "added_date": "2025-04-28T00:00:00.000Z", "cvss_score": null, "epss_score": null, "cvss_severity": null, "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "18807362-0bee-4880-b7fd-a7f6fff4307f", "vulnerability": {"vulnId": "CVE-2021-26295", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-28T00:00:00+00:00"}, "gcve": {"object_uuid": "18807362-0bee-4880-b7fd-a7f6fff4307f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI | Affected: Apache Software Foundation / Apache OFBiz | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-26295", "url": "https://www.cve.org/CVERecord?id=CVE-2021-26295"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-26295"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI", "vendor": "Apache Software Foundation", "product": "Apache OFBiz", "added_date": "2025-04-28T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "f1786214-8cc4-4075-8be8-150862243d60", "vulnerability": {"vulnId": "CVE-2021-26294", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-28T00:00:00+00:00"}, "gcve": {"object_uuid": "f1786214-8cc4-4075-8be8-150862243d60", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. They allow directory traversal to read files (such as a... | Affected: AfterLogic / [\"Aurora\", \"WebMail Pro\"] | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-26294", "url": "https://www.cve.org/CVERecord?id=CVE-2021-26294"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-26294"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. They allow directory traversal to read files (such as a...", "vendor": "AfterLogic", "product": "[\"Aurora\", \"WebMail Pro\"]", "added_date": "2025-04-28T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "61730370-f773-45b7-af0b-54a01a385375", "vulnerability": {"vulnId": "CVE-2024-21899", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-27T00:00:00+00:00"}, "gcve": {"object_uuid": "61730370-f773-45b7-af0b-54a01a385375", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-27T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-27T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: QTS, QuTS hero, QuTScloud | Affected: QNAP Systems Inc. / QTS, QuTS hero, QuTScloud | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-21899", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21899"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-21899"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "QTS, QuTS hero, QuTScloud", "vendor": "QNAP Systems Inc.", "product": "QTS, QuTS hero, QuTScloud", "added_date": "2025-04-27T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "65ecf79f-7c2f-4d87-b4cd-3c94e91a5068", "vulnerability": {"vulnId": "CVE-2018-3760", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-27T00:00:00+00:00"}, "gcve": {"object_uuid": "65ecf79f-7c2f-4d87-b4cd-3c94e91a5068", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-27T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-27T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially... | Affected: HackerOne / Sprockets | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-3760", "url": "https://www.cve.org/CVERecord?id=CVE-2018-3760"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-3760"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially...", "vendor": "HackerOne", "product": "Sprockets", "added_date": "2025-04-27T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "d9dc9721-2d94-4061-8223-facd268bbcb1", "vulnerability": {"vulnId": "CVE-2017-7927", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-27T00:00:00+00:00"}, "gcve": {"object_uuid": "d9dc9721-2d94-4061-8223-facd268bbcb1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-27T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-27T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN,... | Affected: Dahua / Dahua Technology Co., Ltd Digital Video Recorders and IP Cameras | CVSS: 7.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2017-7927", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7927"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-7927"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN,...", "vendor": "Dahua", "product": "Dahua Technology Co., Ltd Digital Video Recorders and IP Cameras", "added_date": "2025-04-27T00:00:00.000Z", "cvss_score": 7.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "d81d0634-ceca-4234-9869-8b62b9f87355", "vulnerability": {"vulnId": "CVE-2016-5674", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-27T00:00:00+00:00"}, "gcve": {"object_uuid": "d81d0634-ceca-4234-9869-8b62b9f87355", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-27T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-27T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: __debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1... | Affected: [\"NUUO\", \"NETGEAR\"] / [\"NVRmini 2\", \"NVRsolo\", \"ReadyNAS Surveillance\"] | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2016-5674", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5674"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-5674"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1...", "vendor": "[\"NUUO\", \"NETGEAR\"]", "product": "[\"NVRmini 2\", \"NVRsolo\", \"ReadyNAS Surveillance\"]", "added_date": "2025-04-27T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "8314eebc-0524-46b6-8a59-d1a14def1a75", "vulnerability": {"vulnId": "CVE-2020-35665", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-27T00:00:00+00:00"}, "gcve": {"object_uuid": "8314eebc-0524-46b6-8a59-d1a14def1a75", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-27T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-27T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in... | Affected: TerraMaster / TOS | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-35665", "url": "https://www.cve.org/CVERecord?id=CVE-2020-35665"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-35665"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in...", "vendor": "TerraMaster", "product": "TOS", "added_date": "2025-04-27T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "4655e372-a750-4152-a9fc-64f5fb964154", "vulnerability": {"vulnId": "CVE-2019-5128", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-27T00:00:00+00:00"}, "gcve": {"object_uuid": "4655e372-a750-4152-a9fc-64f5fb964154", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-27T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-27T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable... | Affected: YouPHPTube / YouPHPTube | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2019-5128", "url": "https://www.cve.org/CVERecord?id=CVE-2019-5128"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-5128"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable...", "vendor": "YouPHPTube", "product": "YouPHPTube", "added_date": "2025-04-27T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "5dcc8675-2695-43b5-8a30-4c0b6efcad00", "vulnerability": {"vulnId": "CVE-2023-39026", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-27T00:00:00+00:00"}, "gcve": {"object_uuid": "5dcc8675-2695-43b5-8a30-4c0b6efcad00", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-27T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-27T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive... | Affected: FileMage / Gateway | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-39026", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39026"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-39026"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive...", "vendor": "FileMage", "product": "Gateway", "added_date": "2025-04-27T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "6ab4f75b-853c-4ba7-89ee-f3e4ee12d38e", "vulnerability": {"vulnId": "CVE-2020-11530", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-27T00:00:00+00:00"}, "gcve": {"object_uuid": "6ab4f75b-853c-4ba7-89ee-f3e4ee12d38e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-27T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-27T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter... | Affected: iDangero.us / Chop Slider 3 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-11530", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11530"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-11530"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter...", "vendor": "iDangero.us", "product": "Chop Slider 3", "added_date": "2025-04-27T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "8af15ce5-0b9f-4b7e-88ff-469f7c9d9837", "vulnerability": {"vulnId": "CVE-2019-17506", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-27T00:00:00+00:00"}, "gcve": {"object_uuid": "8af15ce5-0b9f-4b7e-88ff-469f7c9d9837", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-27T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-27T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the... | Affected: D-Link / DIR-868L, DIR-817LW | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2019-17506", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17506"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-17506"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the...", "vendor": "D-Link", "product": "DIR-868L, DIR-817LW", "added_date": "2025-04-27T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "41505882-73be-4cbf-8f92-61106c5d4d08", "vulnerability": {"vulnId": "CVE-2018-17431", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-27T00:00:00+00:00"}, "gcve": {"object_uuid": "41505882-73be-4cbf-8f92-61106c5d4d08", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-27T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-27T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL. | Affected: Comodo / UTM Firewall | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-17431", "url": "https://www.cve.org/CVERecord?id=CVE-2018-17431"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-17431"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL.", "vendor": "Comodo", "product": "UTM Firewall", "added_date": "2025-04-27T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "0c3c9e06-34c2-43c2-b77f-b3a26edf6464", "vulnerability": {"vulnId": "CVE-2018-9866", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-26T00:00:00+00:00"}, "gcve": {"object_uuid": "0c3c9e06-34c2-43c2-b77f-b3a26edf6464", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual... | Affected: SonicWall / Global Management System (GMS) | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-9866", "url": "https://www.cve.org/CVERecord?id=CVE-2018-9866"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-9866"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual...", "vendor": "SonicWall", "product": "Global Management System (GMS)", "added_date": "2025-04-26T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "99687a7e-3b35-4cf2-a0a3-a4169ec0149c", "vulnerability": {"vulnId": "CVE-2024-0778", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-26T00:00:00+00:00"}, "gcve": {"object_uuid": "99687a7e-3b35-4cf2-a0a3-a4169ec0149c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Uniview ISC 2500-S VM.php setNatConfig os command injection | Affected: Uniview / ISC 2500-S | CVSS: 8.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-0778", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0778"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-0778"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Uniview ISC 2500-S VM.php setNatConfig os command injection", "vendor": "Uniview", "product": "ISC 2500-S", "added_date": "2025-04-26T00:00:00.000Z", "cvss_score": 8.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "f75d5542-0892-456d-939b-c26565f6ef27", "vulnerability": {"vulnId": "CVE-2023-43795", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-26T00:00:00+00:00"}, "gcve": {"object_uuid": "f75d5542-0892-456d-939b-c26565f6ef27", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: WPS Server Side Request Forgery in GeoServer | Affected: geoserver / geoserver | CVSS: 8.6 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-43795", "url": "https://www.cve.org/CVERecord?id=CVE-2023-43795"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-43795"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WPS Server Side Request Forgery in GeoServer", "vendor": "geoserver", "product": "geoserver", "added_date": "2025-04-26T00:00:00.000Z", "cvss_score": 8.6, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "954480ce-678f-4069-b80d-f887f0848ff7", "vulnerability": {"vulnId": "CVE-2021-35250", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-26T00:00:00+00:00"}, "gcve": {"object_uuid": "954480ce-678f-4069-b80d-f887f0848ff7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Directory Transversal Vulnerability in Serv-U 15.3 | Affected: SolarWinds / Serv-U | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-35250", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35250"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-35250"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Directory Transversal Vulnerability in Serv-U 15.3", "vendor": "SolarWinds", "product": "Serv-U", "added_date": "2025-04-26T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "ef6c19bf-6639-41ea-8020-07f620ec5d79", "vulnerability": {"vulnId": "CVE-2021-40822", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-26T00:00:00+00:00"}, "gcve": {"object_uuid": "ef6c19bf-6639-41ea-8020-07f620ec5d79", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host. | Affected: GeoServer / GeoServer | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-40822", "url": "https://www.cve.org/CVERecord?id=CVE-2021-40822"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-40822"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host.", "vendor": "GeoServer", "product": "GeoServer", "added_date": "2025-04-26T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "f254490c-c04f-4d51-b7b9-e411cb559115", "vulnerability": {"vulnId": "CVE-2018-13315", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-26T00:00:00+00:00"}, "gcve": {"object_uuid": "f254490c-c04f-4d51-b7b9-e411cb559115", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an... | Affected: TOTOLINK / A3002RU | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-13315", "url": "https://www.cve.org/CVERecord?id=CVE-2018-13315"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-13315"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an...", "vendor": "TOTOLINK", "product": "A3002RU", "added_date": "2025-04-26T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "bdbd36cb-09ea-48c5-9981-130ed5351cce", "vulnerability": {"vulnId": "CVE-2018-10737", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-25T00:00:00+00:00"}, "gcve": {"object_uuid": "bdbd36cb-09ea-48c5-9981-130ed5351cce", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter. | Affected: Nagios / XI | CVSS: 7.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-10737", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10737"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-10737"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.", "vendor": "Nagios", "product": "XI", "added_date": "2025-04-25T00:00:00.000Z", "cvss_score": 7.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "4389c81d-e5c2-45b1-834b-17423b9491bb", "vulnerability": {"vulnId": "CVE-2019-19824", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-25T00:00:00+00:00"}, "gcve": {"object_uuid": "4389c81d-e5c2-45b1-834b-17423b9491bb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the... | Affected: TOTOLINK / Realtek SDK based routers | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2019-19824", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19824"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-19824"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the...", "vendor": "TOTOLINK", "product": "Realtek SDK based routers", "added_date": "2025-04-25T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "072aa794-dfdc-483b-9a34-682a2e565e47", "vulnerability": {"vulnId": "CVE-2019-5127", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-25T00:00:00+00:00"}, "gcve": {"object_uuid": "072aa794-dfdc-483b-9a34-682a2e565e47", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable... | Affected: YouPHPTube / YouPHPTube\" | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2019-5127", "url": "https://www.cve.org/CVERecord?id=CVE-2019-5127"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-5127"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable...", "vendor": "YouPHPTube", "product": "YouPHPTube\"", "added_date": "2025-04-25T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "c41f798d-828f-421e-b366-76b0f34bb063", "vulnerability": {"vulnId": "CVE-2019-5129", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-25T00:00:00+00:00"}, "gcve": {"object_uuid": "c41f798d-828f-421e-b366-76b0f34bb063", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable... | Affected: YouPHPTube / YouPHPTube | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2019-5129", "url": "https://www.cve.org/CVERecord?id=CVE-2019-5129"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-5129"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable...", "vendor": "YouPHPTube", "product": "YouPHPTube", "added_date": "2025-04-25T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "5af0d877-87d3-48ba-85e4-66ec0c880813", "vulnerability": {"vulnId": "CVE-2017-12635", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-25T00:00:00+00:00"}, "gcve": {"object_uuid": "5af0d877-87d3-48ba-85e4-66ec0c880813", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before... | Affected: Apache Software Foundation / Apache CouchDB | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2017-12635", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12635"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-12635"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before...", "vendor": "Apache Software Foundation", "product": "Apache CouchDB", "added_date": "2025-04-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "10670434-89e5-481b-96e6-134efbb7c8a6", "vulnerability": {"vulnId": "CVE-2024-11305", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-24T00:00:00+00:00"}, "gcve": {"object_uuid": "10670434-89e5-481b-96e6-134efbb7c8a6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Altenergy Power Control Software status_zigbee get_status_zigbee sql injection | Affected: Altenergy / Power Control Software | CVSS: 5.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-11305", "url": "https://www.cve.org/CVERecord?id=CVE-2024-11305"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-11305"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Altenergy Power Control Software status_zigbee get_status_zigbee sql injection", "vendor": "Altenergy", "product": "Power Control Software", "added_date": "2025-04-24T00:00:00.000Z", "cvss_score": 5.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "20b1ace4-7c02-4fe8-bd08-d4e99ba76a71", "vulnerability": {"vulnId": "CVE-2024-25735", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-24T00:00:00+00:00"}, "gcve": {"object_uuid": "20b1ace4-7c02-4fe8-bd08-d4e99ba76a71", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP... | Affected: WyreStorm / Apollo VX20 | CVSS: 9.1 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-25735", "url": "https://www.cve.org/CVERecord?id=CVE-2024-25735"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-25735"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP...", "vendor": "WyreStorm", "product": "Apollo VX20", "added_date": "2025-04-24T00:00:00.000Z", "cvss_score": 9.1, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "ff66042d-cee0-4370-a62b-864839c0910e", "vulnerability": {"vulnId": "CVE-2021-46422", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-24T00:00:00+00:00"}, "gcve": {"object_uuid": "ff66042d-cee0-4370-a62b-864839c0910e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any... | Affected: Telesquare / SDT-CW3B1 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-46422", "url": "https://www.cve.org/CVERecord?id=CVE-2021-46422"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-46422"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any...", "vendor": "Telesquare", "product": "SDT-CW3B1", "added_date": "2025-04-24T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "84509c4c-3b8d-48f5-979d-11d6830675fe", "vulnerability": {"vulnId": "CVE-2025-24893", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-24T00:00:00+00:00"}, "gcve": {"object_uuid": "84509c4c-3b8d-48f5-979d-11d6830675fe", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Remote code execution as guest via SolrSearchMacros request in xwiki | Affected: xwiki / xwiki-platform | CVSS: 9.8 (CRITICAL) | EPSS: 0.99898 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-24893", "url": "https://www.cve.org/CVERecord?id=CVE-2025-24893"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-24893"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Remote code execution as guest via SolrSearchMacros request in xwiki", "vendor": "xwiki", "product": "xwiki-platform", "added_date": "2025-04-24T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99898, "cvss_severity": "CRITICAL", "epss_percentile": 0.99963, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 404}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "1ffcf563-c272-4ee4-b916-c91ba7ee30f6", "vulnerability": {"vulnId": "CVE-2019-11248", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-24T00:00:00+00:00"}, "gcve": {"object_uuid": "1ffcf563-c272-4ee4-b916-c91ba7ee30f6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Kubernetes kubelet exposes /debug/pprof info on healthz port | Affected: Kubernetes / Kubernetes | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2019-11248", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11248"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-11248"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Kubernetes kubelet exposes /debug/pprof info on healthz port", "vendor": "Kubernetes", "product": "Kubernetes", "added_date": "2025-04-24T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "0dcbab76-39af-4da4-a354-fe233d589e85", "vulnerability": {"vulnId": "CVE-2024-0305", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-24T00:00:00+00:00"}, "gcve": {"object_uuid": "0dcbab76-39af-4da4-a354-fe233d589e85", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Guangzhou Yingke Electronic Technology Ncast Guest Login IPSetup.php information disclosure | Affected: Guangzhou Yingke Electronic Technology / Ncast | CVSS: 5.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-0305", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0305"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-0305"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Guangzhou Yingke Electronic Technology Ncast Guest Login IPSetup.php information disclosure", "vendor": "Guangzhou Yingke Electronic Technology", "product": "Ncast", "added_date": "2025-04-24T00:00:00.000Z", "cvss_score": 5.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "1dd424fd-34fa-4d3d-9268-41697b5e80fb", "vulnerability": {"vulnId": "CVE-2024-27199", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-24T00:00:00+00:00"}, "gcve": {"object_uuid": "1dd424fd-34fa-4d3d-9268-41697b5e80fb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions  was possible | Affected: JetBrains / TeamCity | CVSS: 7.3 (HIGH) | EPSS: 0.99991 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-27199", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27199"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-27199"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions  was possible", "vendor": "JetBrains", "product": "TeamCity", "added_date": "2025-04-24T00:00:00.000Z", "cvss_score": 7.3, "epss_score": 0.99991, "cvss_severity": "HIGH", "epss_percentile": 0.99985, "used_in_malware": "yes", "ahead_of_cisa_kev": {"unit": "day", "count": 404}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "83a36c18-34bb-4b5c-9488-35198b23964c", "vulnerability": {"vulnId": "CVE-2019-18394", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-24T00:00:00+00:00"}, "gcve": {"object_uuid": "83a36c18-34bb-4b5c-9488-35198b23964c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send... | Affected: Ignite Realtime / Openfire | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2019-18394", "url": "https://www.cve.org/CVERecord?id=CVE-2019-18394"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-18394"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send...", "vendor": "Ignite Realtime", "product": "Openfire", "added_date": "2025-04-24T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "204ac68f-6741-46c9-84cc-97e680296e06", "vulnerability": {"vulnId": "CVE-2024-9014", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-24T00:00:00+00:00"}, "gcve": {"object_uuid": "204ac68f-6741-46c9-84cc-97e680296e06", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: OAuth2 client id and secret exposed through the web browser in pgAdmin 4 | Affected: pgadmin.org / pgAdmin 4 | CVSS: 9.9 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-9014", "url": "https://www.cve.org/CVERecord?id=CVE-2024-9014"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-9014"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "OAuth2 client id and secret exposed through the web browser in pgAdmin 4", "vendor": "pgadmin.org", "product": "pgAdmin 4", "added_date": "2025-04-24T00:00:00.000Z", "cvss_score": 9.9, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "0fa1e6fb-1cda-4f82-9c9c-f42234e7e483", "vulnerability": {"vulnId": "CVE-2018-11759", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-24T00:00:00+00:00"}, "gcve": {"object_uuid": "0fa1e6fb-1cda-4f82-9c9c-f42234e7e483", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK... | Affected: Apache Software Foundation / Apache Tomcat Connectors | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-11759", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11759"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-11759"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK...", "vendor": "Apache Software Foundation", "product": "Apache Tomcat Connectors", "added_date": "2025-04-24T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "0b9a3277-27cb-44de-9d2b-f1f7f57019e4", "vulnerability": {"vulnId": "CVE-2024-0204", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-24T00:00:00+00:00"}, "gcve": {"object_uuid": "0b9a3277-27cb-44de-9d2b-f1f7f57019e4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Authentication Bypass in GoAnywhere MFT | Affected: Fortra / GoAnywhere MFT | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-0204", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0204"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-0204"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Authentication Bypass in GoAnywhere MFT", "vendor": "Fortra", "product": "GoAnywhere MFT", "added_date": "2025-04-24T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "d60c2d4b-8c12-43ff-830d-13dde3711296", "vulnerability": {"vulnId": "CVE-2024-10914", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-24T00:00:00+00:00"}, "gcve": {"object_uuid": "d60c2d4b-8c12-43ff-830d-13dde3711296", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L account_mgr.cgi cgi_user_add os command injection | Affected: D-Link / DNS-320, DNS-320LW, DNS-325, DNS-340L | CVSS: 9.2 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-10914", "url": "https://www.cve.org/CVERecord?id=CVE-2024-10914"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-10914"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L account_mgr.cgi cgi_user_add os command injection", "vendor": "D-Link", "product": "DNS-320, DNS-320LW, DNS-325, DNS-340L", "added_date": "2025-04-24T00:00:00.000Z", "cvss_score": 9.2, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "61900943-555f-4e5b-ae9c-6e120e40d5bc", "vulnerability": {"vulnId": "CVE-2024-27954", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-24T00:00:00+00:00"}, "gcve": {"object_uuid": "61900943-555f-4e5b-ae9c-6e120e40d5bc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: WordPress Automatic plugin <= 3.92.0 - Unauthenticated Arbitrary File Download and SSRF vulnerability | Affected: WP Automatic / Automatic | CVSS: 9.3 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-27954", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27954"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-27954"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WordPress Automatic plugin <= 3.92.0 - Unauthenticated Arbitrary File Download and SSRF vulnerability", "vendor": "WP Automatic", "product": "Automatic", "added_date": "2025-04-24T00:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "510359de-d70c-49e2-9f84-86f56600699f", "vulnerability": {"vulnId": "CVE-2018-10379", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-23T21:33:20+00:00"}, "gcve": {"object_uuid": "510359de-d70c-49e2-9f84-86f56600699f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-23T21:33:20+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-23T21:33:20+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2.... | Affected: GitLab / GitLab Community Edition (CE), GitLab Enterprise Edition (EE) | CVSS: 6.1 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-10379", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10379"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-10379"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2....", "vendor": "GitLab", "product": "GitLab Community Edition (CE), GitLab Enterprise Edition (EE)", "added_date": "2025-04-23T21:33:20.000Z", "cvss_score": 6.1, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "1d57717c-3f93-42c3-9156-8e0f722a5b46", "vulnerability": {"vulnId": "CVE-2024-0352", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-23T00:00:00+00:00"}, "gcve": {"object_uuid": "1d57717c-3f93-42c3-9156-8e0f722a5b46", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Likeshop HTTP POST Request File.php userFormImage unrestricted upload | Affected: Likeshop / Likeshop | CVSS: 7.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-0352", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0352"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-0352"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Likeshop HTTP POST Request File.php userFormImage unrestricted upload", "vendor": "Likeshop", "product": "Likeshop", "added_date": "2025-04-23T00:00:00.000Z", "cvss_score": 7.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "106f79e1-8710-4288-b2a4-ac808f9f3c6f", "vulnerability": {"vulnId": "CVE-2023-37679", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-23T00:00:00+00:00"}, "gcve": {"object_uuid": "106f79e1-8710-4288-b2a4-ac808f9f3c6f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server. | Affected: NextGen Healthcare / Mirth Connect | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-37679", "url": "https://www.cve.org/CVERecord?id=CVE-2023-37679"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-37679"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.", "vendor": "NextGen Healthcare", "product": "Mirth Connect", "added_date": "2025-04-23T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "b22119b7-4070-4bb5-b973-b2666eca7f08", "vulnerability": {"vulnId": "CVE-2022-39952", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-23T00:00:00+00:00"}, "gcve": {"object_uuid": "b22119b7-4070-4bb5-b973-b2666eca7f08", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0... | Affected: Fortinet / FortiNAC | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-39952", "url": "https://www.cve.org/CVERecord?id=CVE-2022-39952"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-39952"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0...", "vendor": "Fortinet", "product": "FortiNAC", "added_date": "2025-04-23T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "fb43caa3-42b1-4516-9556-ff53ec30d4a3", "vulnerability": {"vulnId": "CVE-2010-0219", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-23T00:00:00+00:00"}, "gcve": {"object_uuid": "fb43caa3-42b1-4516-9556-ff53ec30d4a3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of... | Affected: Apache / Axis2 | CVSS: 10.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2010-0219", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0219"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2010-0219"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of...", "vendor": "Apache", "product": "Axis2", "added_date": "2025-04-23T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "3dc7e3fe-78df-4c67-938a-3911e27d4704", "vulnerability": {"vulnId": "CVE-2022-29383", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-22T00:00:00+00:00"}, "gcve": {"object_uuid": "3dc7e3fe-78df-4c67-938a-3911e27d4704", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-22T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-22T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at... | Affected: NETGEAR / ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-29383", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29383"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-29383"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at...", "vendor": "NETGEAR", "product": "ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3", "added_date": "2025-04-22T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "445f7d3f-2cc3-42e2-89ef-43c05b84a8b0", "vulnerability": {"vulnId": "CVE-2021-21307", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-22T00:00:00+00:00"}, "gcve": {"object_uuid": "445f7d3f-2cc3-42e2-89ef-43c05b84a8b0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-22T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-22T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Remote Code Exploit in Lucee Admin | Affected: lucee / Lucee | CVSS: 8.6 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-21307", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21307"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-21307"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Remote Code Exploit in Lucee Admin", "vendor": "lucee", "product": "Lucee", "added_date": "2025-04-22T00:00:00.000Z", "cvss_score": 8.6, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "b11a9ac1-91c3-4907-af05-f453e66a0f10", "vulnerability": {"vulnId": "CVE-2021-21978", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-22T00:00:00+00:00"}, "gcve": {"object_uuid": "b11a9ac1-91c3-4907-af05-f453e66a0f10", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-22T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-22T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of... | Affected: VMware / VMware View Planner | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-21978", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21978"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-21978"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of...", "vendor": "VMware", "product": "VMware View Planner", "added_date": "2025-04-22T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "2bc1e1fc-28a8-40d9-81b7-bd92e9cc3446", "vulnerability": {"vulnId": "CVE-2025-24054", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-17T00:00:00+00:00"}, "gcve": {"object_uuid": "2bc1e1fc-28a8-40d9-81b7-bd92e9cc3446", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-17T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-17T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: NTLM Hash Disclosure Spoofing Vulnerability | Affected: Microsoft / Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-24054", "url": "https://www.cve.org/CVERecord?id=CVE-2025-24054"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-24054"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "NTLM Hash Disclosure Spoofing Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2025-04-17T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7f8e9246-5a70-4b8b-9552-6ae3925bf576", "vulnerability": {"vulnId": "CVE-2025-31201", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-17T00:00:00+00:00"}, "gcve": {"object_uuid": "7f8e9246-5a70-4b8b-9552-6ae3925bf576", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-17T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-17T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1,... | Affected: Apple / iOS and iPadOS, macOS, tvOS, visionOS | CVSS: 6.8 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-31201", "url": "https://www.cve.org/CVERecord?id=CVE-2025-31201"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-31201"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1,...", "vendor": "Apple", "product": "iOS and iPadOS, macOS, tvOS, visionOS", "added_date": "2025-04-17T00:00:00.000Z", "cvss_score": 6.8, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c4ea3f14-c0f2-4f59-bf6a-ced12df93fa6", "vulnerability": {"vulnId": "CVE-2025-31200", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-17T00:00:00+00:00"}, "gcve": {"object_uuid": "c4ea3f14-c0f2-4f59-bf6a-ced12df93fa6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-17T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-17T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1,... | Affected: Apple / iOS and iPadOS, macOS, tvOS, visionOS, watchOS | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-31200", "url": "https://www.cve.org/CVERecord?id=CVE-2025-31200"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-31200"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1,...", "vendor": "Apple", "product": "iOS and iPadOS, macOS, tvOS, visionOS, watchOS", "added_date": "2025-04-17T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9a71c7ec-751d-4dc3-9a85-eadc645219d9", "vulnerability": {"vulnId": "CVE-2021-20035", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-16T00:00:00+00:00"}, "gcve": {"object_uuid": "9a71c7ec-751d-4dc3-9a85-eadc645219d9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-16T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-16T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands... | Affected: SonicWall / SMA100 | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-20035", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20035"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-20035"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands...", "vendor": "SonicWall", "product": "SMA100", "added_date": "2025-04-16T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "289c84bf-367b-478d-a58d-390f3c0a2831", "vulnerability": {"vulnId": "CVE-2025-3102", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-09T09:38:42+00:00"}, "gcve": {"object_uuid": "289c84bf-367b-478d-a58d-390f3c0a2831", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-09T09:38:42+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-09T09:38:42+00:00"}, "scope": {"notes": "KEVIntel entry: SureTriggers <= 1.0.78 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Creation | Affected: brainstormforce / OttoKit: All-in-One Automation Platform (Formerly SureTriggers) | CVSS: 8.1 (HIGH) | EPSS: 0.00207 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-3102", "url": "https://www.cve.org/CVERecord?id=CVE-2025-3102"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-3102"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SureTriggers <= 1.0.78 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Creation", "vendor": "brainstormforce", "product": "OttoKit: All-in-One Automation Platform (Formerly SureTriggers)", "added_date": "2025-04-09T09:38:42.000Z", "cvss_score": 8.1, "epss_score": 0.00207, "cvss_severity": "HIGH", "epss_percentile": 0.43426, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "2ba49de2-3f26-4d67-95b9-6ee5ea869cab", "vulnerability": {"vulnId": "CVE-2024-53150", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-09T00:00:00+00:00"}, "gcve": {"object_uuid": "2ba49de2-3f26-4d67-95b9-6ee5ea869cab", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-09T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-09T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: ALSA: usb-audio: Fix out of bounds reads when finding clock sources | Affected: Linux / Linux | CVSS: 7.1 (HIGH) | EPSS: 0.01254 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-53150", "url": "https://www.cve.org/CVERecord?id=CVE-2024-53150"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-53150"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "ALSA: usb-audio: Fix out of bounds reads when finding clock sources", "vendor": "Linux", "product": "Linux", "added_date": "2025-04-09T00:00:00.000Z", "cvss_score": 7.1, "epss_score": 0.01254, "cvss_severity": "HIGH", "epss_percentile": 0.65587, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3d2da295-e3a9-437a-a1f0-83243c1dd6df", "vulnerability": {"vulnId": "CVE-2024-53197", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-09T00:00:00+00:00"}, "gcve": {"object_uuid": "3d2da295-e3a9-437a-a1f0-83243c1dd6df", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-09T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-09T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices | Affected: Linux / Linux | CVSS: 7.8 (HIGH) | EPSS: 0.03558 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-53197", "url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-53197"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices", "vendor": "Linux", "product": "Linux", "added_date": "2025-04-09T00:00:00.000Z", "cvss_score": 7.8, "epss_score": 0.03558, "cvss_severity": "HIGH", "epss_percentile": 0.87829, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a58b9d82-745a-44d8-8a73-3ea009d66d54", "vulnerability": {"vulnId": "CVE-2025-30406", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-08T00:00:00+00:00"}, "gcve": {"object_uuid": "a58b9d82-745a-44d8-8a73-3ea009d66d54", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's... | Affected: Gladinet / CentreStack | CVSS: 9.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-30406", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30406"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-30406"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's...", "vendor": "Gladinet", "product": "CentreStack", "added_date": "2025-04-08T00:00:00.000Z", "cvss_score": 9.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "716653a9-d348-4c6a-a1d9-125066222fa8", "vulnerability": {"vulnId": "CVE-2025-29824", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-08T00:00:00+00:00"}, "gcve": {"object_uuid": "716653a9-d348-4c6a-a1d9-125066222fa8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Common Log File System Driver Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-29824", "url": "https://www.cve.org/CVERecord?id=CVE-2025-29824"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-29824"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2025-04-08T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5f2aa91c-6fe2-4ac6-b7e8-98bc2610a28e", "vulnerability": {"vulnId": "CVE-2025-31161", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-07T00:00:00+00:00"}, "gcve": {"object_uuid": "5f2aa91c-6fe2-4ac6-b7e8-98bc2610a28e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unless a DMZ proxy instance is... | Affected: CrushFTP / CrushFTP | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-31161", "url": "https://www.cve.org/CVERecord?id=CVE-2025-31161"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-31161"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unless a DMZ proxy instance is...", "vendor": "CrushFTP", "product": "CrushFTP", "added_date": "2025-04-07T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "133b328d-4cdb-4462-8795-e3c2399051b6", "vulnerability": {"vulnId": "CVE-2025-22457", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-04T00:00:00+00:00"}, "gcve": {"object_uuid": "133b328d-4cdb-4462-8795-e3c2399051b6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-04T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA... | Affected: Ivanti / Connect Secure, Policy Secure, Neurons for ZTA gateways | CVSS: 9.0 (CRITICAL) | EPSS: 0.10245 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-22457", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22457"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-22457"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA...", "vendor": "Ivanti", "product": "Connect Secure, Policy Secure, Neurons for ZTA gateways", "added_date": "2025-04-04T00:00:00.000Z", "cvss_score": 9.0, "epss_score": 0.10245, "cvss_severity": "CRITICAL", "epss_percentile": 0.92686, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "345aeed8-f17a-413a-9bff-5520e2f4e687", "vulnerability": {"vulnId": "CVE-2025-24813", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-01T00:00:00+00:00"}, "gcve": {"object_uuid": "345aeed8-f17a-413a-9bff-5520e2f4e687", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-01T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-04-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT | Affected: Apache Software Foundation / Apache Tomcat | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-24813", "url": "https://www.cve.org/CVERecord?id=CVE-2025-24813"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-24813"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT", "vendor": "Apache Software Foundation", "product": "Apache Tomcat", "added_date": "2025-04-01T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "dd0ac07e-096a-436a-bed7-a22cc3f6bf0b", "vulnerability": {"vulnId": "CVE-2024-20439", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-31T00:00:00+00:00"}, "gcve": {"object_uuid": "dd0ac07e-096a-436a-bed7-a22cc3f6bf0b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-31T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-03-31T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a... | Affected: Cisco / Cisco Smart License Utility | CVSS: 9.8 (CRITICAL) | EPSS: 0.9201 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-20439", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20439"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-20439"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a...", "vendor": "Cisco", "product": "Cisco Smart License Utility", "added_date": "2025-03-31T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.9201, "cvss_severity": "CRITICAL", "epss_percentile": 0.99807, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b5b53aff-dfcd-4c1b-9631-3e44f713c3e5", "vulnerability": {"vulnId": "CVE-2025-2783", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-27T00:00:00+00:00"}, "gcve": {"object_uuid": "b5b53aff-dfcd-4c1b-9631-3e44f713c3e5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-27T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-03-27T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to... | Affected: Google / Chrome | CVSS: 8.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-2783", "url": "https://www.cve.org/CVERecord?id=CVE-2025-2783"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-2783"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to...", "vendor": "Google", "product": "Chrome", "added_date": "2025-03-27T00:00:00.000Z", "cvss_score": 8.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0cb28347-d6a0-43f2-bfa7-50df601b2842", "vulnerability": {"vulnId": "CVE-2019-9875", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-26T00:00:00+00:00"}, "gcve": {"object_uuid": "0cb28347-d6a0-43f2-bfa7-50df601b2842", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-03-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by... | Affected: Sitecore / Sitecore CMS | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-9875", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9875"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-9875"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by...", "vendor": "Sitecore", "product": "Sitecore CMS", "added_date": "2025-03-26T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "96fade59-e1db-4fbb-ada3-50ac56871c16", "vulnerability": {"vulnId": "CVE-2019-9874", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-26T00:00:00+00:00"}, "gcve": {"object_uuid": "96fade59-e1db-4fbb-ada3-50ac56871c16", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-03-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2... | Affected: Sitecore / CMS | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-9874", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9874"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-9874"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2...", "vendor": "Sitecore", "product": "CMS", "added_date": "2025-03-26T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "23a52905-01f4-416d-9e99-d8b9f788e06e", "vulnerability": {"vulnId": "CVE-2025-30154", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-24T00:00:00+00:00"}, "gcve": {"object_uuid": "23a52905-01f4-416d-9e99-d8b9f788e06e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-03-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Multiple Reviewdog actions were compromised during a specific time period | Affected: reviewdog / reviewdog | CVSS: 8.6 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-30154", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30154"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-30154"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Multiple Reviewdog actions were compromised during a specific time period", "vendor": "reviewdog", "product": "reviewdog", "added_date": "2025-03-24T00:00:00.000Z", "cvss_score": 8.6, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "14c06f14-50e9-47c9-9cf8-a9e70a647913", "vulnerability": {"vulnId": "CVE-2025-30349", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-21T00:00:00+00:00"}, "gcve": {"object_uuid": "14c06f14-50e9-47c9-9cf8-a9e70a647913", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-03-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted... | Affected: Horde / IMP | CVSS: 7.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-30349", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30349"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-30349"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted...", "vendor": "Horde", "product": "IMP", "added_date": "2025-03-21T00:00:00.000Z", "cvss_score": 7.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "32d0edd7-e7b3-4795-a534-24e904df6f00", "vulnerability": {"vulnId": "CVE-2025-30259", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-19T00:00:00+00:00"}, "gcve": {"object_uuid": "32d0edd7-e7b3-4795-a534-24e904df6f00", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-19T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-03-19T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The WhatsApp cloud service before late 2024 did not block certain crafted PDF content that can defeat a sandbox protection mechanism and... | Affected: Meta / WhatsApp cloud service | CVSS: 3.5 (LOW) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2025-30259", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30259"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-30259"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The WhatsApp cloud service before late 2024 did not block certain crafted PDF content that can defeat a sandbox protection mechanism and...", "vendor": "Meta", "product": "WhatsApp cloud service", "added_date": "2025-03-19T00:00:00.000Z", "cvss_score": 3.5, "epss_score": null, "cvss_severity": "LOW", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "d07645de-9679-4086-a5ae-57783dd97dd9", "vulnerability": {"vulnId": "CVE-2017-12637", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-19T00:00:00+00:00"}, "gcve": {"object_uuid": "d07645de-9679-4086-a5ae-57783dd97dd9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-19T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-03-19T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote... | Affected: SAP / NetWeaver Application Server Java | CVSS: 7.5 (HIGH) | EPSS: 0.94557 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-12637", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12637"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-12637"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote...", "vendor": "SAP", "product": "NetWeaver Application Server Java", "added_date": "2025-03-19T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.94557, "cvss_severity": "HIGH", "epss_percentile": 0.99844, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4270ce44-23b0-444a-8729-cceaa79db38f", "vulnerability": {"vulnId": "CVE-2024-48248", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-19T00:00:00+00:00"}, "gcve": {"object_uuid": "4270ce44-23b0-444a-8729-cceaa79db38f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-19T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-03-19T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router (this may lead to... | Affected: NAKIVO / Backup & Replication Director | CVSS: 8.6 (HIGH) | EPSS: 0.93995 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-48248", "url": "https://www.cve.org/CVERecord?id=CVE-2024-48248"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-48248"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router (this may lead to...", "vendor": "NAKIVO", "product": "Backup & Replication Director", "added_date": "2025-03-19T00:00:00.000Z", "cvss_score": 8.6, "epss_score": 0.93995, "cvss_severity": "HIGH", "epss_percentile": 0.99835, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "045362ce-c840-4f57-9c8c-79ae420c78b1", "vulnerability": {"vulnId": "CVE-2025-1316", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-19T00:00:00+00:00"}, "gcve": {"object_uuid": "045362ce-c840-4f57-9c8c-79ae420c78b1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-19T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-03-19T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Edimax IC-7100 IP Camera OS Command Injection | Affected: Edimax / IC-7100 IP Camera | CVSS: 9.3 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-1316", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1316"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-1316"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Edimax IC-7100 IP Camera OS Command Injection", "vendor": "Edimax", "product": "IC-7100 IP Camera", "added_date": "2025-03-19T00:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "19cfd110-7666-45e6-aa59-eccb7b49ff12", "vulnerability": {"vulnId": "CVE-2025-30066", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-18T00:00:00+00:00"}, "gcve": {"object_uuid": "19cfd110-7666-45e6-aa59-eccb7b49ff12", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-03-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected... | Affected: tj-actions / changed-files | CVSS: 8.6 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-30066", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30066"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-30066"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected...", "vendor": "tj-actions", "product": "changed-files", "added_date": "2025-03-18T00:00:00.000Z", "cvss_score": 8.6, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2ebd1a57-c328-40be-aa99-da97167fae8d", "vulnerability": {"vulnId": "CVE-2025-24472", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-18T00:00:00+00:00"}, "gcve": {"object_uuid": "2ebd1a57-c328-40be-aa99-da97167fae8d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-03-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An\u00a0Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy... | Affected: Fortinet / FortiProxy, FortiOS | CVSS: 8.1 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-24472", "url": "https://www.cve.org/CVERecord?id=CVE-2025-24472"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-24472"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An\u00a0Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy...", "vendor": "Fortinet", "product": "FortiProxy, FortiOS", "added_date": "2025-03-18T00:00:00.000Z", "cvss_score": 8.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7a048dcf-9777-4512-b441-a65205cc2d4b", "vulnerability": {"vulnId": "CVE-2025-24201", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-13T00:00:00+00:00"}, "gcve": {"object_uuid": "7a048dcf-9777-4512-b441-a65205cc2d4b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-03-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, iOS 15.8.4... | Affected: Apple / Safari, iOS and iPadOS, iPadOS, macOS, visionOS, watchOS | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-24201", "url": "https://www.cve.org/CVERecord?id=CVE-2025-24201"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-24201"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, iOS 15.8.4...", "vendor": "Apple", "product": "Safari, iOS and iPadOS, iPadOS, macOS, visionOS, watchOS", "added_date": "2025-03-13T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "10d1398e-d175-4f1b-94b9-68d1629695a2", "vulnerability": {"vulnId": "CVE-2025-21590", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-13T00:00:00+00:00"}, "gcve": {"object_uuid": "10d1398e-d175-4f1b-94b9-68d1629695a2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-03-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Junos OS: An local attacker with shell access can execute arbitrary code | Affected: Juniper Networks / Junos OS | CVSS: 6.7 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-21590", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21590"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-21590"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Junos OS: An local attacker with shell access can execute arbitrary code", "vendor": "Juniper Networks", "product": "Junos OS", "added_date": "2025-03-13T00:00:00.000Z", "cvss_score": 6.7, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7c70b1dc-9e78-4535-b6ff-b273e4b9d589", "vulnerability": {"vulnId": "CVE-2025-24985", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-11T00:00:00+00:00"}, "gcve": {"object_uuid": "7c70b1dc-9e78-4535-b6ff-b273e4b9d589", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-03-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Fast FAT File System Driver Remote Code Execution Vulnerability | Affected: Microsoft / Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-24985", "url": "https://www.cve.org/CVERecord?id=CVE-2025-24985"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-24985"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Fast FAT File System Driver Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2025-03-11T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "057d0f99-d34f-4039-92fe-5a821f8336e4", "vulnerability": {"vulnId": "CVE-2025-24993", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-11T00:00:00+00:00"}, "gcve": {"object_uuid": "057d0f99-d34f-4039-92fe-5a821f8336e4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-03-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows NTFS Remote Code Execution Vulnerability | Affected: Microsoft / Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-24993", "url": "https://www.cve.org/CVERecord?id=CVE-2025-24993"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-24993"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows NTFS Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2025-03-11T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b500278e-534f-46fb-bf37-0c01be36bd1b", "vulnerability": {"vulnId": "CVE-2025-24991", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-11T00:00:00+00:00"}, "gcve": {"object_uuid": "b500278e-534f-46fb-bf37-0c01be36bd1b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-03-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows NTFS Information Disclosure Vulnerability | Affected: Microsoft / Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 5.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-24991", "url": "https://www.cve.org/CVERecord?id=CVE-2025-24991"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-24991"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows NTFS Information Disclosure Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2025-03-11T00:00:00.000Z", "cvss_score": 5.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "363332f1-b842-4c76-868e-9ccde8ab7dd7", "vulnerability": {"vulnId": "CVE-2025-24984", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-11T00:00:00+00:00"}, "gcve": {"object_uuid": "363332f1-b842-4c76-868e-9ccde8ab7dd7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-03-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows NTFS Information Disclosure Vulnerability | Affected: Microsoft / Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 4.6 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-24984", "url": "https://www.cve.org/CVERecord?id=CVE-2025-24984"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-24984"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows NTFS Information Disclosure Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2025-03-11T00:00:00.000Z", "cvss_score": 4.6, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "79b8a6e9-ffc0-48f3-9bd0-d49f93819896", "vulnerability": {"vulnId": "CVE-2025-26633", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-11T00:00:00+00:00"}, "gcve": {"object_uuid": "79b8a6e9-ffc0-48f3-9bd0-d49f93819896", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-03-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Management Console Security Feature Bypass Vulnerability | Affected: Microsoft / Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 7.0 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-26633", "url": "https://www.cve.org/CVERecord?id=CVE-2025-26633"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-26633"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Management Console Security Feature Bypass Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2025-03-11T00:00:00.000Z", "cvss_score": 7.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "de621018-ab4c-4022-a5ee-484fe762ca4f", "vulnerability": {"vulnId": "CVE-2025-24983", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-11T00:00:00+00:00"}, "gcve": {"object_uuid": "de621018-ab4c-4022-a5ee-484fe762ca4f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-03-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation) | CVSS: 7.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-24983", "url": "https://www.cve.org/CVERecord?id=CVE-2025-24983"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-24983"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation)", "added_date": "2025-03-11T00:00:00.000Z", "cvss_score": 7.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8151c3d2-a60c-47a9-8dcf-9c87eb4d85f4", "vulnerability": {"vulnId": "CVE-2024-13159", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-10T00:00:00+00:00"}, "gcve": {"object_uuid": "8151c3d2-a60c-47a9-8dcf-9c87eb4d85f4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-03-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote... | Affected: Ivanti / Endpoint Manager | CVSS: 9.8 (CRITICAL) | EPSS: 0.99762 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-13159", "url": "https://www.cve.org/CVERecord?id=CVE-2024-13159"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-13159"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote...", "vendor": "Ivanti", "product": "Endpoint Manager", "added_date": "2025-03-10T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99762, "cvss_severity": "CRITICAL", "epss_percentile": 0.99955, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "fada866e-e494-485e-8542-00a9fd29995b", "vulnerability": {"vulnId": "CVE-2024-57968", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-10T00:00:00+00:00"}, "gcve": {"object_uuid": "fada866e-e494-485e-8542-00a9fd29995b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-03-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during... | Affected: Advantive / VeraCore | CVSS: 9.9 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-57968", "url": "https://www.cve.org/CVERecord?id=CVE-2024-57968"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-57968"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during...", "vendor": "Advantive", "product": "VeraCore", "added_date": "2025-03-10T00:00:00.000Z", "cvss_score": 9.9, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6fd4faf4-5954-48b2-84e8-8da3d86a38e2", "vulnerability": {"vulnId": "CVE-2025-25181", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-10T00:00:00+00:00"}, "gcve": {"object_uuid": "6fd4faf4-5954-48b2-84e8-8da3d86a38e2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-03-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL... | Affected: Advantive / VeraCore | CVSS: 5.8 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-25181", "url": "https://www.cve.org/CVERecord?id=CVE-2025-25181"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-25181"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL...", "vendor": "Advantive", "product": "VeraCore", "added_date": "2025-03-10T00:00:00.000Z", "cvss_score": 5.8, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d7d05ae0-82e4-4584-b700-ebed026f93d9", "vulnerability": {"vulnId": "CVE-2024-13160", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-10T00:00:00+00:00"}, "gcve": {"object_uuid": "d7d05ae0-82e4-4584-b700-ebed026f93d9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-03-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote... | Affected: Ivanti / Endpoint Manager | CVSS: 9.8 (CRITICAL) | EPSS: 0.89738 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-13160", "url": "https://www.cve.org/CVERecord?id=CVE-2024-13160"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-13160"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote...", "vendor": "Ivanti", "product": "Endpoint Manager", "added_date": "2025-03-10T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.89738, "cvss_severity": "CRITICAL", "epss_percentile": 0.99774, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ff9ec1a6-910d-48ba-a28d-2245ebed9763", "vulnerability": {"vulnId": "CVE-2024-13161", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-10T00:00:00+00:00"}, "gcve": {"object_uuid": "ff9ec1a6-910d-48ba-a28d-2245ebed9763", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-03-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote... | Affected: Ivanti / Endpoint Manager | CVSS: 9.8 (CRITICAL) | EPSS: 0.88518 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-13161", "url": "https://www.cve.org/CVERecord?id=CVE-2024-13161"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-13161"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote...", "vendor": "Ivanti", "product": "Endpoint Manager", "added_date": "2025-03-10T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.88518, "cvss_severity": "CRITICAL", "epss_percentile": 0.99753, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "52212ad4-74b1-4a8c-bfe9-a7f6ba04a0eb", "vulnerability": {"vulnId": "CVE-2024-50302", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-04T00:00:00+00:00"}, "gcve": {"object_uuid": "52212ad4-74b1-4a8c-bfe9-a7f6ba04a0eb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-04T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-03-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: HID: core: zero-initialize the report buffer | Affected: Linux / Linux | CVSS: 5.5 (MEDIUM) | EPSS: 0.00809 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-50302", "url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-50302"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "HID: core: zero-initialize the report buffer", "vendor": "Linux", "product": "Linux", "added_date": "2025-03-04T00:00:00.000Z", "cvss_score": 5.5, "epss_score": 0.00809, "cvss_severity": "MEDIUM", "epss_percentile": 0.5206, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "06c4e00d-ad18-42b3-9712-cc0a1c101f05", "vulnerability": {"vulnId": "CVE-2025-22224", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-04T00:00:00+00:00"}, "gcve": {"object_uuid": "06c4e00d-ad18-42b3-9712-cc0a1c101f05", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-04T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-03-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: VMware ESXi, and Workstation\u00a0contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write.\u00a0A malicious... | Affected: VMware / ESXi, Workstation, VMware Cloud Foundation, Telco Cloud Platform, Telco Cloud Infrastructure | CVSS: 9.3 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-22224", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22224"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-22224"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "VMware ESXi, and Workstation\u00a0contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write.\u00a0A malicious...", "vendor": "VMware", "product": "ESXi, Workstation, VMware Cloud Foundation, Telco Cloud Platform, Telco Cloud Infrastructure", "added_date": "2025-03-04T00:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d7e2172e-285d-4b85-818b-9cf7acf2edc8", "vulnerability": {"vulnId": "CVE-2025-22226", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-04T00:00:00+00:00"}, "gcve": {"object_uuid": "d7e2172e-285d-4b85-818b-9cf7acf2edc8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-04T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-03-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: VMware ESXi, Workstation, and Fusion contain\u00a0an information disclosure vulnerability due to an out-of-bounds read in HGFS.\u00a0A malicious... | Affected: VMware / ESXi, VMware Workstation, VMware Fusion, VMware Cloud Foundation, VMware Telco Cloud Platform, VMware Telco Cloud Infrastructure | CVSS: 7.1 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-22226", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22226"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-22226"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "VMware ESXi, Workstation, and Fusion contain\u00a0an information disclosure vulnerability due to an out-of-bounds read in HGFS.\u00a0A malicious...", "vendor": "VMware", "product": "ESXi, VMware Workstation, VMware Fusion, VMware Cloud Foundation, VMware Telco Cloud Platform, VMware Telco Cloud Infrastructure", "added_date": "2025-03-04T00:00:00.000Z", "cvss_score": 7.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5d942a44-739b-4668-864f-db6137a0d293", "vulnerability": {"vulnId": "CVE-2025-22225", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-04T00:00:00+00:00"}, "gcve": {"object_uuid": "5d942a44-739b-4668-864f-db6137a0d293", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-04T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-03-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: VMware ESXi contains an arbitrary write\u00a0vulnerability.\u00a0A malicious actor with privileges within the VMX process may trigger an arbitrary... | Affected: VMware / VMware ESXi, VMware Cloud Foundation, VMware Telco Cloud Platform, VMware Telco Cloud Infrastructure | CVSS: 8.2 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-22225", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22225"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-22225"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "VMware ESXi contains an arbitrary write\u00a0vulnerability.\u00a0A malicious actor with privileges within the VMX process may trigger an arbitrary...", "vendor": "VMware", "product": "VMware ESXi, VMware Cloud Foundation, VMware Telco Cloud Platform, VMware Telco Cloud Infrastructure", "added_date": "2025-03-04T00:00:00.000Z", "cvss_score": 8.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "49e9a591-50bd-436e-8464-e07e9320ec0c", "vulnerability": {"vulnId": "CVE-2022-43939", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "49e9a591-50bd-436e-8464-e07e9320ec0c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Hitachi Vantara Pentaho Business Analytics Server - Use of Non-Canonical URL Paths for Authorization Decisions | Affected: Hitachi Vantara / Pentaho Business Analytics Server | CVSS: 8.6 (HIGH) | EPSS: 0.92266 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-43939", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43939"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-43939"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Hitachi Vantara Pentaho Business Analytics Server - Use of Non-Canonical URL Paths for Authorization Decisions", "vendor": "Hitachi Vantara", "product": "Pentaho Business Analytics Server", "added_date": "2025-03-03T00:00:00.000Z", "cvss_score": 8.6, "epss_score": 0.92266, "cvss_severity": "HIGH", "epss_percentile": 0.9981, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "40018ecd-fe2c-43b6-a4d4-9f022d3c51d1", "vulnerability": {"vulnId": "CVE-2022-43769", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "40018ecd-fe2c-43b6-a4d4-9f022d3c51d1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Hitachi Vantara Pentaho Business Analytics Server - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) | Affected: Hitachi Vantara / Pentaho Business Analytics Server | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-43769", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43769"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-43769"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Hitachi Vantara Pentaho Business Analytics Server - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)", "vendor": "Hitachi Vantara", "product": "Pentaho Business Analytics Server", "added_date": "2025-03-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "46adb466-1996-4329-b65c-8feb816563e0", "vulnerability": {"vulnId": "CVE-2018-8639", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "46adb466-1996-4329-b65c-8feb816563e0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \"Win32k... | Affected: Microsoft / Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-8639", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8639"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-8639"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \"Win32k...", "vendor": "Microsoft", "product": "Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers", "added_date": "2025-03-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "dcd58de9-87c8-4e82-814c-817a3890e37a", "vulnerability": {"vulnId": "CVE-2023-20118", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "dcd58de9-87c8-4e82-814c-817a3890e37a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could... | Affected: Cisco / Cisco Small Business RV Series Router Firmware | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-20118", "url": "https://www.cve.org/CVERecord?id=CVE-2023-20118"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-20118"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could...", "vendor": "Cisco", "product": "Cisco Small Business RV Series Router Firmware", "added_date": "2025-03-03T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "64d1c8a2-a7ae-4129-874a-e038a77b0753", "vulnerability": {"vulnId": "CVE-2024-4885", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "64d1c8a2-a7ae-4129-874a-e038a77b0753", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: WhatsUp Gold GetFileWithoutZip Directory Traversal Remote Code Execution Vulnerability | Affected: Progress Software Corporation / WhatsUp Gold | CVSS: 9.8 (CRITICAL) | EPSS: 0.99288 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-4885", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4885"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-4885"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WhatsUp Gold GetFileWithoutZip Directory Traversal Remote Code Execution Vulnerability", "vendor": "Progress Software Corporation", "product": "WhatsUp Gold", "added_date": "2025-03-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99288, "cvss_severity": "CRITICAL", "epss_percentile": 0.99932, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d99af556-32e3-4384-83b8-4cfbbaa7a6d7", "vulnerability": {"vulnId": "CVE-2023-34192", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-25T00:00:00+00:00"}, "gcve": {"object_uuid": "d99af556-32e3-4384-83b8-4cfbbaa7a6d7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-02-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to... | Affected: Zimbra / Zimbra Collaboration Suite | CVSS: 9.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-34192", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34192"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-34192"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to...", "vendor": "Zimbra", "product": "Zimbra Collaboration Suite", "added_date": "2025-02-25T00:00:00.000Z", "cvss_score": 9.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "427a591b-fc68-4217-9194-a13aef3141de", "vulnerability": {"vulnId": "CVE-2024-49035", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-25T00:00:00+00:00"}, "gcve": {"object_uuid": "427a591b-fc68-4217-9194-a13aef3141de", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-02-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Partner.Microsoft.Com Elevation of Privilege Vulnerability | Affected: Microsoft / Microsoft Partner Center | CVSS: 8.7 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-49035", "url": "https://www.cve.org/CVERecord?id=CVE-2024-49035"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-49035"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Partner.Microsoft.Com Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Microsoft Partner Center", "added_date": "2025-02-25T00:00:00.000Z", "cvss_score": 8.7, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f96f66a0-d2eb-478a-b73a-71469b89a8f8", "vulnerability": {"vulnId": "CVE-2024-20953", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-24T00:00:00+00:00"}, "gcve": {"object_uuid": "f96f66a0-d2eb-478a-b73a-71469b89a8f8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-02-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export).   The supported version that is affected is 9.3.6. Easily... | Affected: Oracle Corporation / Agile PLM Framework | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-20953", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20953"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-20953"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export).   The supported version that is affected is 9.3.6. Easily...", "vendor": "Oracle Corporation", "product": "Agile PLM Framework", "added_date": "2025-02-24T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "adb0deaf-5897-4ad7-8138-b462cb4da23e", "vulnerability": {"vulnId": "CVE-2017-3066", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-24T00:00:00+00:00"}, "gcve": {"object_uuid": "adb0deaf-5897-4ad7-8138-b462cb4da23e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-02-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java deserialization... | Affected: Adobe / Adobe ColdFusion ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-3066", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3066"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-3066"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java deserialization...", "vendor": "Adobe", "product": "Adobe ColdFusion ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier", "added_date": "2025-02-24T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e536b2a7-8c8d-442e-91bc-3a4ca46468b4", "vulnerability": {"vulnId": "CVE-2025-24989", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-21T00:00:00+00:00"}, "gcve": {"object_uuid": "e536b2a7-8c8d-442e-91bc-3a4ca46468b4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-02-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Power Pages Elevation of Privilege Vulnerability | Affected: Microsoft / Microsoft Power Pages | CVSS: 8.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-24989", "url": "https://www.cve.org/CVERecord?id=CVE-2025-24989"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-24989"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Power Pages Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Microsoft Power Pages", "added_date": "2025-02-21T00:00:00.000Z", "cvss_score": 8.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "dcdf1c85-1324-49d1-b3c5-9aa938453fa9", "vulnerability": {"vulnId": "CVE-2025-23209", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-20T00:00:00+00:00"}, "gcve": {"object_uuid": "dcdf1c85-1324-49d1-b3c5-9aa938453fa9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-20T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-02-20T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Potential RCE with a compromised security key in craft/cms | Affected: craftcms / cms | CVSS: 8.1 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-23209", "url": "https://www.cve.org/CVERecord?id=CVE-2025-23209"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-23209"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Potential RCE with a compromised security key in craft/cms", "vendor": "craftcms", "product": "cms", "added_date": "2025-02-20T00:00:00.000Z", "cvss_score": 8.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c7293a52-9f5c-4bda-bb89-14c149a5d7fd", "vulnerability": {"vulnId": "CVE-2025-0111", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-20T00:00:00+00:00"}, "gcve": {"object_uuid": "c7293a52-9f5c-4bda-bb89-14c149a5d7fd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-20T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-02-20T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface | Affected: Palo Alto Networks / Cloud NGFW, PAN-OS, Prisma Access | CVSS: 7.1 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-0111", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0111"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-0111"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface", "vendor": "Palo Alto Networks", "product": "Cloud NGFW, PAN-OS, Prisma Access", "added_date": "2025-02-20T00:00:00.000Z", "cvss_score": 7.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "18198146-907b-460e-b8b3-a7e90f405a2a", "vulnerability": {"vulnId": "CVE-2025-0108", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-18T00:00:00+00:00"}, "gcve": {"object_uuid": "18198146-907b-460e-b8b3-a7e90f405a2a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-02-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: PAN-OS: Authentication Bypass in the Management Web Interface | Affected: Palo Alto Networks / Cloud NGFW, PAN-OS, Prisma Access | CVSS: 8.8 (HIGH) | EPSS: 0.98338 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-0108", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0108"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-0108"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "PAN-OS: Authentication Bypass in the Management Web Interface", "vendor": "Palo Alto Networks", "product": "Cloud NGFW, PAN-OS, Prisma Access", "added_date": "2025-02-18T00:00:00.000Z", "cvss_score": 8.8, "epss_score": 0.98338, "cvss_severity": "HIGH", "epss_percentile": 0.99909, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "86f6ee92-3d0f-4f7d-a77e-43148934c543", "vulnerability": {"vulnId": "CVE-2024-53704", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-18T00:00:00+00:00"}, "gcve": {"object_uuid": "86f6ee92-3d0f-4f7d-a77e-43148934c543", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-02-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication. | Affected: SonicWall / SonicOS | CVSS: 9.8 (CRITICAL) | EPSS: 0.95132 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-53704", "url": "https://www.cve.org/CVERecord?id=CVE-2024-53704"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-53704"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.", "vendor": "SonicWall", "product": "SonicOS", "added_date": "2025-02-18T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.95132, "cvss_severity": "CRITICAL", "epss_percentile": 0.99854, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d2c97ffe-839a-46cf-8abb-63d86289473f", "vulnerability": {"vulnId": "CVE-2024-57727", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "d2c97ffe-839a-46cf-8abb-63d86289473f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-02-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote... | Affected: SimpleHelp / SimpleHelp | CVSS: 7.5 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-57727", "url": "https://www.cve.org/CVERecord?id=CVE-2024-57727"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-57727"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote...", "vendor": "SimpleHelp", "product": "SimpleHelp", "added_date": "2025-02-13T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "95fa5fc9-0def-45a8-a70e-4055a49f6874", "vulnerability": {"vulnId": "CVE-2024-41710", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-12T00:00:00+00:00"}, "gcve": {"object_uuid": "95fa5fc9-0def-45a8-a70e-4055a49f6874", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-12T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-02-12T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1... | Affected: Mitel / 6800 Series, 6900 Series, 6900w Series SIP Phones, including the 6970 Conference Unit | CVSS: 7.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-41710", "url": "https://www.cve.org/CVERecord?id=CVE-2024-41710"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-41710"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1...", "vendor": "Mitel", "product": "6800 Series, 6900 Series, 6900w Series SIP Phones, including the 6970 Conference Unit", "added_date": "2025-02-12T00:00:00.000Z", "cvss_score": 7.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6ca70c1a-4659-4a22-a32d-f6551db8d691", "vulnerability": {"vulnId": "CVE-2025-24200", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-12T00:00:00+00:00"}, "gcve": {"object_uuid": "6ca70c1a-4659-4a22-a32d-f6551db8d691", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-12T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-02-12T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS... | Affected: Apple / iOS and iPadOS, iPadOS | CVSS: 6.1 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-24200", "url": "https://www.cve.org/CVERecord?id=CVE-2025-24200"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-24200"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS...", "vendor": "Apple", "product": "iOS and iPadOS, iPadOS", "added_date": "2025-02-12T00:00:00.000Z", "cvss_score": 6.1, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8a1c24bd-0c1c-45d5-a8bd-d8c87cd28781", "vulnerability": {"vulnId": "CVE-2025-21418", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-11T00:00:00+00:00"}, "gcve": {"object_uuid": "8a1c24bd-0c1c-45d5-a8bd-d8c87cd28781", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-02-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-21418", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21418"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-21418"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2025-02-11T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "06d07668-2cf5-4980-8cec-b5ca6f6291c9", "vulnerability": {"vulnId": "CVE-2024-40890", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-11T00:00:00+00:00"}, "gcve": {"object_uuid": "06d07668-2cf5-4980-8cec-b5ca6f6291c9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-02-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: **UNSUPPORTED WHEN ASSIGNED**\nA post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A... | Affected: Zyxel / VMG4325-B10A firmware | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-40890", "url": "https://www.cve.org/CVERecord?id=CVE-2024-40890"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-40890"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "**UNSUPPORTED WHEN ASSIGNED**\nA post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A...", "vendor": "Zyxel", "product": "VMG4325-B10A firmware", "added_date": "2025-02-11T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c0f852b7-e596-44ce-8746-a9f0c149eb5f", "vulnerability": {"vulnId": "CVE-2024-40891", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-11T00:00:00+00:00"}, "gcve": {"object_uuid": "c0f852b7-e596-44ce-8746-a9f0c149eb5f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-02-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: **UNSUPPORTED WHEN ASSIGNED**\nA post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel... | Affected: Zyxel / VMG4325-B10A firmware | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-40891", "url": "https://www.cve.org/CVERecord?id=CVE-2024-40891"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-40891"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "**UNSUPPORTED WHEN ASSIGNED**\nA post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel...", "vendor": "Zyxel", "product": "VMG4325-B10A firmware", "added_date": "2025-02-11T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3d4223d6-09e7-4e83-afac-81072394b2e8", "vulnerability": {"vulnId": "CVE-2025-21391", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-11T00:00:00+00:00"}, "gcve": {"object_uuid": "3d4223d6-09e7-4e83-afac-81072394b2e8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-02-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Storage Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 7.1 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-21391", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21391"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-21391"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Storage Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2025-02-11T00:00:00.000Z", "cvss_score": 7.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4542689d-83fc-4096-96d1-92953fa3594f", "vulnerability": {"vulnId": "CVE-2025-0994", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-07T00:00:00+00:00"}, "gcve": {"object_uuid": "4542689d-83fc-4096-96d1-92953fa3594f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-02-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization... | Affected: Trimble / Cityworks, Cityworks (with office companion) | CVSS: 8.6 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-0994", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0994"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-0994"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization...", "vendor": "Trimble", "product": "Cityworks, Cityworks (with office companion)", "added_date": "2025-02-07T00:00:00.000Z", "cvss_score": 8.6, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "af485952-9358-4a84-822c-9106959086d5", "vulnerability": {"vulnId": "CVE-2024-21413", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-06T00:00:00+00:00"}, "gcve": {"object_uuid": "af485952-9358-4a84-822c-9106959086d5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-06T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-02-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Outlook Remote Code Execution Vulnerability | Affected: Microsoft / Microsoft Office 2019, Microsoft 365 Apps for Enterprise, Microsoft Office LTSC 2021, Microsoft Office 2016 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-21413", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21413"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-21413"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Outlook Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Microsoft Office 2019, Microsoft 365 Apps for Enterprise, Microsoft Office LTSC 2021, Microsoft Office 2016", "added_date": "2025-02-06T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c2ae598a-fce5-4c7c-8f63-a8ecf5a59329", "vulnerability": {"vulnId": "CVE-2020-15069", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-06T00:00:00+00:00"}, "gcve": {"object_uuid": "c2ae598a-fce5-4c7c-8f63-a8ecf5a59329", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-06T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-02-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless... | Affected: Sophos / XG Firewall | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-15069", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15069"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-15069"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless...", "vendor": "Sophos", "product": "XG Firewall", "added_date": "2025-02-06T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4e9b1bd6-5029-44aa-a9b0-aca5e5627266", "vulnerability": {"vulnId": "CVE-2022-23748", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-06T00:00:00+00:00"}, "gcve": {"object_uuid": "4e9b1bd6-5029-44aa-a9b0-aca5e5627266", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-06T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-02-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what... | Affected: Apple / Audinate Dante Application Library for Windows | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-23748", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23748"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-23748"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what...", "vendor": "Apple", "product": "Audinate Dante Application Library for Windows", "added_date": "2025-02-06T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4046a622-d97f-4c0c-b2c0-0b40c659d22b", "vulnerability": {"vulnId": "CVE-2025-0411", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-06T00:00:00+00:00"}, "gcve": {"object_uuid": "4046a622-d97f-4c0c-b2c0-0b40c659d22b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-06T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-02-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: 7-Zip Mark-of-the-Web Bypass Vulnerability | Affected: 7-Zip / 7-Zip | CVSS: 7.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-0411", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0411"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-0411"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "7-Zip Mark-of-the-Web Bypass Vulnerability", "vendor": "7-Zip", "product": "7-Zip", "added_date": "2025-02-06T00:00:00.000Z", "cvss_score": 7.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "73bc579b-dfbd-4d64-ad92-a12fbc5236f1", "vulnerability": {"vulnId": "CVE-2020-29574", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-06T00:00:00+00:00"}, "gcve": {"object_uuid": "73bc579b-dfbd-4d64-ad92-a12fbc5236f1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-06T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-02-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL... | Affected: Sophos / Cyberoam OS | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-29574", "url": "https://www.cve.org/CVERecord?id=CVE-2020-29574"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-29574"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL...", "vendor": "Sophos", "product": "Cyberoam OS", "added_date": "2025-02-06T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "296d09a0-aa87-4c22-8a95-1c96b06bbe80", "vulnerability": {"vulnId": "CVE-2024-53104", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-05T00:00:00+00:00"}, "gcve": {"object_uuid": "296d09a0-aa87-4c22-8a95-1c96b06bbe80", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-05T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-02-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format | Affected: Linux / Linux | CVSS: 7.8 (HIGH) | EPSS: 0.03301 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-53104", "url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-53104"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format", "vendor": "Linux", "product": "Linux", "added_date": "2025-02-05T00:00:00.000Z", "cvss_score": 7.8, "epss_score": 0.03301, "cvss_severity": "HIGH", "epss_percentile": 0.86927, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4d128d77-ff86-45f0-9478-0df101977548", "vulnerability": {"vulnId": "CVE-2018-19410", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-04T00:00:00+00:00"}, "gcve": {"object_uuid": "4d128d77-ff86-45f0-9478-0df101977548", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-04T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-02-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including... | Affected: Paessler / PRTG Network Monitor | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-19410", "url": "https://www.cve.org/CVERecord?id=CVE-2018-19410"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-19410"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including...", "vendor": "Paessler", "product": "PRTG Network Monitor", "added_date": "2025-02-04T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "1cb0f7b3-b2b4-4f03-89b4-078bb3f04a38", "vulnerability": {"vulnId": "CVE-2024-45195", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-04T00:00:00+00:00"}, "gcve": {"object_uuid": "1cb0f7b3-b2b4-4f03-89b4-078bb3f04a38", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-04T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-02-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Apache OFBiz: Confused controller-view authorization logic (forced browsing) | Affected: Apache Software Foundation / Apache OFBiz | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-45195", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45195"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-45195"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Apache OFBiz: Confused controller-view authorization logic (forced browsing)", "vendor": "Apache Software Foundation", "product": "Apache OFBiz", "added_date": "2025-02-04T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "283c4409-c7e2-47ff-b637-0b20abe1254a", "vulnerability": {"vulnId": "CVE-2018-9276", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-04T00:00:00+00:00"}, "gcve": {"object_uuid": "283c4409-c7e2-47ff-b637-0b20abe1254a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-04T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-02-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with... | Affected: Paessler AG / PRTG Network Monitor | CVSS: 7.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-9276", "url": "https://www.cve.org/CVERecord?id=CVE-2018-9276"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-9276"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with...", "vendor": "Paessler AG", "product": "PRTG Network Monitor", "added_date": "2025-02-04T00:00:00.000Z", "cvss_score": 7.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "52d85d1e-37a2-4c98-a2de-ff0a753d4886", "vulnerability": {"vulnId": "CVE-2024-29059", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-04T00:00:00+00:00"}, "gcve": {"object_uuid": "52d85d1e-37a2-4c98-a2de-ff0a753d4886", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-04T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-02-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: .NET Framework Information Disclosure Vulnerability | Affected: Microsoft / Microsoft .NET Framework 4.8, Microsoft .NET Framework 3.5 AND 4.8, Microsoft .NET Framework 3.5 AND 4.7.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.5 AND 4.8.1, Microsoft .NET Framework 4.6.2, Microsoft .NET Framework 3.5 AND 4.6/4.6.2, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.0 Service Pack 2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1 | CVSS: 7.5 (HIGH) | EPSS: 0.98832 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-29059", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29059"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-29059"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": ".NET Framework Information Disclosure Vulnerability", "vendor": "Microsoft", "product": "Microsoft .NET Framework 4.8, Microsoft .NET Framework 3.5 AND 4.8, Microsoft .NET Framework 3.5 AND 4.7.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.5 AND 4.8.1, Microsoft .NET Framework 4.6.2, Microsoft .NET Framework 3.5 AND 4.6/4.6.2, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.0 Service Pack 2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1", "added_date": "2025-02-04T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.98832, "cvss_severity": "HIGH", "epss_percentile": 0.9992, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e4b9ee89-fc1c-43ef-81ea-b7b1d2e1ff62", "vulnerability": {"vulnId": "CVE-2025-24085", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-29T00:00:00+00:00"}, "gcve": {"object_uuid": "e4b9ee89-fc1c-43ef-81ea-b7b1d2e1ff62", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-29T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-01-29T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia... | Affected: Apple / iOS and iPadOS, iPadOS, macOS, tvOS, visionOS, watchOS | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-24085", "url": "https://www.cve.org/CVERecord?id=CVE-2025-24085"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-24085"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia...", "vendor": "Apple", "product": "iOS and iPadOS, iPadOS, macOS, tvOS, visionOS, watchOS", "added_date": "2025-01-29T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "df4b7053-6c78-40ed-8719-4f958a4caf7b", "vulnerability": {"vulnId": "CVE-2025-23006", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-24T00:00:00+00:00"}, "gcve": {"object_uuid": "df4b7053-6c78-40ed-8719-4f958a4caf7b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-01-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and... | Affected: SonicWall / SMA1000 | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-23006", "url": "https://www.cve.org/CVERecord?id=CVE-2025-23006"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-23006"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and...", "vendor": "SonicWall", "product": "SMA1000", "added_date": "2025-01-24T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "96f3d610-eb2c-4e23-af3d-28b7f8614150", "vulnerability": {"vulnId": "CVE-2020-11023", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-23T00:00:00+00:00"}, "gcve": {"object_uuid": "96f3d610-eb2c-4e23-af3d-28b7f8614150", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-01-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Potential XSS vulnerability in jQuery | Affected: jquery / jQuery | CVSS: 6.9 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-11023", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-11023"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Potential XSS vulnerability in jQuery", "vendor": "jquery", "product": "jQuery", "added_date": "2025-01-23T00:00:00.000Z", "cvss_score": 6.9, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cc16e912-3c42-4242-8272-009cb3b86772", "vulnerability": {"vulnId": "CVE-2024-50603", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-16T00:00:00+00:00"}, "gcve": {"object_uuid": "cc16e912-3c42-4242-8272-009cb3b86772", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-16T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-01-16T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements... | Affected: Aviatrix / Controller | CVSS: 10.0 (CRITICAL) | EPSS: 0.98545 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-50603", "url": "https://www.cve.org/CVERecord?id=CVE-2024-50603"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-50603"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements...", "vendor": "Aviatrix", "product": "Controller", "added_date": "2025-01-16T00:00:00.000Z", "cvss_score": 10.0, "epss_score": 0.98545, "cvss_severity": "CRITICAL", "epss_percentile": 0.99916, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b197b328-9f78-439a-957c-e0355e18bf05", "vulnerability": {"vulnId": "CVE-2025-21334", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-14T00:00:00+00:00"}, "gcve": {"object_uuid": "b197b328-9f78-439a-957c-e0355e18bf05", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-14T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-01-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 7.8 (HIGH) | EPSS: 0.0153 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-21334", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21334"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-21334"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2025-01-14T00:00:00.000Z", "cvss_score": 7.8, "epss_score": 0.0153, "cvss_severity": "HIGH", "epss_percentile": 0.71467, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "46c6ae6e-2c62-4792-bc3b-6055e38b11fe", "vulnerability": {"vulnId": "CVE-2025-21333", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-14T00:00:00+00:00"}, "gcve": {"object_uuid": "46c6ae6e-2c62-4792-bc3b-6055e38b11fe", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-14T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-01-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 7.8 (HIGH) | EPSS: 0.09798 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-21333", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21333"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-21333"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2025-01-14T00:00:00.000Z", "cvss_score": 7.8, "epss_score": 0.09798, "cvss_severity": "HIGH", "epss_percentile": 0.94931, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "205b05af-2a5d-4c21-a043-adef6efade41", "vulnerability": {"vulnId": "CVE-2024-55591", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-14T00:00:00+00:00"}, "gcve": {"object_uuid": "205b05af-2a5d-4c21-a043-adef6efade41", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-14T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-01-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An\u00a0Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and... | Affected: Fortinet / FortiOS, FortiProxy | CVSS: 9.6 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-55591", "url": "https://www.cve.org/CVERecord?id=CVE-2024-55591"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-55591"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An\u00a0Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and...", "vendor": "Fortinet", "product": "FortiOS, FortiProxy", "added_date": "2025-01-14T00:00:00.000Z", "cvss_score": 9.6, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9be64216-c777-4580-8989-0aa4c8675ce3", "vulnerability": {"vulnId": "CVE-2025-21335", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-14T00:00:00+00:00"}, "gcve": {"object_uuid": "9be64216-c777-4580-8989-0aa4c8675ce3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-14T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-01-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 7.8 (HIGH) | EPSS: 0.01363 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-21335", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21335"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-21335"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2025-01-14T00:00:00.000Z", "cvss_score": 7.8, "epss_score": 0.01363, "cvss_severity": "HIGH", "epss_percentile": 0.68169, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "31289c4d-757c-4108-8e10-4e62465990d0", "vulnerability": {"vulnId": "CVE-2024-12686", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-13T00:00:00+00:00"}, "gcve": {"object_uuid": "31289c4d-757c-4108-8e10-4e62465990d0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-01-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Command Injection vulnerability in Remote Support(RS) & Privilege Remote Access (PRA) | Affected: BeyondTrust / Remote Support(RS) & Privileged Remote Access(PRA) | CVSS: 6.6 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-12686", "url": "https://www.cve.org/CVERecord?id=CVE-2024-12686"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-12686"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Command Injection vulnerability in Remote Support(RS) & Privilege Remote Access (PRA)", "vendor": "BeyondTrust", "product": "Remote Support(RS) & Privileged Remote Access(PRA)", "added_date": "2025-01-13T00:00:00.000Z", "cvss_score": 6.6, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b3cb3a13-a13c-48b6-af50-a200cf3f4cc3", "vulnerability": {"vulnId": "CVE-2023-48365", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-13T00:00:00+00:00"}, "gcve": {"object_uuid": "b3cb3a13-a13c-48b6-af50-a200cf3f4cc3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-01-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper validation... | Affected: Qlik / Sense Enterprise for Windows | CVSS: 9.6 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-48365", "url": "https://www.cve.org/CVERecord?id=CVE-2023-48365"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-48365"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper validation...", "vendor": "Qlik", "product": "Sense Enterprise for Windows", "added_date": "2025-01-13T00:00:00.000Z", "cvss_score": 9.6, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0f5f05a2-830f-470a-8f56-a19a24ad6697", "vulnerability": {"vulnId": "CVE-2025-0282", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-08T00:00:00+00:00"}, "gcve": {"object_uuid": "0f5f05a2-830f-470a-8f56-a19a24ad6697", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-01-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons... | Affected: Ivanti / Connect Secure, Policy Secure, Neurons for ZTA gateways | CVSS: 9.0 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2025-0282", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0282"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-0282"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons...", "vendor": "Ivanti", "product": "Connect Secure, Policy Secure, Neurons for ZTA gateways", "added_date": "2025-01-08T00:00:00.000Z", "cvss_score": 9.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0ab1188e-8c6c-4404-bc2b-2a096a23384e", "vulnerability": {"vulnId": "CVE-2024-41713", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-07T00:00:00+00:00"}, "gcve": {"object_uuid": "0ab1188e-8c6c-4404-bc2b-2a096a23384e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-01-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated... | Affected: Mitel / MiCollab | CVSS: 9.1 (CRITICAL) | EPSS: 0.98067 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-41713", "url": "https://www.cve.org/CVERecord?id=CVE-2024-41713"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-41713"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated...", "vendor": "Mitel", "product": "MiCollab", "added_date": "2025-01-07T00:00:00.000Z", "cvss_score": 9.1, "epss_score": 0.98067, "cvss_severity": "CRITICAL", "epss_percentile": 0.99904, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "1f97e9b0-e6a2-4f20-b58f-0dd18d71f7ff", "vulnerability": {"vulnId": "CVE-2024-55550", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-07T00:00:00+00:00"}, "gcve": {"object_uuid": "1f97e9b0-e6a2-4f20-b58f-0dd18d71f7ff", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-01-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to... | Affected: Mitel / MiCollab | CVSS: 2.7 (LOW) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-55550", "url": "https://www.cve.org/CVERecord?id=CVE-2024-55550"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-55550"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to...", "vendor": "Mitel", "product": "MiCollab", "added_date": "2025-01-07T00:00:00.000Z", "cvss_score": 2.7, "epss_score": null, "cvss_severity": "LOW", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "13b40c34-5086-4150-9f19-07475341daf5", "vulnerability": {"vulnId": "CVE-2020-2883", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-07T00:00:00+00:00"}, "gcve": {"object_uuid": "13b40c34-5086-4150-9f19-07475341daf5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2025-01-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are... | Affected: Oracle Corporation / WebLogic Server | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-2883", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2883"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-2883"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are...", "vendor": "Oracle Corporation", "product": "WebLogic Server", "added_date": "2025-01-07T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3b9d12b0-1222-4537-8919-8e9d0f679cf1", "vulnerability": {"vulnId": "CVE-2024-3393", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-30T00:00:00+00:00"}, "gcve": {"object_uuid": "3b9d12b0-1222-4537-8919-8e9d0f679cf1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-12-30T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-12-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet | Affected: Palo Alto Networks / Cloud NGFW, PAN-OS | CVSS: 8.7 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-3393", "url": "https://www.cve.org/CVERecord?id=CVE-2024-3393"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-3393"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet", "vendor": "Palo Alto Networks", "product": "Cloud NGFW, PAN-OS", "added_date": "2024-12-30T00:00:00.000Z", "cvss_score": 8.7, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "161fe2d8-2480-4e4e-a15e-857e0ae39e99", "vulnerability": {"vulnId": "CVE-2021-44207", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-23T00:00:00+00:00"}, "gcve": {"object_uuid": "161fe2d8-2480-4e4e-a15e-857e0ae39e99", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-12-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-12-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials. | Affected: Acclaim Systems / USAHERDS | CVSS: 8.1 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-44207", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44207"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-44207"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials.", "vendor": "Acclaim Systems", "product": "USAHERDS", "added_date": "2024-12-23T00:00:00.000Z", "cvss_score": 8.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9b6d5d58-edfa-4701-a439-749cc90b6818", "vulnerability": {"vulnId": "CVE-2024-12356", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-19T00:00:00+00:00"}, "gcve": {"object_uuid": "9b6d5d58-edfa-4701-a439-749cc90b6818", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-12-19T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-12-19T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Command Injection Vulnerability in Remote Support(RS) & Privileged Remote Access (PRA) | Affected: BeyondTrust / Remote Support, Privileged Remote Access | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-12356", "url": "https://www.cve.org/CVERecord?id=CVE-2024-12356"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-12356"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Command Injection Vulnerability in Remote Support(RS) & Privileged Remote Access (PRA)", "vendor": "BeyondTrust", "product": "Remote Support, Privileged Remote Access", "added_date": "2024-12-19T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "12349d5b-ed6b-457c-a810-37b18680efbc", "vulnerability": {"vulnId": "CVE-2018-14933", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-18T00:00:00+00:00"}, "gcve": {"object_uuid": "12349d5b-ed6b-457c-a810-37b18680efbc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-12-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-12-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir... | Affected: NUUO / NVRmini | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-14933", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14933"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-14933"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir...", "vendor": "NUUO", "product": "NVRmini", "added_date": "2024-12-18T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "72deb9a1-67c8-448e-90ee-c446f95621be", "vulnerability": {"vulnId": "CVE-2022-23227", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-18T00:00:00+00:00"}, "gcve": {"object_uuid": "72deb9a1-67c8-448e-90ee-c446f95621be", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-12-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-12-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users... | Affected: NUUO / NVRmini2 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-23227", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23227"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-23227"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users...", "vendor": "NUUO", "product": "NVRmini2", "added_date": "2024-12-18T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "afc8b211-ea76-48b3-8118-abe2b02f6daf", "vulnerability": {"vulnId": "CVE-2019-11001", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-18T00:00:00+00:00"}, "gcve": {"object_uuid": "afc8b211-ea76-48b3-8118-abe2b02f6daf", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-12-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-12-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the \"TestEmail\" functionality... | Affected: Reolink / RLC-410W, C1 Pro, C2 Pro, RLC-422W, RLC-511W | CVSS: 7.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-11001", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11001"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-11001"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the \"TestEmail\" functionality...", "vendor": "Reolink", "product": "RLC-410W, C1 Pro, C2 Pro, RLC-422W, RLC-511W", "added_date": "2024-12-18T00:00:00.000Z", "cvss_score": 7.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7f8c1094-492f-4f95-97c7-13f28fa00d26", "vulnerability": {"vulnId": "CVE-2021-40407", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-18T00:00:00+00:00"}, "gcve": {"object_uuid": "7f8c1094-492f-4f95-97c7-13f28fa00d26", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-12-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-12-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2],... | Affected: reolink / RLC-410W | CVSS: 9.1 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-40407", "url": "https://www.cve.org/CVERecord?id=CVE-2021-40407"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-40407"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2],...", "vendor": "reolink", "product": "RLC-410W", "added_date": "2024-12-18T00:00:00.000Z", "cvss_score": 9.1, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0d755775-e4a9-4b2b-a7de-ffc8fe816f3d", "vulnerability": {"vulnId": "CVE-2024-55956", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-17T00:00:00+00:00"}, "gcve": {"object_uuid": "0d755775-e4a9-4b2b-a7de-ffc8fe816f3d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-12-17T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-12-17T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary... | Affected: Cleo / [\"Harmony\", \"VLTrader\", \"LexiCom\"] | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-55956", "url": "https://www.cve.org/CVERecord?id=CVE-2024-55956"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-55956"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary...", "vendor": "Cleo", "product": "[\"Harmony\", \"VLTrader\", \"LexiCom\"]", "added_date": "2024-12-17T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4bf7103b-1471-4545-9448-13a99f7acd76", "vulnerability": {"vulnId": "CVE-2024-20767", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-16T00:00:00+00:00"}, "gcve": {"object_uuid": "4bf7103b-1471-4545-9448-13a99f7acd76", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-12-16T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-12-16T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: ColdFusion | Improper Access Control (CWE-284) | Affected: Adobe / ColdFusion | CVSS: 7.4 (HIGH) | EPSS: 0.98514 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-20767", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20767"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-20767"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "ColdFusion | Improper Access Control (CWE-284)", "vendor": "Adobe", "product": "ColdFusion", "added_date": "2024-12-16T00:00:00.000Z", "cvss_score": 7.4, "epss_score": 0.98514, "cvss_severity": "HIGH", "epss_percentile": 0.99914, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9056b8d4-440f-4c81-b755-9d349354baca", "vulnerability": {"vulnId": "CVE-2024-35250", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-16T00:00:00+00:00"}, "gcve": {"object_uuid": "9056b8d4-440f-4c81-b755-9d349354baca", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-12-16T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-12-16T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-35250", "url": "https://www.cve.org/CVERecord?id=CVE-2024-35250"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-35250"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Kernel-Mode Driver Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2024-12-16T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "878faf06-735d-4687-a32e-07d3a89583c8", "vulnerability": {"vulnId": "CVE-2024-50623", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-13T00:00:00+00:00"}, "gcve": {"object_uuid": "878faf06-735d-4687-a32e-07d3a89583c8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-12-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-12-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that... | Affected: Cleo / [\"Harmony\", \"VLTrader\", \"LexiCom\"] | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-50623", "url": "https://www.cve.org/CVERecord?id=CVE-2024-50623"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-50623"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that...", "vendor": "Cleo", "product": "[\"Harmony\", \"VLTrader\", \"LexiCom\"]", "added_date": "2024-12-13T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "fd78ec0f-aa17-4845-b357-73b608b98b41", "vulnerability": {"vulnId": "CVE-2024-49138", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-10T00:00:00+00:00"}, "gcve": {"object_uuid": "fd78ec0f-aa17-4845-b357-73b608b98b41", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-12-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-12-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Common Log File System Driver Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 7.8 (HIGH) | EPSS: 0.25414 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-49138", "url": "https://www.cve.org/CVERecord?id=CVE-2024-49138"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-49138"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2024-12-10T00:00:00.000Z", "cvss_score": 7.8, "epss_score": 0.25414, "cvss_severity": "HIGH", "epss_percentile": 0.97676, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f55cabfd-4bc7-441e-b424-6a82b0a682cd", "vulnerability": {"vulnId": "CVE-2024-51378", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-04T00:00:00+00:00"}, "gcve": {"object_uuid": "f55cabfd-4bc7-441e-b424-6a82b0a682cd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-12-04T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-12-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and... | Affected: CyberPanel / CyberPanel | CVSS: 10.0 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-51378", "url": "https://www.cve.org/CVERecord?id=CVE-2024-51378"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-51378"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and...", "vendor": "CyberPanel", "product": "CyberPanel", "added_date": "2024-12-04T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b50aa8ca-bf55-4df2-a02a-8e6b17ed58be", "vulnerability": {"vulnId": "CVE-2024-11680", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-03T00:00:00+00:00"}, "gcve": {"object_uuid": "b50aa8ca-bf55-4df2-a02a-8e6b17ed58be", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-12-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-12-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: ProjectSend Unauthenticated Configuration Modification | Affected: ProjectSend / ProjectSend | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-11680", "url": "https://www.cve.org/CVERecord?id=CVE-2024-11680"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-11680"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "ProjectSend Unauthenticated Configuration Modification", "vendor": "ProjectSend", "product": "ProjectSend", "added_date": "2024-12-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "fcb721d5-5d1f-43b1-acce-4204454d8261", "vulnerability": {"vulnId": "CVE-2023-45727", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-03T00:00:00+00:00"}, "gcve": {"object_uuid": "fcb721d5-5d1f-43b1-acce-4204454d8261", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-12-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-12-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and... | Affected: North Grid Corporation / Proself Enterprise/Standard Edition, Proself Gateway Edition, Proself Mail Sanitize Edition | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-45727", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45727"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-45727"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and...", "vendor": "North Grid Corporation", "product": "Proself Enterprise/Standard Edition, Proself Gateway Edition, Proself Mail Sanitize Edition", "added_date": "2024-12-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "57098658-ade0-4f26-94a0-d41150302a5f", "vulnerability": {"vulnId": "CVE-2024-11667", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-03T00:00:00+00:00"}, "gcve": {"object_uuid": "57098658-ade0-4f26-94a0-d41150302a5f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-12-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-12-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series... | Affected: Zyxel / ATP series firmware, USG FLEX series firmware, USG FLEX 50(W) series firmware, USG20(W)-VPN series firmware | CVSS: 7.5 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-11667", "url": "https://www.cve.org/CVERecord?id=CVE-2024-11667"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-11667"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series...", "vendor": "Zyxel", "product": "ATP series firmware, USG FLEX series firmware, USG FLEX 50(W) series firmware, USG20(W)-VPN series firmware", "added_date": "2024-12-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "47a3bea6-af16-4436-afc5-ee49d3c31d30", "vulnerability": {"vulnId": "CVE-2023-28461", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-25T00:00:00+00:00"}, "gcve": {"object_uuid": "47a3bea6-af16-4436-afc5-ee49d3c31d30", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-11-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN... | Affected: Array Networks / Array AG Series and vxAG | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-28461", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28461"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-28461"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN...", "vendor": "Array Networks", "product": "Array AG Series and vxAG", "added_date": "2024-11-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "fc0fa081-e4d5-4a29-81a6-43cad1410b9f", "vulnerability": {"vulnId": "CVE-2024-44309", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-21T00:00:00+00:00"}, "gcve": {"object_uuid": "fc0fa081-e4d5-4a29-81a6-43cad1410b9f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-11-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS... | Affected: Apple / Safari, iOS and iPadOS, macOS, visionOS | CVSS: 6.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-44309", "url": "https://www.cve.org/CVERecord?id=CVE-2024-44309"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-44309"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS...", "vendor": "Apple", "product": "Safari, iOS and iPadOS, macOS, visionOS", "added_date": "2024-11-21T00:00:00.000Z", "cvss_score": 6.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4d120c59-5f47-4646-b71c-2547e9e623a9", "vulnerability": {"vulnId": "CVE-2024-44308", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-21T00:00:00+00:00"}, "gcve": {"object_uuid": "4d120c59-5f47-4646-b71c-2547e9e623a9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-11-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1,... | Affected: Apple / Safari, iOS and iPadOS, macOS, visionOS | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-44308", "url": "https://www.cve.org/CVERecord?id=CVE-2024-44308"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-44308"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1,...", "vendor": "Apple", "product": "Safari, iOS and iPadOS, macOS, visionOS", "added_date": "2024-11-21T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ffc800a4-6e45-4c01-845c-88bbc6f94960", "vulnerability": {"vulnId": "CVE-2024-21287", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-21T00:00:00+00:00"}, "gcve": {"object_uuid": "ffc800a4-6e45-4c01-845c-88bbc6f94960", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-11-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software Development Kit, Process Extension).   The... | Affected: Oracle Corporation / Oracle Agile PLM Framework | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-21287", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21287"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-21287"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software Development Kit, Process Extension).   The...", "vendor": "Oracle Corporation", "product": "Oracle Agile PLM Framework", "added_date": "2024-11-21T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b95039e8-b5c6-4aab-b3d5-0cce14fbc7d5", "vulnerability": {"vulnId": "CVE-2024-38812", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-20T00:00:00+00:00"}, "gcve": {"object_uuid": "b95039e8-b5c6-4aab-b3d5-0cce14fbc7d5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-20T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-11-20T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Heap-overflow vulnerability | Affected: VMware / VMware vCenter Server, VMware Cloud Foundation | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-38812", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38812"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-38812"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Heap-overflow vulnerability", "vendor": "VMware", "product": "VMware vCenter Server, VMware Cloud Foundation", "added_date": "2024-11-20T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7291bf88-212b-4385-849d-fe1e3242f837", "vulnerability": {"vulnId": "CVE-2024-38813", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-20T00:00:00+00:00"}, "gcve": {"object_uuid": "7291bf88-212b-4385-849d-fe1e3242f837", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-20T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-11-20T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Privilege escalation vulnerability | Affected: VMware / VMware vCenter Server, VMware Cloud Foundation | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-38813", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38813"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-38813"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Privilege escalation vulnerability", "vendor": "VMware", "product": "VMware vCenter Server, VMware Cloud Foundation", "added_date": "2024-11-20T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "04c3a86b-7f95-45ec-98ce-d0df09204c73", "vulnerability": {"vulnId": "CVE-2024-0012", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-18T00:00:00+00:00"}, "gcve": {"object_uuid": "04c3a86b-7f95-45ec-98ce-d0df09204c73", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-11-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) | Affected: Palo Alto Networks / Cloud NGFW, PAN-OS, Prisma Access | CVSS: 9.3 (CRITICAL) | EPSS: 0.99698 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-0012", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0012"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-0012"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)", "vendor": "Palo Alto Networks", "product": "Cloud NGFW, PAN-OS, Prisma Access", "added_date": "2024-11-18T00:00:00.000Z", "cvss_score": 9.3, "epss_score": 0.99698, "cvss_severity": "CRITICAL", "epss_percentile": 0.99949, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "837dd166-e127-48f7-bc99-45171763b708", "vulnerability": {"vulnId": "CVE-2024-9474", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-18T00:00:00+00:00"}, "gcve": {"object_uuid": "837dd166-e127-48f7-bc99-45171763b708", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-11-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface | Affected: Palo Alto Networks / Cloud NGFW, PAN-OS, Prisma Access | CVSS: 6.9 (MEDIUM) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-9474", "url": "https://www.cve.org/CVERecord?id=CVE-2024-9474"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-9474"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface", "vendor": "Palo Alto Networks", "product": "Cloud NGFW, PAN-OS, Prisma Access", "added_date": "2024-11-18T00:00:00.000Z", "cvss_score": 6.9, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c9b82b38-7ed1-492e-b2e7-82830a4db305", "vulnerability": {"vulnId": "CVE-2024-1212", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-18T00:00:00+00:00"}, "gcve": {"object_uuid": "c9b82b38-7ed1-492e-b2e7-82830a4db305", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-11-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: LoadMaster Pre-Authenticated OS Command Injection | Affected: Progress Software / LoadMaster | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-1212", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1212"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-1212"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "LoadMaster Pre-Authenticated OS Command Injection", "vendor": "Progress Software", "product": "LoadMaster", "added_date": "2024-11-18T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2cdcfe1a-4d85-4eca-b6bb-e0687bd574bf", "vulnerability": {"vulnId": "CVE-2024-9463", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-14T00:00:00+00:00"}, "gcve": {"object_uuid": "2cdcfe1a-4d85-4eca-b6bb-e0687bd574bf", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-14T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-11-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Expedition: Unauthenticated OS Command Injection Vulnerability Leads to Firewall Credential Disclosure | Affected: Palo Alto Networks / Expedition | CVSS: 9.9 (CRITICAL) | EPSS: 0.98393 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-9463", "url": "https://www.cve.org/CVERecord?id=CVE-2024-9463"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-9463"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Expedition: Unauthenticated OS Command Injection Vulnerability Leads to Firewall Credential Disclosure", "vendor": "Palo Alto Networks", "product": "Expedition", "added_date": "2024-11-14T00:00:00.000Z", "cvss_score": 9.9, "epss_score": 0.98393, "cvss_severity": "CRITICAL", "epss_percentile": 0.99912, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "991f7d94-259c-478b-a5f5-28585bf1283f", "vulnerability": {"vulnId": "CVE-2024-9465", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-14T00:00:00+00:00"}, "gcve": {"object_uuid": "991f7d94-259c-478b-a5f5-28585bf1283f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-14T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-11-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Expedition: SQL Injection Leads to Firewall Admin Credential Disclosure | Affected: Palo Alto Networks / Expedition | CVSS: 9.2 (CRITICAL) | EPSS: 0.99588 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-9465", "url": "https://www.cve.org/CVERecord?id=CVE-2024-9465"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-9465"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Expedition: SQL Injection Leads to Firewall Admin Credential Disclosure", "vendor": "Palo Alto Networks", "product": "Expedition", "added_date": "2024-11-14T00:00:00.000Z", "cvss_score": 9.2, "epss_score": 0.99588, "cvss_severity": "CRITICAL", "epss_percentile": 0.99942, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "64e804d7-df82-45df-a382-d718f5a06e36", "vulnerability": {"vulnId": "CVE-2024-43451", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-12T00:00:00+00:00"}, "gcve": {"object_uuid": "64e804d7-df82-45df-a382-d718f5a06e36", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-12T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-11-12T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: NTLM Hash Disclosure Spoofing Vulnerability | Affected: Microsoft / Windows Server 2025, Windows Server 2025 (Server Core installation), Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-43451", "url": "https://www.cve.org/CVERecord?id=CVE-2024-43451"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-43451"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "NTLM Hash Disclosure Spoofing Vulnerability", "vendor": "Microsoft", "product": "Windows Server 2025, Windows Server 2025 (Server Core installation), Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2024-11-12T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "74c3c491-ce98-4997-809d-e56abc402783", "vulnerability": {"vulnId": "CVE-2024-49039", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-12T00:00:00+00:00"}, "gcve": {"object_uuid": "74c3c491-ce98-4997-809d-e56abc402783", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-12T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-11-12T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Task Scheduler Elevation of Privilege Vulnerability | Affected: Microsoft / Windows Server 2025, Windows Server 2025 (Server Core installation), Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation) | CVSS: 8.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-49039", "url": "https://www.cve.org/CVERecord?id=CVE-2024-49039"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-49039"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Task Scheduler Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows Server 2025, Windows Server 2025 (Server Core installation), Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation)", "added_date": "2024-11-12T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "077e97ac-10a4-4a4c-ab71-05b1f7723061", "vulnerability": {"vulnId": "CVE-2014-2120", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-12T00:00:00+00:00"}, "gcve": {"object_uuid": "077e97ac-10a4-4a4c-ab71-05b1f7723061", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-12T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-11-12T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to... | Affected: Cisco / Adaptive Security Appliance (ASA) Software | CVSS: 6.1 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2014-2120", "url": "https://www.cve.org/CVERecord?id=CVE-2014-2120"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-2120"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to...", "vendor": "Cisco", "product": "Adaptive Security Appliance (ASA) Software", "added_date": "2024-11-12T00:00:00.000Z", "cvss_score": 6.1, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a7a822f6-0ac3-48a7-bacd-9fac50e17cb6", "vulnerability": {"vulnId": "CVE-2021-26086", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-12T00:00:00+00:00"}, "gcve": {"object_uuid": "a7a822f6-0ac3-48a7-bacd-9fac50e17cb6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-12T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-11-12T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in... | Affected: Atlassian / Jira Server, Jira Data Center | CVSS: 5.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-26086", "url": "https://www.cve.org/CVERecord?id=CVE-2021-26086"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-26086"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in...", "vendor": "Atlassian", "product": "Jira Server, Jira Data Center", "added_date": "2024-11-12T00:00:00.000Z", "cvss_score": 5.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "08e36a9b-f4cf-427f-8136-bed28a8c6ca7", "vulnerability": {"vulnId": "CVE-2021-41277", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-12T00:00:00+00:00"}, "gcve": {"object_uuid": "08e36a9b-f4cf-427f-8136-bed28a8c6ca7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-12T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-11-12T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: GeoJSON URL validation can expose server files and environment variables to unauthorized users | Affected: metabase / metabase | CVSS: 10.0 (CRITICAL) | EPSS: 0.96887 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-41277", "url": "https://www.cve.org/CVERecord?id=CVE-2021-41277"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-41277"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "GeoJSON URL validation can expose server files and environment variables to unauthorized users", "vendor": "metabase", "product": "metabase", "added_date": "2024-11-12T00:00:00.000Z", "cvss_score": 10.0, "epss_score": 0.96887, "cvss_severity": "CRITICAL", "epss_percentile": 0.99881, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6c274ec8-ecdc-4af1-8b9e-9c5a55ce4735", "vulnerability": {"vulnId": "CVE-2019-16278", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-07T00:00:00+00:00"}, "gcve": {"object_uuid": "6c274ec8-ecdc-4af1-8b9e-9c5a55ce4735", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-11-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted... | Affected: nostromo / nhttpd | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-16278", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16278"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-16278"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted...", "vendor": "nostromo", "product": "nhttpd", "added_date": "2024-11-07T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "28aa7f6d-1b3d-4502-ad4c-a7d6d30cf383", "vulnerability": {"vulnId": "CVE-2024-43093", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-07T00:00:00+00:00"}, "gcve": {"object_uuid": "28aa7f6d-1b3d-4502-ad4c-a7d6d30cf383", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-11-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive... | Affected: Google / Android | CVSS: 7.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-43093", "url": "https://www.cve.org/CVERecord?id=CVE-2024-43093"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-43093"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive...", "vendor": "Google", "product": "Android", "added_date": "2024-11-07T00:00:00.000Z", "cvss_score": 7.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a36c2603-21ce-4d64-a40c-942e568f3254", "vulnerability": {"vulnId": "CVE-2024-5910", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-07T00:00:00+00:00"}, "gcve": {"object_uuid": "a36c2603-21ce-4d64-a40c-942e568f3254", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-11-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Expedition: Missing Authentication Leads to Admin Account Takeover | Affected: Palo Alto Networks / Expedition | CVSS: 9.3 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-5910", "url": "https://www.cve.org/CVERecord?id=CVE-2024-5910"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-5910"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Expedition: Missing Authentication Leads to Admin Account Takeover", "vendor": "Palo Alto Networks", "product": "Expedition", "added_date": "2024-11-07T00:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "eb487cac-ea3d-482f-b1a5-9b902ced54e9", "vulnerability": {"vulnId": "CVE-2024-51567", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-07T00:00:00+00:00"}, "gcve": {"object_uuid": "eb487cac-ea3d-482f-b1a5-9b902ced54e9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-11-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and... | Affected: CyberPanel / CyberPanel | CVSS: 10.0 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-51567", "url": "https://www.cve.org/CVERecord?id=CVE-2024-51567"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-51567"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and...", "vendor": "CyberPanel", "product": "CyberPanel", "added_date": "2024-11-07T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "10647cfc-3451-4935-84b1-caeae49c410a", "vulnerability": {"vulnId": "CVE-2024-8957", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-04T00:00:00+00:00"}, "gcve": {"object_uuid": "10647cfc-3451-4935-84b1-caeae49c410a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-04T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-11-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: PTZOptics NDI and SDI Cameras Command Injection via NTP Address Configuration | Affected: PTZOptics / PT30X-SDI, PT30X-NDI | CVSS: 7.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-8957", "url": "https://www.cve.org/CVERecord?id=CVE-2024-8957"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-8957"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "PTZOptics NDI and SDI Cameras Command Injection via NTP Address Configuration", "vendor": "PTZOptics", "product": "PT30X-SDI, PT30X-NDI", "added_date": "2024-11-04T00:00:00.000Z", "cvss_score": 7.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "824948da-0a42-4fb5-9169-5180c887ec10", "vulnerability": {"vulnId": "CVE-2024-8956", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-04T00:00:00+00:00"}, "gcve": {"object_uuid": "824948da-0a42-4fb5-9169-5180c887ec10", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-04T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-11-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: PTZOptics NDI and SDI Cameras /cgi-bin/param.cgi Insufficient Authentication | Affected: PTZOptics / PT30X-SDI, PT30X-NDI | CVSS: 9.1 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-8956", "url": "https://www.cve.org/CVERecord?id=CVE-2024-8956"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-8956"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "PTZOptics NDI and SDI Cameras /cgi-bin/param.cgi Insufficient Authentication", "vendor": "PTZOptics", "product": "PT30X-SDI, PT30X-NDI", "added_date": "2024-11-04T00:00:00.000Z", "cvss_score": 9.1, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a0b15c94-6712-45f4-9268-e184453c4cdf", "vulnerability": {"vulnId": "CVE-2024-37383", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-24T00:00:00+00:00"}, "gcve": {"object_uuid": "a0b15c94-6712-45f4-9268-e184453c4cdf", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-10-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-10-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes. | Affected: Roundcube / Roundcube Webmail | CVSS: 6.1 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-37383", "url": "https://www.cve.org/CVERecord?id=CVE-2024-37383"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-37383"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.", "vendor": "Roundcube", "product": "Roundcube Webmail", "added_date": "2024-10-24T00:00:00.000Z", "cvss_score": 6.1, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "94c4f057-f56e-4b86-b89d-f17eef7b25a1", "vulnerability": {"vulnId": "CVE-2024-20481", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-24T00:00:00+00:00"}, "gcve": {"object_uuid": "94c4f057-f56e-4b86-b89d-f17eef7b25a1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-10-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-10-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense... | Affected: Cisco / Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense Software | CVSS: 5.8 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-20481", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20481"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-20481"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense...", "vendor": "Cisco", "product": "Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense Software", "added_date": "2024-10-24T00:00:00.000Z", "cvss_score": 5.8, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cc72d980-9ae3-4a56-b743-5db9c5d79810", "vulnerability": {"vulnId": "CVE-2024-47575", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-23T00:00:00+00:00"}, "gcve": {"object_uuid": "cc72d980-9ae3-4a56-b743-5db9c5d79810", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-10-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-10-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7,... | Affected: Fortinet / FortiManager | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-47575", "url": "https://www.cve.org/CVERecord?id=CVE-2024-47575"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-47575"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7,...", "vendor": "Fortinet", "product": "FortiManager", "added_date": "2024-10-23T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8be6f572-1d35-4343-b312-424188996a05", "vulnerability": {"vulnId": "CVE-2024-38094", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-22T00:00:00+00:00"}, "gcve": {"object_uuid": "8be6f572-1d35-4343-b312-424188996a05", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-10-22T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-10-22T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft SharePoint Remote Code Execution Vulnerability | Affected: Microsoft / Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition | CVSS: 7.2 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-38094", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38094"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-38094"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft SharePoint Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition", "added_date": "2024-10-22T00:00:00.000Z", "cvss_score": 7.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "fe67edcd-a858-4164-b94e-65811ab144d0", "vulnerability": {"vulnId": "CVE-2024-9537", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-21T00:00:00+00:00"}, "gcve": {"object_uuid": "fe67edcd-a858-4164-b94e-65811ab144d0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-10-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-10-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: ScienceLogic SL1 unspecified vulnerability | Affected: ScienceLogic / SL1 | CVSS: 9.3 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-9537", "url": "https://www.cve.org/CVERecord?id=CVE-2024-9537"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-9537"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "ScienceLogic SL1 unspecified vulnerability", "vendor": "ScienceLogic", "product": "SL1", "added_date": "2024-10-21T00:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "588bcc10-f9d3-45c6-a7c5-d6674bd81fdd", "vulnerability": {"vulnId": "CVE-2024-40711", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-17T00:00:00+00:00"}, "gcve": {"object_uuid": "588bcc10-f9d3-45c6-a7c5-d6674bd81fdd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-10-17T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-10-17T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). | Affected: Veeam / Backup and  Recovery | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-40711", "url": "https://www.cve.org/CVERecord?id=CVE-2024-40711"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-40711"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).", "vendor": "Veeam", "product": "Backup and  Recovery", "added_date": "2024-10-17T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7d28bf55-fbb8-4b37-9f58-abf9bc8ed59b", "vulnerability": {"vulnId": "CVE-2024-28987", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-15T00:00:00+00:00"}, "gcve": {"object_uuid": "7d28bf55-fbb8-4b37-9f58-abf9bc8ed59b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-10-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-10-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SolarWinds Web Help Desk Hardcoded Credential Vulnerability | Affected: SolarWinds / Web Help Desk | CVSS: 9.1 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-28987", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28987"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-28987"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SolarWinds Web Help Desk Hardcoded Credential Vulnerability", "vendor": "SolarWinds", "product": "Web Help Desk", "added_date": "2024-10-15T00:00:00.000Z", "cvss_score": 9.1, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "fe8e7aac-0c98-4b03-8171-8ce7a33ddf9f", "vulnerability": {"vulnId": "CVE-2024-9680", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-15T00:00:00+00:00"}, "gcve": {"object_uuid": "fe8e7aac-0c98-4b03-8171-8ce7a33ddf9f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-10-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-10-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of... | Affected: Mozilla / Firefox, Firefox ESR, Thunderbird | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-9680", "url": "https://www.cve.org/CVERecord?id=CVE-2024-9680"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-9680"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of...", "vendor": "Mozilla", "product": "Firefox, Firefox ESR, Thunderbird", "added_date": "2024-10-15T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "13030d2d-3dc0-4fb0-8ae5-db040f6fb549", "vulnerability": {"vulnId": "CVE-2024-30088", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-15T00:00:00+00:00"}, "gcve": {"object_uuid": "13030d2d-3dc0-4fb0-8ae5-db040f6fb549", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-10-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-10-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Kernel Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation) | CVSS: 7.0 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-30088", "url": "https://www.cve.org/CVERecord?id=CVE-2024-30088"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-30088"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Kernel Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation)", "added_date": "2024-10-15T00:00:00.000Z", "cvss_score": 7.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2834f5bf-2d5e-48dc-972a-62b225373a4c", "vulnerability": {"vulnId": "CVE-2024-23113", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-09T00:00:00+00:00"}, "gcve": {"object_uuid": "2834f5bf-2d5e-48dc-972a-62b225373a4c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-10-09T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-10-09T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13,... | Affected: Fortinet / FortiSwitchManager, FortiOS, FortiPAM, FortiProxy | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-23113", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23113"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-23113"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13,...", "vendor": "Fortinet", "product": "FortiSwitchManager, FortiOS, FortiPAM, FortiProxy", "added_date": "2024-10-09T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "098d109a-aef0-400e-8003-c4bcde3a3094", "vulnerability": {"vulnId": "CVE-2024-9379", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-09T00:00:00+00:00"}, "gcve": {"object_uuid": "098d109a-aef0-400e-8003-c4bcde3a3094", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-10-09T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-10-09T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run... | Affected: Ivanti / CSA (Cloud Services Appliance) | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-9379", "url": "https://www.cve.org/CVERecord?id=CVE-2024-9379"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-9379"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run...", "vendor": "Ivanti", "product": "CSA (Cloud Services Appliance)", "added_date": "2024-10-09T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "fb321bdb-b8c9-4299-b316-f52e37c595ba", "vulnerability": {"vulnId": "CVE-2024-9380", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-09T00:00:00+00:00"}, "gcve": {"object_uuid": "fb321bdb-b8c9-4299-b316-f52e37c595ba", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-10-09T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-10-09T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin... | Affected: Ivanti / CSA (Cloud Services Appliance) | CVSS: 7.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-9380", "url": "https://www.cve.org/CVERecord?id=CVE-2024-9380"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-9380"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin...", "vendor": "Ivanti", "product": "CSA (Cloud Services Appliance)", "added_date": "2024-10-09T00:00:00.000Z", "cvss_score": 7.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "882555de-67c5-4914-902e-8372601e0f28", "vulnerability": {"vulnId": "CVE-2024-43573", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-08T00:00:00+00:00"}, "gcve": {"object_uuid": "882555de-67c5-4914-902e-8372601e0f28", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-10-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-10-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows MSHTML Platform Spoofing Vulnerability | Affected: Microsoft / Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 21H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation) | CVSS: 6.5 (MEDIUM) | EPSS: 0.44382 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-43573", "url": "https://www.cve.org/CVERecord?id=CVE-2024-43573"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-43573"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows MSHTML Platform Spoofing Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 21H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation)", "added_date": "2024-10-08T00:00:00.000Z", "cvss_score": 6.5, "epss_score": 0.44382, "cvss_severity": "MEDIUM", "epss_percentile": 0.98597, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "fda312a5-6c93-461d-9c80-439201b61cb6", "vulnerability": {"vulnId": "CVE-2024-43572", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-08T00:00:00+00:00"}, "gcve": {"object_uuid": "fda312a5-6c93-461d-9c80-439201b61cb6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-10-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-10-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Management Console Remote Code Execution Vulnerability | Affected: Microsoft / Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 21H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation) | CVSS: 7.8 (HIGH) | EPSS: 0.60954 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-43572", "url": "https://www.cve.org/CVERecord?id=CVE-2024-43572"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-43572"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Management Console Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 21H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation)", "added_date": "2024-10-08T00:00:00.000Z", "cvss_score": 7.8, "epss_score": 0.60954, "cvss_severity": "HIGH", "epss_percentile": 0.99037, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "541a54a0-ce59-4ff6-bfb5-c14570548942", "vulnerability": {"vulnId": "CVE-2024-43047", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-08T00:00:00+00:00"}, "gcve": {"object_uuid": "541a54a0-ce59-4ff6-bfb5-c14570548942", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-10-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-10-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Use After Free in DSP Service | Affected: Qualcomm, Inc. / Snapdragon | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-43047", "url": "https://www.cve.org/CVERecord?id=CVE-2024-43047"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-43047"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use After Free in DSP Service", "vendor": "Qualcomm, Inc.", "product": "Snapdragon", "added_date": "2024-10-08T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "21980f8d-b08e-47a0-a710-c7bbd5f91dcf", "vulnerability": {"vulnId": "CVE-2024-45519", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-03T00:00:00+00:00"}, "gcve": {"object_uuid": "21980f8d-b08e-47a0-a710-c7bbd5f91dcf", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-10-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-10-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1... | Affected: Zimbra / Zimbra Collaboration | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-45519", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45519"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-45519"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1...", "vendor": "Zimbra", "product": "Zimbra Collaboration", "added_date": "2024-10-03T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "27be1b25-92c2-4f79-9628-939b179c79ae", "vulnerability": {"vulnId": "CVE-2024-29824", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-02T00:00:00+00:00"}, "gcve": {"object_uuid": "27be1b25-92c2-4f79-9628-939b179c79ae", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-10-02T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-10-02T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same... | Affected: Ivanti / EPM | CVSS: 8.8 (HIGH) | EPSS: 0.99951 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-29824", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29824"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-29824"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same...", "vendor": "Ivanti", "product": "EPM", "added_date": "2024-10-02T00:00:00.000Z", "cvss_score": 8.8, "epss_score": 0.99951, "cvss_severity": "HIGH", "epss_percentile": 0.99973, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2905808b-832e-4d19-b88c-514471fa2022", "vulnerability": {"vulnId": "CVE-2020-15415", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-30T00:00:00+00:00"}, "gcve": {"object_uuid": "2905808b-832e-4d19-b88c-514471fa2022", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-30T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-09-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via... | Affected: DrayTek / Vigor3900, Vigor2960, Vigor300B | CVSS: 9.8 (CRITICAL) | EPSS: 0.84599 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-15415", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15415"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-15415"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via...", "vendor": "DrayTek", "product": "Vigor3900, Vigor2960, Vigor300B", "added_date": "2024-09-30T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.84599, "cvss_severity": "CRITICAL", "epss_percentile": 0.99673, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b9809bd9-bbc8-4e32-9e0b-24ac76229b72", "vulnerability": {"vulnId": "CVE-2023-25280", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b9809bd9-bbc8-4e32-9e0b-24ac76229b72", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-30T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-09-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the... | Affected: D-Link / DIR820LA1_FW105B03 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-25280", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25280"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-25280"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the...", "vendor": "D-Link", "product": "DIR820LA1_FW105B03", "added_date": "2024-09-30T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4988e4b1-ae1c-4983-9cee-13ba3c5a06eb", "vulnerability": {"vulnId": "CVE-2019-0344", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-30T00:00:00+00:00"}, "gcve": {"object_uuid": "4988e4b1-ae1c-4983-9cee-13ba3c5a06eb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-30T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-09-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to... | Affected: SAP SE / SAP Commerce Cloud (virtualjdbc extension) | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-0344", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0344"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-0344"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to...", "vendor": "SAP SE", "product": "SAP Commerce Cloud (virtualjdbc extension)", "added_date": "2024-09-30T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b727b7ac-0978-4dcb-a166-106f650667ac", "vulnerability": {"vulnId": "CVE-2024-7593", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-24T00:00:00+00:00"}, "gcve": {"object_uuid": "b727b7ac-0978-4dcb-a166-106f650667ac", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-09-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker... | Affected: Ivanti / vTM | CVSS: 9.8 (CRITICAL) | EPSS: 0.99987 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-7593", "url": "https://www.cve.org/CVERecord?id=CVE-2024-7593"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-7593"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker...", "vendor": "Ivanti", "product": "vTM", "added_date": "2024-09-24T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99987, "cvss_severity": "CRITICAL", "epss_percentile": 0.99984, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "844b6364-ddcf-4ccd-bdf1-7469faea4525", "vulnerability": {"vulnId": "CVE-2024-8963", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-19T00:00:00+00:00"}, "gcve": {"object_uuid": "844b6364-ddcf-4ccd-bdf1-7469faea4525", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-19T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-09-19T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. | Affected: Ivanti / CSA (Cloud Services Appliance) | CVSS: 9.4 (CRITICAL) | EPSS: 0.98411 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-8963", "url": "https://www.cve.org/CVERecord?id=CVE-2024-8963"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-8963"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.", "vendor": "Ivanti", "product": "CSA (Cloud Services Appliance)", "added_date": "2024-09-19T00:00:00.000Z", "cvss_score": 9.4, "epss_score": 0.98411, "cvss_severity": "CRITICAL", "epss_percentile": 0.99912, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "288a36b4-0b13-4d23-8354-5c50f45c351a", "vulnerability": {"vulnId": "CVE-2022-21445", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-18T00:00:00+00:00"}, "gcve": {"object_uuid": "288a36b4-0b13-4d23-8354-5c50f45c351a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-09-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces).  Supported versions... | Affected: Oracle Corporation / Application Development Framework (ADF) | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-21445", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21445"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-21445"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces).  Supported versions...", "vendor": "Oracle Corporation", "product": "Application Development Framework (ADF)", "added_date": "2024-09-18T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ba8611bb-b1d6-4b79-b470-49fe959f4bf6", "vulnerability": {"vulnId": "CVE-2020-14644", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-18T00:00:00+00:00"}, "gcve": {"object_uuid": "ba8611bb-b1d6-4b79-b470-49fe959f4bf6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-09-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are... | Affected: Oracle Corporation / WebLogic Server | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-14644", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14644"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-14644"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are...", "vendor": "Oracle Corporation", "product": "WebLogic Server", "added_date": "2024-09-18T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f53d03d8-37d1-4f72-9c36-867086ba7bc0", "vulnerability": {"vulnId": "CVE-2020-0618", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-18T00:00:00+00:00"}, "gcve": {"object_uuid": "f53d03d8-37d1-4f72-9c36-867086ba7bc0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-09-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft... | Affected: Microsoft / Microsoft SQL Server, Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR), Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU), Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR), Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR), Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU) | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-0618", "url": "https://www.cve.org/CVERecord?id=CVE-2020-0618"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-0618"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft...", "vendor": "Microsoft", "product": "Microsoft SQL Server, Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR), Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU), Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR), Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR), Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU)", "added_date": "2024-09-18T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "fa453cbb-f461-45bf-a737-96923fb56305", "vulnerability": {"vulnId": "CVE-2024-27348", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-18T00:00:00+00:00"}, "gcve": {"object_uuid": "fa453cbb-f461-45bf-a737-96923fb56305", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-09-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Apache HugeGraph-Server: Command execution in gremlin | Affected: Apache Software Foundation / Apache HugeGraph-Server | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-27348", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27348"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-27348"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Apache HugeGraph-Server: Command execution in gremlin", "vendor": "Apache Software Foundation", "product": "Apache HugeGraph-Server", "added_date": "2024-09-18T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9e46d767-e62e-41ae-a97e-697bafea8307", "vulnerability": {"vulnId": "CVE-2014-0502", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-17T00:00:00+00:00"}, "gcve": {"object_uuid": "9e46d767-e62e-41ae-a97e-697bafea8307", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-17T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-09-17T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before... | Affected: Adobe / Flash Player | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2014-0502", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0502"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-0502"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2024-09-17T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "48743324-3098-4928-827a-1879e1e1bb62", "vulnerability": {"vulnId": "CVE-2013-0643", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-17T00:00:00+00:00"}, "gcve": {"object_uuid": "48743324-3098-4928-827a-1879e1e1bb62", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-17T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-09-17T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x... | Affected: Adobe / Flash Player | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-0643", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0643"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-0643"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2024-09-17T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "71b12c4f-bd14-4d8d-8a81-f667d593154f", "vulnerability": {"vulnId": "CVE-2014-0497", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-17T00:00:00+00:00"}, "gcve": {"object_uuid": "71b12c4f-bd14-4d8d-8a81-f667d593154f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-17T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-09-17T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before... | Affected: Adobe / Flash Player | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2014-0497", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0497"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-0497"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2024-09-17T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "227997fe-58d1-459b-a618-07980728a2d6", "vulnerability": {"vulnId": "CVE-2013-0648", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-17T00:00:00+00:00"}, "gcve": {"object_uuid": "227997fe-58d1-459b-a618-07980728a2d6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-17T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-09-17T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171... | Affected: Adobe / Flash Player | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-0648", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0648"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-0648"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2024-09-17T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c1e3791f-5472-41fb-b32a-589516f54924", "vulnerability": {"vulnId": "CVE-2024-43461", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-16T00:00:00+00:00"}, "gcve": {"object_uuid": "c1e3791f-5472-41fb-b32a-589516f54924", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-16T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-09-16T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows MSHTML Platform Spoofing Vulnerability | Affected: Microsoft / Windows 11 Version 24H2, Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-43461", "url": "https://www.cve.org/CVERecord?id=CVE-2024-43461"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-43461"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows MSHTML Platform Spoofing Vulnerability", "vendor": "Microsoft", "product": "Windows 11 Version 24H2, Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2024-09-16T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "1119e530-bdd0-4a7f-b1c8-cf1987d81bb9", "vulnerability": {"vulnId": "CVE-2024-6670", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-16T00:00:00+00:00"}, "gcve": {"object_uuid": "1119e530-bdd0-4a7f-b1c8-cf1987d81bb9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-16T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-09-16T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: WhatsUp Gold HasErrors SQL Injection Authentication Bypass Vulnerability | Affected: Progress Software Corporation / WhatsUp Gold | CVSS: 9.8 (CRITICAL) | EPSS: 0.94661 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-6670", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6670"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-6670"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WhatsUp Gold HasErrors SQL Injection Authentication Bypass Vulnerability", "vendor": "Progress Software Corporation", "product": "WhatsUp Gold", "added_date": "2024-09-16T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.94661, "cvss_severity": "CRITICAL", "epss_percentile": 0.99846, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "107c2e03-35dc-4c82-b2b6-f0e2a9066a9d", "vulnerability": {"vulnId": "CVE-2024-8190", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-13T00:00:00+00:00"}, "gcve": {"object_uuid": "107c2e03-35dc-4c82-b2b6-f0e2a9066a9d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-09-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker... | Affected: Ivanti / CSA (Cloud Services Appliance) | CVSS: 7.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-8190", "url": "https://www.cve.org/CVERecord?id=CVE-2024-8190"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-8190"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker...", "vendor": "Ivanti", "product": "CSA (Cloud Services Appliance)", "added_date": "2024-09-13T00:00:00.000Z", "cvss_score": 7.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "dd50117c-1343-4715-9de2-e7be1b21a28a", "vulnerability": {"vulnId": "CVE-2024-38014", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-10T00:00:00+00:00"}, "gcve": {"object_uuid": "dd50117c-1343-4715-9de2-e7be1b21a28a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-09-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Installer Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-38014", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38014"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-38014"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Installer Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2024-09-10T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "de0e6d43-0f20-4265-b3b7-f102adcf550c", "vulnerability": {"vulnId": "CVE-2024-38217", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-10T00:00:00+00:00"}, "gcve": {"object_uuid": "de0e6d43-0f20-4265-b3b7-f102adcf550c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-09-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Mark of the Web Security Feature Bypass Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 5.4 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-38217", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38217"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-38217"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Mark of the Web Security Feature Bypass Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2024-09-10T00:00:00.000Z", "cvss_score": 5.4, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "61e15524-df45-499e-be6e-ed4b3d0a73ff", "vulnerability": {"vulnId": "CVE-2024-38226", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-10T00:00:00+00:00"}, "gcve": {"object_uuid": "61e15524-df45-499e-be6e-ed4b3d0a73ff", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-09-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Publisher Security Feature Bypass Vulnerability | Affected: Microsoft / Microsoft Office 2019, Microsoft Office LTSC 2021, Microsoft Publisher 2016 | CVSS: 7.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-38226", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38226"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-38226"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Publisher Security Feature Bypass Vulnerability", "vendor": "Microsoft", "product": "Microsoft Office 2019, Microsoft Office LTSC 2021, Microsoft Publisher 2016", "added_date": "2024-09-10T00:00:00.000Z", "cvss_score": 7.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0f7017e4-88c3-4e9f-b513-b796efbc4ccc", "vulnerability": {"vulnId": "CVE-2024-40766", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-09T00:00:00+00:00"}, "gcve": {"object_uuid": "0f7017e4-88c3-4e9f-b513-b796efbc4ccc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-09T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-09-09T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized... | Affected: SonicWall / SonicOS | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-40766", "url": "https://www.cve.org/CVERecord?id=CVE-2024-40766"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-40766"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized...", "vendor": "SonicWall", "product": "SonicOS", "added_date": "2024-09-09T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7af6d2d1-0a58-44e6-9404-dbe14264262d", "vulnerability": {"vulnId": "CVE-2017-1000253", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-09T00:00:00+00:00"}, "gcve": {"object_uuid": "7af6d2d1-0a58-44e6-9404-dbe14264262d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-09T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-09-09T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86... | Affected: Linux / Kernel | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-1000253", "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000253"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-1000253"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86...", "vendor": "Linux", "product": "Kernel", "added_date": "2024-09-09T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "183e59f8-a7c6-4ec8-8270-c66fee80aa3b", "vulnerability": {"vulnId": "CVE-2016-3714", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-09T00:00:00+00:00"}, "gcve": {"object_uuid": "183e59f8-a7c6-4ec8-8270-c66fee80aa3b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-09T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-09-09T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before... | Affected: ImageMagick / ImageMagick | CVSS: 8.4 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-3714", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3714"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-3714"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before...", "vendor": "ImageMagick", "product": "ImageMagick", "added_date": "2024-09-09T00:00:00.000Z", "cvss_score": 8.4, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4247673f-0049-4b0c-a4e4-7da3a8b64655", "vulnerability": {"vulnId": "CVE-2024-45506", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-04T00:00:00+00:00"}, "gcve": {"object_uuid": "4247673f-0049-4b0c-a4e4-7da3a8b64655", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-04T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-09-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding... | Affected: HAProxy / HAProxy | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-45506", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45506"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-45506"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding...", "vendor": "HAProxy", "product": "HAProxy", "added_date": "2024-09-04T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a1761131-bc18-4fa3-ac94-122fbf32b674", "vulnerability": {"vulnId": "CVE-2021-20124", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a1761131-bc18-4fa3-ac94-122fbf32b674", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-09-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An... | Affected: Draytek / Draytek VigorConnect | CVSS: 7.5 (HIGH) | EPSS: 0.69248 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-20124", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20124"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-20124"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An...", "vendor": "Draytek", "product": "Draytek VigorConnect", "added_date": "2024-09-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.69248, "cvss_severity": "HIGH", "epss_percentile": 0.99271, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "aa0e4fd2-af66-4096-b566-2b68029bcc3a", "vulnerability": {"vulnId": "CVE-2024-7262", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-03T00:00:00+00:00"}, "gcve": {"object_uuid": "aa0e4fd2-af66-4096-b566-2b68029bcc3a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-09-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Arbitrary Code Execution in WPS Office | Affected: Kingsoft / WPS Office | CVSS: 9.3 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-7262", "url": "https://www.cve.org/CVERecord?id=CVE-2024-7262"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-7262"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Arbitrary Code Execution in WPS Office", "vendor": "Kingsoft", "product": "WPS Office", "added_date": "2024-09-03T00:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e6b894a6-5069-46a2-9eaa-81e64fcdf07f", "vulnerability": {"vulnId": "CVE-2021-20123", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e6b894a6-5069-46a2-9eaa-81e64fcdf07f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-09-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet... | Affected: Draytek / Draytek VigorConnect | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-20123", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20123"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-20123"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet...", "vendor": "Draytek", "product": "Draytek VigorConnect", "added_date": "2024-09-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3c4c5319-9367-4720-98a9-596c0060ed6a", "vulnerability": {"vulnId": "CVE-2024-7965", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-28T00:00:00+00:00"}, "gcve": {"object_uuid": "3c4c5319-9367-4720-98a9-596c0060ed6a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-08-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-7965", "url": "https://www.cve.org/CVERecord?id=CVE-2024-7965"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-7965"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a...", "vendor": "Google", "product": "Chrome", "added_date": "2024-08-28T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "95c66864-7a5b-4421-afc3-e6952f912179", "vulnerability": {"vulnId": "CVE-2024-38856", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-27T00:00:00+00:00"}, "gcve": {"object_uuid": "95c66864-7a5b-4421-afc3-e6952f912179", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-27T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-08-27T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code | Affected: Apache Software Foundation / Apache OFBiz | CVSS: 8.1 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-38856", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38856"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-38856"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code", "vendor": "Apache Software Foundation", "product": "Apache OFBiz", "added_date": "2024-08-27T00:00:00.000Z", "cvss_score": 8.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "922705b1-cacc-4bdb-aaef-6430c95b1a46", "vulnerability": {"vulnId": "CVE-2024-7971", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-26T00:00:00+00:00"}, "gcve": {"object_uuid": "922705b1-cacc-4bdb-aaef-6430c95b1a46", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-08-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page.... | Affected: Google / Chrome | CVSS: 9.6 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-7971", "url": "https://www.cve.org/CVERecord?id=CVE-2024-7971"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-7971"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page....", "vendor": "Google", "product": "Chrome", "added_date": "2024-08-26T00:00:00.000Z", "cvss_score": 9.6, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a16818ee-5abc-43e6-8709-bb82f6c17915", "vulnerability": {"vulnId": "CVE-2024-39717", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-23T00:00:00+00:00"}, "gcve": {"object_uuid": "a16818ee-5abc-43e6-8709-bb82f6c17915", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-08-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged... | Affected: Versa / Director | CVSS: 6.6 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-39717", "url": "https://www.cve.org/CVERecord?id=CVE-2024-39717"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-39717"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged...", "vendor": "Versa", "product": "Director", "added_date": "2024-08-23T00:00:00.000Z", "cvss_score": 6.6, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c1f392a1-7b41-4334-b92a-471cd4301ef0", "vulnerability": {"vulnId": "CVE-2024-28000", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-21T07:11:12+00:00"}, "gcve": {"object_uuid": "c1f392a1-7b41-4334-b92a-471cd4301ef0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-21T07:11:12+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-08-21T07:11:12+00:00"}, "scope": {"notes": "KEVIntel entry: WordPress LiteSpeed Cache plugin <= 6.3.0.1 - Unauthenticated Privilege Escalation vulnerability | Affected: LiteSpeed Technologies / LiteSpeed Cache | CVSS: 9.8 (CRITICAL) | EPSS: 0.55269 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-28000", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28000"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-28000"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WordPress LiteSpeed Cache plugin <= 6.3.0.1 - Unauthenticated Privilege Escalation vulnerability", "vendor": "LiteSpeed Technologies", "product": "LiteSpeed Cache", "added_date": "2024-08-21T07:11:12.000Z", "cvss_score": 9.8, "epss_score": 0.55269, "cvss_severity": "CRITICAL", "epss_percentile": 0.97894, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "bd634759-2776-452c-b514-a71b4c846c89", "vulnerability": {"vulnId": "CVE-2021-33045", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-21T00:00:00+00:00"}, "gcve": {"object_uuid": "bd634759-2776-452c-b514-a71b4c846c89", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-08-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity... | Affected: Dahua / Some Dahua IP Camera, Video Intercom, NVR, XVR devices | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-33045", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33045"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-33045"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity...", "vendor": "Dahua", "product": "Some Dahua IP Camera, Video Intercom, NVR, XVR devices", "added_date": "2024-08-21T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ecd3b523-90a2-481a-aaca-69bfc1e27200", "vulnerability": {"vulnId": "CVE-2022-0185", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-21T00:00:00+00:00"}, "gcve": {"object_uuid": "ecd3b523-90a2-481a-aaca-69bfc1e27200", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-08-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel... | Affected: Linux / kernel | CVSS: 8.4 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-0185", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0185"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-0185"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel...", "vendor": "Linux", "product": "kernel", "added_date": "2024-08-21T00:00:00.000Z", "cvss_score": 8.4, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "074a48b7-2209-41e5-a5d0-36c18930ddb9", "vulnerability": {"vulnId": "CVE-2021-33044", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-21T00:00:00+00:00"}, "gcve": {"object_uuid": "074a48b7-2209-41e5-a5d0-36c18930ddb9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-08-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity... | Affected: Dahua / Some Dahua IP Camera, Video Intercom, PTZ Dome Camera, Thermal Camera devices | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-33044", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33044"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-33044"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity...", "vendor": "Dahua", "product": "Some Dahua IP Camera, Video Intercom, PTZ Dome Camera, Thermal Camera devices", "added_date": "2024-08-21T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "01b0e627-b0fc-4af6-897d-6d6af2e42fec", "vulnerability": {"vulnId": "CVE-2021-31196", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-21T00:00:00+00:00"}, "gcve": {"object_uuid": "01b0e627-b0fc-4af6-897d-6d6af2e42fec", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-08-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Exchange Server Remote Code Execution Vulnerability | Affected: Microsoft / Microsoft Exchange Server 2019 Cumulative Update 9, Microsoft Exchange Server 2016 Cumulative Update 20, Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2016 Cumulative Update 21, Microsoft Exchange Server 2019 Cumulative Update 10 | CVSS: 7.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-31196", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31196"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-31196"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Exchange Server Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Microsoft Exchange Server 2019 Cumulative Update 9, Microsoft Exchange Server 2016 Cumulative Update 20, Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2016 Cumulative Update 21, Microsoft Exchange Server 2019 Cumulative Update 10", "added_date": "2024-08-21T00:00:00.000Z", "cvss_score": 7.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "abb28d25-c47c-4124-ae5c-d1d5763efdb5", "vulnerability": {"vulnId": "CVE-2024-23897", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-19T00:00:00+00:00"}, "gcve": {"object_uuid": "abb28d25-c47c-4124-ae5c-d1d5763efdb5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-19T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-08-19T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by... | Affected: Jenkins Project / Jenkins | CVSS: 9.8 (CRITICAL) | EPSS: 0.99999 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-23897", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23897"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-23897"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by...", "vendor": "Jenkins Project", "product": "Jenkins", "added_date": "2024-08-19T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99999, "cvss_severity": "CRITICAL", "epss_percentile": 0.99995, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b5e25404-67e4-44d6-8e58-939bed782997", "vulnerability": {"vulnId": "CVE-2024-28986", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-15T00:00:00+00:00"}, "gcve": {"object_uuid": "b5e25404-67e4-44d6-8e58-939bed782997", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-08-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability | Affected: SolarWinds / Web Help Desk | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-28986", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28986"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-28986"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability", "vendor": "SolarWinds", "product": "Web Help Desk", "added_date": "2024-08-15T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "78b1b035-8cd0-4c9c-acff-f46f9abff246", "vulnerability": {"vulnId": "CVE-2024-38213", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-13T00:00:00+00:00"}, "gcve": {"object_uuid": "78b1b035-8cd0-4c9c-acff-f46f9abff246", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-08-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Mark of the Web Security Feature Bypass Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-38213", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38213"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-38213"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Mark of the Web Security Feature Bypass Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2024-08-13T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3b80b492-656a-4b20-bb3f-7d97af7ff28e", "vulnerability": {"vulnId": "CVE-2024-38106", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-13T00:00:00+00:00"}, "gcve": {"object_uuid": "3b80b492-656a-4b20-bb3f-7d97af7ff28e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-08-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Kernel Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 11 Version 24H2 | CVSS: 7.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-38106", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38106"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-38106"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Kernel Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 11 Version 24H2", "added_date": "2024-08-13T00:00:00.000Z", "cvss_score": 7.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e5b20caf-abc6-4d6c-917c-fabeb0b33f3a", "vulnerability": {"vulnId": "CVE-2024-38107", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-13T00:00:00+00:00"}, "gcve": {"object_uuid": "e5b20caf-abc6-4d6c-917c-fabeb0b33f3a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-08-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Power Dependency Coordinator Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows 11 Version 24H2 | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-38107", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38107"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-38107"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Power Dependency Coordinator Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows 11 Version 24H2", "added_date": "2024-08-13T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5e67a83e-ab72-45ea-bd46-0161d5804635", "vulnerability": {"vulnId": "CVE-2024-38193", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-13T00:00:00+00:00"}, "gcve": {"object_uuid": "5e67a83e-ab72-45ea-bd46-0161d5804635", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-08-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 11 Version 24H2, Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-38193", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38193"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-38193"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 11 Version 24H2, Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2024-08-13T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3fd98688-1763-4a87-92e8-bb27acdeae9b", "vulnerability": {"vulnId": "CVE-2024-38189", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-13T00:00:00+00:00"}, "gcve": {"object_uuid": "3fd98688-1763-4a87-92e8-bb27acdeae9b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-08-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Project Remote Code Execution Vulnerability | Affected: Microsoft / Microsoft Office 2019, Microsoft 365 Apps for Enterprise, Microsoft Project 2016, Microsoft Office LTSC 2021 | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-38189", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38189"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-38189"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Project Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Microsoft Office 2019, Microsoft 365 Apps for Enterprise, Microsoft Project 2016, Microsoft Office LTSC 2021", "added_date": "2024-08-13T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0fd86a29-30f0-49cc-aa17-5db58a863710", "vulnerability": {"vulnId": "CVE-2024-38178", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-13T00:00:00+00:00"}, "gcve": {"object_uuid": "0fd86a29-30f0-49cc-aa17-5db58a863710", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-08-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Scripting Engine Memory Corruption Vulnerability | Affected: Microsoft / Windows 11 Version 24H2, Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-38178", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38178"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-38178"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Scripting Engine Memory Corruption Vulnerability", "vendor": "Microsoft", "product": "Windows 11 Version 24H2, Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2024-08-13T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "05a993ce-4dd3-49f0-82bb-dc7c72201a42", "vulnerability": {"vulnId": "CVE-2024-32113", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-07T00:00:00+00:00"}, "gcve": {"object_uuid": "05a993ce-4dd3-49f0-82bb-dc7c72201a42", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-08-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Apache OFBiz: Path traversal leading to RCE | Affected: Apache Software Foundation / Apache OFBiz | CVSS: 9.1 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-32113", "url": "https://www.cve.org/CVERecord?id=CVE-2024-32113"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-32113"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Apache OFBiz: Path traversal leading to RCE", "vendor": "Apache Software Foundation", "product": "Apache OFBiz", "added_date": "2024-08-07T00:00:00.000Z", "cvss_score": 9.1, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cce41074-144f-4cf5-8d78-65c0a30f0ef3", "vulnerability": {"vulnId": "CVE-2024-36971", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-07T00:00:00+00:00"}, "gcve": {"object_uuid": "cce41074-144f-4cf5-8d78-65c0a30f0ef3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-08-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: net: fix __dst_negative_advice() race | Affected: Linux / Linux | CVSS: 7.8 (HIGH) | EPSS: 0.02701 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-36971", "url": "https://www.cve.org/CVERecord?id=CVE-2024-36971"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-36971"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "net: fix __dst_negative_advice() race", "vendor": "Linux", "product": "Linux", "added_date": "2024-08-07T00:00:00.000Z", "cvss_score": 7.8, "epss_score": 0.02701, "cvss_severity": "HIGH", "epss_percentile": 0.83983, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e0a7d64a-1728-4f18-bb0e-f77a3e9c4c3d", "vulnerability": {"vulnId": "CVE-2018-0824", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-05T00:00:00+00:00"}, "gcve": {"object_uuid": "e0a7d64a-1728-4f18-bb0e-f77a3e9c4c3d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-05T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-08-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A remote code execution vulnerability exists in \"Microsoft COM for Windows\" when it fails to properly handle serialized objects, aka \"Microsoft COM... | Affected: Microsoft / Windows | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-0824", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0824"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-0824"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A remote code execution vulnerability exists in \"Microsoft COM for Windows\" when it fails to properly handle serialized objects, aka \"Microsoft COM...", "vendor": "Microsoft", "product": "Windows", "added_date": "2024-08-05T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9fe8b28a-5fb1-4bec-a179-e3ee0fd046ac", "vulnerability": {"vulnId": "CVE-2024-6220", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-07-31T09:34:09+00:00"}, "gcve": {"object_uuid": "9fe8b28a-5fb1-4bec-a179-e3ee0fd046ac", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-07-31T09:34:09+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-07-31T09:34:09+00:00"}, "scope": {"notes": "KEVIntel entry: \u7b80\u6570\u91c7\u96c6\u5668 (Keydatas) <= 2.5.2 - Unauthenticated Arbitrary File Upload | Affected: zhengdon / \u7b80\u6570\u91c7\u96c6\u5668 | CVSS: 9.8 (CRITICAL) | EPSS: 0.35708 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-6220", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6220"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-6220"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "\u7b80\u6570\u91c7\u96c6\u5668 (Keydatas) <= 2.5.2 - Unauthenticated Arbitrary File Upload", "vendor": "zhengdon", "product": "\u7b80\u6570\u91c7\u96c6\u5668", "added_date": "2024-07-31T09:34:09.000Z", "cvss_score": 9.8, "epss_score": 0.35708, "cvss_severity": "CRITICAL", "epss_percentile": 0.98255, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "26b12e43-cecf-48b5-91b7-a99b09637361", "vulnerability": {"vulnId": "CVE-2024-37085", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-07-30T00:00:00+00:00"}, "gcve": {"object_uuid": "26b12e43-cecf-48b5-91b7-a99b09637361", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-07-30T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-07-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: VMware ESXi contains an authentication bypass vulnerability.\u00a0A malicious actor with sufficient Active Directory (AD) permissions can gain full... | Affected: VMware / VMware ESXi, VMware Cloud Foundation | CVSS: 6.8 (MEDIUM) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-37085", "url": "https://www.cve.org/CVERecord?id=CVE-2024-37085"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-37085"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "VMware ESXi contains an authentication bypass vulnerability.\u00a0A malicious actor with sufficient Active Directory (AD) permissions can gain full...", "vendor": "VMware", "product": "VMware ESXi, VMware Cloud Foundation", "added_date": "2024-07-30T00:00:00.000Z", "cvss_score": 6.8, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "91ee8e99-f09f-4101-a4dc-0f5546d52a2d", "vulnerability": {"vulnId": "CVE-2024-4879", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-07-29T00:00:00+00:00"}, "gcve": {"object_uuid": "91ee8e99-f09f-4101-a4dc-0f5546d52a2d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-07-29T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-07-29T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Jelly Template Injection Vulnerability in ServiceNow UI Macros | Affected: ServiceNow / Now Platform | CVSS: 9.3 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-4879", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4879"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-4879"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Jelly Template Injection Vulnerability in ServiceNow UI Macros", "vendor": "ServiceNow", "product": "Now Platform", "added_date": "2024-07-29T00:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "bceb9057-e0d8-4205-9591-19bd7dd69e15", "vulnerability": {"vulnId": "CVE-2024-5217", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-07-29T00:00:00+00:00"}, "gcve": {"object_uuid": "bceb9057-e0d8-4205-9591-19bd7dd69e15", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-07-29T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-07-29T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Incomplete Input Validation in GlideExpression Script | Affected: ServiceNow / Now Platform | CVSS: 9.2 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-5217", "url": "https://www.cve.org/CVERecord?id=CVE-2024-5217"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-5217"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Incomplete Input Validation in GlideExpression Script", "vendor": "ServiceNow", "product": "Now Platform", "added_date": "2024-07-29T00:00:00.000Z", "cvss_score": 9.2, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b710645c-d6ca-4971-bbba-d1ef00698448", "vulnerability": {"vulnId": "CVE-2023-45249", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-07-29T00:00:00+00:00"}, "gcve": {"object_uuid": "b710645c-d6ca-4971-bbba-d1ef00698448", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-07-29T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-07-29T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build... | Affected: Acronis / Acronis Cyber Infrastructure | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-45249", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45249"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-45249"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build...", "vendor": "Acronis", "product": "Acronis Cyber Infrastructure", "added_date": "2024-07-29T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7f46d0a4-ba7c-45aa-8fd3-53ee0a4dd20d", "vulnerability": {"vulnId": "CVE-2024-39891", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-07-23T00:00:00+00:00"}, "gcve": {"object_uuid": "7f46d0a4-ba7c-45aa-8fd3-53ee0a4dd20d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-07-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-07-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to... | Affected: Twilio / Authy | CVSS: 5.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-39891", "url": "https://www.cve.org/CVERecord?id=CVE-2024-39891"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-39891"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to...", "vendor": "Twilio", "product": "Authy", "added_date": "2024-07-23T00:00:00.000Z", "cvss_score": 5.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2aa1502d-141c-4b69-9b1f-4998a8411ea4", "vulnerability": {"vulnId": "CVE-2012-4792", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-07-23T00:00:00+00:00"}, "gcve": {"object_uuid": "2aa1502d-141c-4b69-9b1f-4998a8411ea4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-07-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-07-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site... | Affected: Microsoft / Internet Explorer | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2012-4792", "url": "https://www.cve.org/CVERecord?id=CVE-2012-4792"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2012-4792"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site...", "vendor": "Microsoft", "product": "Internet Explorer", "added_date": "2024-07-23T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "dc369f6f-e555-44c2-a22c-61a821894ae4", "vulnerability": {"vulnId": "CVE-2022-22948", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-07-17T00:00:00+00:00"}, "gcve": {"object_uuid": "dc369f6f-e555-44c2-a22c-61a821894ae4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-07-17T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-07-17T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative... | Affected: VMware / VMware vCenter Server and VMware Cloud Foundation | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-22948", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22948"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-22948"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative...", "vendor": "VMware", "product": "VMware vCenter Server and VMware Cloud Foundation", "added_date": "2024-07-17T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "502bc1cc-43b2-4cda-8d8b-cb91432d3322", "vulnerability": {"vulnId": "CVE-2024-28995", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-07-17T00:00:00+00:00"}, "gcve": {"object_uuid": "502bc1cc-43b2-4cda-8d8b-cb91432d3322", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-07-17T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-07-17T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SolarWinds Serv-U L Directory Transversal Vulnerability | Affected: SolarWinds / SolarWinds Serv-U | CVSS: 8.6 (HIGH) | EPSS: 0.99614 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-28995", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28995"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-28995"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SolarWinds Serv-U L Directory Transversal Vulnerability", "vendor": "SolarWinds", "product": "SolarWinds Serv-U", "added_date": "2024-07-17T00:00:00.000Z", "cvss_score": 8.6, "epss_score": 0.99614, "cvss_severity": "HIGH", "epss_percentile": 0.99944, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "015ae765-e350-4510-b153-83b598e0849c", "vulnerability": {"vulnId": "CVE-2024-34102", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-07-17T00:00:00+00:00"}, "gcve": {"object_uuid": "015ae765-e350-4510-b153-83b598e0849c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-07-17T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-07-17T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: XXE can expose crypt key and other secrets granting full admin access | Affected: Adobe / Adobe Commerce | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-34102", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34102"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-34102"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "XXE can expose crypt key and other secrets granting full admin access", "vendor": "Adobe", "product": "Adobe Commerce", "added_date": "2024-07-17T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c355646b-953f-424b-9ce0-d86587c15063", "vulnerability": {"vulnId": "CVE-2024-36401", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-07-15T00:00:00+00:00"}, "gcve": {"object_uuid": "c355646b-953f-424b-9ce0-d86587c15063", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-07-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-07-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver | Affected: geoserver / geoserver | CVSS: 9.8 (CRITICAL) | EPSS: 0.99813 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-36401", "url": "https://www.cve.org/CVERecord?id=CVE-2024-36401"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-36401"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver", "vendor": "geoserver", "product": "geoserver", "added_date": "2024-07-15T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99813, "cvss_severity": "CRITICAL", "epss_percentile": 0.99957, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "93e968e5-6228-4836-bbae-78c3fb3b7e04", "vulnerability": {"vulnId": "CVE-2024-23692", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-07-09T00:00:00+00:00"}, "gcve": {"object_uuid": "93e968e5-6228-4836-bbae-78c3fb3b7e04", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-07-09T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-07-09T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Rejetto HTTP File Server 2.3m Unauthenticated RCE | Affected: Rejetto / HTTP File Server | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-23692", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23692"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-23692"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Rejetto HTTP File Server 2.3m Unauthenticated RCE", "vendor": "Rejetto", "product": "HTTP File Server", "added_date": "2024-07-09T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e4991fa1-a5e3-4f95-82c3-9f585f6539ec", "vulnerability": {"vulnId": "CVE-2024-38112", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-07-09T00:00:00+00:00"}, "gcve": {"object_uuid": "e4991fa1-a5e3-4f95-82c3-9f585f6539ec", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-07-09T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-07-09T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows MSHTML Platform Spoofing Vulnerability | Affected: Microsoft / Windows 10 Version 22H2, Windows 11 Version 23H2, Windows 10 Version 1507, Windows 11 version 22H2, Windows 10 Version 1607, Windows Server 2016, Windows 10 Version 21H2, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows 10 Version 1809, Windows Server 2012 R2, Windows 11 version 22H3, Windows Server 2012 R2 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2019 (Server Core installation), Windows 11 version 21H2, Windows Server 2019 | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-38112", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38112"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-38112"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows MSHTML Platform Spoofing Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 22H2, Windows 11 Version 23H2, Windows 10 Version 1507, Windows 11 version 22H2, Windows 10 Version 1607, Windows Server 2016, Windows 10 Version 21H2, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows 10 Version 1809, Windows Server 2012 R2, Windows 11 version 22H3, Windows Server 2012 R2 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2019 (Server Core installation), Windows 11 version 21H2, Windows Server 2019", "added_date": "2024-07-09T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4d3c22e3-9d4b-449d-9a21-454ef1c9075c", "vulnerability": {"vulnId": "CVE-2024-38080", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-07-09T00:00:00+00:00"}, "gcve": {"object_uuid": "4d3c22e3-9d4b-449d-9a21-454ef1c9075c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-07-09T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-07-09T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Hyper-V Elevation of Privilege Vulnerability | Affected: Microsoft / Windows Server 2022, Windows 11 version 21H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-38080", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38080"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-38080"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Hyper-V Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows Server 2022, Windows 11 version 21H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation)", "added_date": "2024-07-09T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "90f83066-3767-4d09-ae8c-71ccf32b7f57", "vulnerability": {"vulnId": "CVE-2024-20399", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-07-02T00:00:00+00:00"}, "gcve": {"object_uuid": "90f83066-3767-4d09-ae8c-71ccf32b7f57", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-07-02T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-07-02T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco NX-OS Software CLI Command Injection Vulnerability | Affected: Cisco / Cisco NX-OS Software | CVSS: 6.0 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-20399", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20399"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-20399"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco NX-OS Software CLI Command Injection Vulnerability", "vendor": "Cisco", "product": "Cisco NX-OS Software", "added_date": "2024-07-02T00:00:00.000Z", "cvss_score": 6.0, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a8c4ff65-8ff5-48aa-96ee-751c38699428", "vulnerability": {"vulnId": "CVE-2022-2586", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-06-26T00:00:00+00:00"}, "gcve": {"object_uuid": "a8c4ff65-8ff5-48aa-96ee-751c38699428", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-06-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-06-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table... | Affected: The Linux Kernel Organization / linux | CVSS: 5.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-2586", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2586"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-2586"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table...", "vendor": "The Linux Kernel Organization", "product": "linux", "added_date": "2024-06-26T00:00:00.000Z", "cvss_score": 5.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4e26e41e-c6a3-44ad-8fb8-76972e981648", "vulnerability": {"vulnId": "CVE-2022-24816", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-06-26T00:00:00+00:00"}, "gcve": {"object_uuid": "4e26e41e-c6a3-44ad-8fb8-76972e981648", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-06-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-06-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Improper Control of Generation of Code in jai-ext | Affected: geosolutions-it / jai-ext | CVSS: 10.0 (CRITICAL) | EPSS: 0.98684 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-24816", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24816"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-24816"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Improper Control of Generation of Code in jai-ext", "vendor": "geosolutions-it", "product": "jai-ext", "added_date": "2024-06-26T00:00:00.000Z", "cvss_score": 10.0, "epss_score": 0.98684, "cvss_severity": "CRITICAL", "epss_percentile": 0.99917, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8d1d1f21-1133-4408-8bce-532eaab37672", "vulnerability": {"vulnId": "CVE-2020-13965", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-06-26T00:00:00+00:00"}, "gcve": {"object_uuid": "8d1d1f21-1133-4408-8bce-532eaab37672", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-06-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-06-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is... | Affected: Roundcube / Webmail | CVSS: 6.1 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-13965", "url": "https://www.cve.org/CVERecord?id=CVE-2020-13965"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-13965"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is...", "vendor": "Roundcube", "product": "Webmail", "added_date": "2024-06-26T00:00:00.000Z", "cvss_score": 6.1, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a3b5bc14-e395-41dd-a7c5-ded8caed4b81", "vulnerability": {"vulnId": "CVE-2024-26169", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-06-13T00:00:00+00:00"}, "gcve": {"object_uuid": "a3b5bc14-e395-41dd-a7c5-ded8caed4b81", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-06-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-06-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Error Reporting Service Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-26169", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26169"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-26169"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Error Reporting Service Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2024-06-13T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2b0fb636-1dc4-488c-add6-7e3e78c13193", "vulnerability": {"vulnId": "CVE-2024-32896", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-06-13T00:00:00+00:00"}, "gcve": {"object_uuid": "2b0fb636-1dc4-488c-add6-7e3e78c13193", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-06-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-06-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: there is a possible way to bypass  due to a logic error in the code. This could lead to local escalation of privilege with no additional execution... | Affected: Google / Android | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-32896", "url": "https://www.cve.org/CVERecord?id=CVE-2024-32896"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-32896"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "there is a possible way to bypass  due to a logic error in the code. This could lead to local escalation of privilege with no additional execution...", "vendor": "Google", "product": "Android", "added_date": "2024-06-13T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "dacec9f7-0f03-4ecf-a403-154a94e505fc", "vulnerability": {"vulnId": "CVE-2024-4358", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-06-13T00:00:00+00:00"}, "gcve": {"object_uuid": "dacec9f7-0f03-4ecf-a403-154a94e505fc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-06-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-06-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Registration Authentication Bypass Vulnerability | Affected: Progress Software Corporation / Telerik Report Server | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-4358", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4358"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-4358"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Registration Authentication Bypass Vulnerability", "vendor": "Progress Software Corporation", "product": "Telerik Report Server", "added_date": "2024-06-13T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "117836dc-c35b-424b-9024-c301a57eda55", "vulnerability": {"vulnId": "CVE-2024-4577", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-06-12T00:00:00+00:00"}, "gcve": {"object_uuid": "117836dc-c35b-424b-9024-c301a57eda55", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-06-12T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-06-12T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Argument Injection in PHP-CGI | Affected: PHP Group / PHP | CVSS: 9.8 (CRITICAL) | EPSS: 0.99987 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-4577", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4577"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-4577"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Argument Injection in PHP-CGI", "vendor": "PHP Group", "product": "PHP", "added_date": "2024-06-12T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99987, "cvss_severity": "CRITICAL", "epss_percentile": 0.99984, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cbd7f6dd-c011-4110-aca8-50da8fbae77a", "vulnerability": {"vulnId": "CVE-2024-4610", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-06-12T00:00:00+00:00"}, "gcve": {"object_uuid": "cbd7f6dd-c011-4110-aca8-50da8fbae77a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-06-12T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-06-12T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Mali GPU Kernel Driver allows improper GPU memory processing operations | Affected: Arm Ltd / Bifrost GPU Kernel Driver, Valhall GPU Kernel Driver | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-4610", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4610"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-4610"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Mali GPU Kernel Driver allows improper GPU memory processing operations", "vendor": "Arm Ltd", "product": "Bifrost GPU Kernel Driver, Valhall GPU Kernel Driver", "added_date": "2024-06-12T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e70a30b7-6221-4a46-800d-7b8cba1f80b8", "vulnerability": {"vulnId": "CVE-2017-3506", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-06-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e70a30b7-6221-4a46-800d-7b8cba1f80b8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-06-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-06-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are... | Affected: Oracle Corporation / WebLogic Server | CVSS: 7.4 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-3506", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3506"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-3506"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are...", "vendor": "Oracle Corporation", "product": "WebLogic Server", "added_date": "2024-06-03T00:00:00.000Z", "cvss_score": 7.4, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ee905587-9b45-4bed-af43-e624c2c31395", "vulnerability": {"vulnId": "CVE-2024-24919", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-05-30T00:00:00+00:00"}, "gcve": {"object_uuid": "ee905587-9b45-4bed-af43-e624c2c31395", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-05-30T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-05-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Information disclosure | Affected: checkpoint / Check Point Quantum Gateway, Spark Gateway and CloudGuard Network | CVSS: 8.6 (HIGH) | EPSS: 0.99978 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-24919", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24919"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-24919"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Information disclosure", "vendor": "checkpoint", "product": "Check Point Quantum Gateway, Spark Gateway and CloudGuard Network", "added_date": "2024-05-30T00:00:00.000Z", "cvss_score": 8.6, "epss_score": 0.99978, "cvss_severity": "HIGH", "epss_percentile": 0.9998, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "50282e4d-1ac4-4fdf-accb-7aa5eeb39981", "vulnerability": {"vulnId": "CVE-2024-1086", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-05-30T00:00:00+00:00"}, "gcve": {"object_uuid": "50282e4d-1ac4-4fdf-accb-7aa5eeb39981", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-05-30T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-05-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Use-after-free in Linux kernel's netfilter: nf_tables component | Affected: Linux / Kernel | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-1086", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1086"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-1086"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use-after-free in Linux kernel's netfilter: nf_tables component", "vendor": "Linux", "product": "Kernel", "added_date": "2024-05-30T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "38122147-9963-4930-8540-d32bd78f50a0", "vulnerability": {"vulnId": "CVE-2024-4978", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-05-29T00:00:00+00:00"}, "gcve": {"object_uuid": "38122147-9963-4930-8540-d32bd78f50a0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-05-29T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-05-29T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Malicious Code in Justice AV Solutions (JAVS) Viewer | Affected: Justice AV Solutions / Viewer | CVSS: 8.7 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-4978", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4978"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-4978"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Malicious Code in Justice AV Solutions (JAVS) Viewer", "vendor": "Justice AV Solutions", "product": "Viewer", "added_date": "2024-05-29T00:00:00.000Z", "cvss_score": 8.7, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4a6b40ce-70a1-4d12-92df-2653017daaf1", "vulnerability": {"vulnId": "CVE-2024-5274", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-05-28T00:00:00+00:00"}, "gcve": {"object_uuid": "4a6b40ce-70a1-4d12-92df-2653017daaf1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-05-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-05-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted... | Affected: Google / Chrome | CVSS: 9.6 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-5274", "url": "https://www.cve.org/CVERecord?id=CVE-2024-5274"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-5274"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted...", "vendor": "Google", "product": "Chrome", "added_date": "2024-05-28T00:00:00.000Z", "cvss_score": 9.6, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ad77d10e-597f-493e-b755-812d7f11cfd7", "vulnerability": {"vulnId": "CVE-2020-17519", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "ad77d10e-597f-493e-b755-812d7f11cfd7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-05-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-05-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Apache Flink directory traversal attack: reading remote files through the REST API | Affected: Apache Software Foundation / Apache Flink | CVSS: 7.5 (HIGH) | EPSS: 0.97856 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-17519", "url": "https://www.cve.org/CVERecord?id=CVE-2020-17519"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-17519"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Apache Flink directory traversal attack: reading remote files through the REST API", "vendor": "Apache Software Foundation", "product": "Apache Flink", "added_date": "2024-05-23T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.97856, "cvss_severity": "HIGH", "epss_percentile": 0.99899, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "82f58859-183f-4120-8b74-fa8085c158e6", "vulnerability": {"vulnId": "CVE-2024-4947", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-05-20T00:00:00+00:00"}, "gcve": {"object_uuid": "82f58859-183f-4120-8b74-fa8085c158e6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-05-20T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-05-20T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted... | Affected: Google / Chrome | CVSS: 9.6 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-4947", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4947"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-4947"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted...", "vendor": "Google", "product": "Chrome", "added_date": "2024-05-20T00:00:00.000Z", "cvss_score": 9.6, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "28e798df-ab8d-4c86-9fbf-3b557a2d31cb", "vulnerability": {"vulnId": "CVE-2023-43208", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-05-20T00:00:00+00:00"}, "gcve": {"object_uuid": "28e798df-ab8d-4c86-9fbf-3b557a2d31cb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-05-20T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-05-20T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is... | Affected: NextGen Healthcare / Mirth Connect | CVSS: 9.8 (CRITICAL) | EPSS: 0.82708 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-43208", "url": "https://www.cve.org/CVERecord?id=CVE-2023-43208"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-43208"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is...", "vendor": "NextGen Healthcare", "product": "Mirth Connect", "added_date": "2024-05-20T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.82708, "cvss_severity": "CRITICAL", "epss_percentile": 0.99626, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e34a207e-d1ab-4d01-9ee9-1d22d3855863", "vulnerability": {"vulnId": "CVE-2021-40655", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-05-16T00:00:00+00:00"}, "gcve": {"object_uuid": "e34a207e-d1ab-4d01-9ee9-1d22d3855863", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-05-16T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-05-16T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a... | Affected: D-Link / DIR-605 B2 Firmware | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-40655", "url": "https://www.cve.org/CVERecord?id=CVE-2021-40655"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-40655"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a...", "vendor": "D-Link", "product": "DIR-605 B2 Firmware", "added_date": "2024-05-16T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "829ef1a7-34f2-4299-b6fe-921635956b93", "vulnerability": {"vulnId": "CVE-2024-4761", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-05-16T00:00:00+00:00"}, "gcve": {"object_uuid": "829ef1a7-34f2-4299-b6fe-921635956b93", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-05-16T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-05-16T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-4761", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4761"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-4761"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted...", "vendor": "Google", "product": "Chrome", "added_date": "2024-05-16T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4786a06b-a210-46e7-b8c4-a6f27d3b7873", "vulnerability": {"vulnId": "CVE-2014-100005", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-05-16T00:00:00+00:00"}, "gcve": {"object_uuid": "4786a06b-a210-46e7-b8c4-a6f27d3b7873", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-05-16T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-05-16T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers... | Affected: D-Link / DIR-600 router | CVSS: 8.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2014-100005", "url": "https://www.cve.org/CVERecord?id=CVE-2014-100005"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-100005"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers...", "vendor": "D-Link", "product": "DIR-600 router", "added_date": "2024-05-16T00:00:00.000Z", "cvss_score": 8.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0797a7bc-21ae-41f9-814c-7d1f4e533ffa", "vulnerability": {"vulnId": "CVE-2024-30051", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-05-14T00:00:00+00:00"}, "gcve": {"object_uuid": "0797a7bc-21ae-41f9-814c-7d1f4e533ffa", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-05-14T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-05-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows DWM Core Library Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-30051", "url": "https://www.cve.org/CVERecord?id=CVE-2024-30051"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-30051"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows DWM Core Library Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation)", "added_date": "2024-05-14T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2373d609-3b26-47ec-837a-523cad8b068b", "vulnerability": {"vulnId": "CVE-2024-30040", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-05-14T00:00:00+00:00"}, "gcve": {"object_uuid": "2373d609-3b26-47ec-837a-523cad8b068b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-05-14T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-05-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows MSHTML Platform Security Feature Bypass Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation) | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-30040", "url": "https://www.cve.org/CVERecord?id=CVE-2024-30040"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-30040"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows MSHTML Platform Security Feature Bypass Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation)", "added_date": "2024-05-14T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2d62430f-74f2-4a2a-86ae-ef47f83a69af", "vulnerability": {"vulnId": "CVE-2024-4671", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-05-13T00:00:00+00:00"}, "gcve": {"object_uuid": "2d62430f-74f2-4a2a-86ae-ef47f83a69af", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-05-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-05-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to... | Affected: Google / Chrome | CVSS: 9.6 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-4671", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4671"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-4671"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to...", "vendor": "Google", "product": "Chrome", "added_date": "2024-05-13T00:00:00.000Z", "cvss_score": 9.6, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "11bf6067-6e7a-46bb-9777-34ad3cb21b66", "vulnerability": {"vulnId": "CVE-2023-7028", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-05-01T00:00:00+00:00"}, "gcve": {"object_uuid": "11bf6067-6e7a-46bb-9777-34ad3cb21b66", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-05-01T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-05-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Weak Password Recovery Mechanism for Forgotten Password in GitLab | Affected: GitLab / GitLab | CVSS: 10.0 (CRITICAL) | EPSS: 0.94955 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-7028", "url": "https://www.cve.org/CVERecord?id=CVE-2023-7028"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-7028"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Weak Password Recovery Mechanism for Forgotten Password in GitLab", "vendor": "GitLab", "product": "GitLab", "added_date": "2024-05-01T00:00:00.000Z", "cvss_score": 10.0, "epss_score": 0.94955, "cvss_severity": "CRITICAL", "epss_percentile": 0.99851, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "323e57b9-7006-4e26-99f1-5bda99032d08", "vulnerability": {"vulnId": "CVE-2024-29988", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-04-30T00:00:00+00:00"}, "gcve": {"object_uuid": "323e57b9-7006-4e26-99f1-5bda99032d08", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-04-30T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-04-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SmartScreen Prompt Security Feature Bypass Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation) | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-29988", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29988"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-29988"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SmartScreen Prompt Security Feature Bypass Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation)", "added_date": "2024-04-30T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8221e3dd-53fb-49de-b66f-2d1e49ab2336", "vulnerability": {"vulnId": "CVE-2024-20353", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-04-24T00:00:00+00:00"}, "gcve": {"object_uuid": "8221e3dd-53fb-49de-b66f-2d1e49ab2336", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-04-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-04-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)... | Affected: Cisco / Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense Software | CVSS: 8.6 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-20353", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20353"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-20353"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)...", "vendor": "Cisco", "product": "Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense Software", "added_date": "2024-04-24T00:00:00.000Z", "cvss_score": 8.6, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "62f4cb71-87d6-491d-9248-4fe65eeb9c63", "vulnerability": {"vulnId": "CVE-2024-20359", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-04-24T00:00:00+00:00"}, "gcve": {"object_uuid": "62f4cb71-87d6-491d-9248-4fe65eeb9c63", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-04-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-04-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive... | Affected: Cisco / Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense Software | CVSS: 6.0 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-20359", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20359"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-20359"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive...", "vendor": "Cisco", "product": "Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense Software", "added_date": "2024-04-24T00:00:00.000Z", "cvss_score": 6.0, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "93902f97-29fe-438d-b491-ce31f3b56d3d", "vulnerability": {"vulnId": "CVE-2024-4040", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-04-24T00:00:00+00:00"}, "gcve": {"object_uuid": "93902f97-29fe-438d-b491-ce31f3b56d3d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-04-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-04-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unauthenticated arbitrary file read and remote code execution in CrushFTP | Affected: CrushFTP / CrushFTP | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-4040", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4040"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-4040"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unauthenticated arbitrary file read and remote code execution in CrushFTP", "vendor": "CrushFTP", "product": "CrushFTP", "added_date": "2024-04-24T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "37c992d1-3465-4718-a515-578f704cf0ff", "vulnerability": {"vulnId": "CVE-2022-38028", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-04-23T00:00:00+00:00"}, "gcve": {"object_uuid": "37c992d1-3465-4718-a515-578f704cf0ff", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-04-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-04-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Print Spooler Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 8.1, Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-38028", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38028"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-38028"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Print Spooler Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 8.1, Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2024-04-23T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "912ccbe8-e563-45ac-abd6-1c77b17be7e7", "vulnerability": {"vulnId": "CVE-2024-3400", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-04-12T00:00:00+00:00"}, "gcve": {"object_uuid": "912ccbe8-e563-45ac-abd6-1c77b17be7e7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-04-12T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-04-12T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect | Affected: Palo Alto Networks / PAN-OS, Cloud NGFW, Prisma Access | CVSS: 10.0 (CRITICAL) | EPSS: 0.99999 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-3400", "url": "https://www.cve.org/CVERecord?id=CVE-2024-3400"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-3400"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect", "vendor": "Palo Alto Networks", "product": "PAN-OS, Cloud NGFW, Prisma Access", "added_date": "2024-04-12T00:00:00.000Z", "cvss_score": 10.0, "epss_score": 0.99999, "cvss_severity": "CRITICAL", "epss_percentile": 1.0, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9fcaa899-e370-48f4-94a2-236b1f13375d", "vulnerability": {"vulnId": "CVE-2024-3273", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-04-11T00:00:00+00:00"}, "gcve": {"object_uuid": "9fcaa899-e370-48f4-94a2-236b1f13375d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-04-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-04-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi command injection | Affected: D-Link / DNS-320L, DNS-325, DNS-327L, DNS-340L | CVSS: 7.3 (HIGH) | EPSS: 0.99997 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-3273", "url": "https://www.cve.org/CVERecord?id=CVE-2024-3273"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-3273"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi command injection", "vendor": "D-Link", "product": "DNS-320L, DNS-325, DNS-327L, DNS-340L", "added_date": "2024-04-11T00:00:00.000Z", "cvss_score": 7.3, "epss_score": 0.99997, "cvss_severity": "HIGH", "epss_percentile": 0.99988, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5854aecf-9eab-4fc4-acdc-77de56ce0aa6", "vulnerability": {"vulnId": "CVE-2024-3272", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-04-11T00:00:00+00:00"}, "gcve": {"object_uuid": "5854aecf-9eab-4fc4-acdc-77de56ce0aa6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-04-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-04-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi hard-coded credentials | Affected: D-Link / DNS-320L, DNS-325, DNS-327L, DNS-340L | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-3272", "url": "https://www.cve.org/CVERecord?id=CVE-2024-3272"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-3272"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi hard-coded credentials", "vendor": "D-Link", "product": "DNS-320L, DNS-325, DNS-327L, DNS-340L", "added_date": "2024-04-11T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "30d29da2-5c0a-4abe-a978-819e4b1246be", "vulnerability": {"vulnId": "CVE-2024-29745", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-04-04T00:00:00+00:00"}, "gcve": {"object_uuid": "30d29da2-5c0a-4abe-a978-819e4b1246be", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-04-04T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-04-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution... | Affected: Google / Android | CVSS: 5.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-29745", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29745"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-29745"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution...", "vendor": "Google", "product": "Android", "added_date": "2024-04-04T00:00:00.000Z", "cvss_score": 5.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "bbb291f3-b331-480a-8d93-536014c7edf5", "vulnerability": {"vulnId": "CVE-2024-29748", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-04-04T00:00:00+00:00"}, "gcve": {"object_uuid": "bbb291f3-b331-480a-8d93-536014c7edf5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-04-04T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-04-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: there is a possible way to bypass  due to a logic error in the code. This could lead to local escalation of privilege with no additional execution... | Affected: Google / Android | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-29748", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29748"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-29748"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "there is a possible way to bypass  due to a logic error in the code. This could lead to local escalation of privilege with no additional execution...", "vendor": "Google", "product": "Android", "added_date": "2024-04-04T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c9ada165-4c13-445d-820d-15c95b720261", "vulnerability": {"vulnId": "CVE-2023-24955", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-03-26T00:00:00+00:00"}, "gcve": {"object_uuid": "c9ada165-4c13-445d-820d-15c95b720261", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-03-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-03-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft SharePoint Server Remote Code Execution Vulnerability | Affected: Microsoft / Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition | CVSS: 7.2 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-24955", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24955"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-24955"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft SharePoint Server Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition", "added_date": "2024-03-26T00:00:00.000Z", "cvss_score": 7.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b61ad739-0f5e-4622-8461-bd301f1c6046", "vulnerability": {"vulnId": "CVE-2019-7256", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "b61ad739-0f5e-4622-8461-bd301f1c6046", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Linear eMerge E3-Series devices allow Command Injections. | Affected: Linear / eMerge E3-Series | CVSS: 9.8 (CRITICAL) | EPSS: 0.97136 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-7256", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7256"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-7256"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Linear eMerge E3-Series devices allow Command Injections.", "vendor": "Linear", "product": "eMerge E3-Series", "added_date": "2024-03-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.97136, "cvss_severity": "CRITICAL", "epss_percentile": 0.99886, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ae8ed078-2726-4b66-aac5-d46904c64260", "vulnerability": {"vulnId": "CVE-2023-48788", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "ae8ed078-2726-4b66-aac5-d46904c64260", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2,... | Affected: Fortinet / FortiClientEMS | CVSS: 9.3 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-48788", "url": "https://www.cve.org/CVERecord?id=CVE-2023-48788"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-48788"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2,...", "vendor": "Fortinet", "product": "FortiClientEMS", "added_date": "2024-03-25T00:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a702a8d9-f6fb-451c-8042-f7be6fbaa092", "vulnerability": {"vulnId": "CVE-2021-44529", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "a702a8d9-f6fb-451c-8042-f7be6fbaa092", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with... | Affected: Ivanti / Ivanti EPM | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-44529", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44529"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-44529"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with...", "vendor": "Ivanti", "product": "Ivanti EPM", "added_date": "2024-03-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0f00143e-1359-45fd-89cd-6d239c8ad7ea", "vulnerability": {"vulnId": "CVE-2024-27198", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-03-07T00:00:00+00:00"}, "gcve": {"object_uuid": "0f00143e-1359-45fd-89cd-6d239c8ad7ea", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-03-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-03-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible | Affected: JetBrains / TeamCity | CVSS: 9.8 (CRITICAL) | EPSS: 0.99938 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-27198", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27198"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-27198"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible", "vendor": "JetBrains", "product": "TeamCity", "added_date": "2024-03-07T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99938, "cvss_severity": "CRITICAL", "epss_percentile": 0.99969, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "964b2c58-f14a-46bb-8a01-c258ccaaa0ae", "vulnerability": {"vulnId": "CVE-2024-23225", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-03-06T00:00:00+00:00"}, "gcve": {"object_uuid": "964b2c58-f14a-46bb-8a01-c258ccaaa0ae", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-03-06T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-03-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4,... | Affected: Apple / iOS and iPadOS, macOS, tvOS, visionOS, watchOS | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-23225", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23225"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-23225"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4,...", "vendor": "Apple", "product": "iOS and iPadOS, macOS, tvOS, visionOS, watchOS", "added_date": "2024-03-06T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "34c5379a-b7db-40e7-b54e-9f456e20f0c6", "vulnerability": {"vulnId": "CVE-2024-23296", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-03-06T00:00:00+00:00"}, "gcve": {"object_uuid": "34c5379a-b7db-40e7-b54e-9f456e20f0c6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-03-06T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-03-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.4 and iPadOS 17.4,... | Affected: Apple / iOS and iPadOS, macOS, tvOS, visionOS, watchOS | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-23296", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23296"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-23296"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.4 and iPadOS 17.4,...", "vendor": "Apple", "product": "iOS and iPadOS, macOS, tvOS, visionOS, watchOS", "added_date": "2024-03-06T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f17984f5-2584-4a23-8794-e70b8147e2f6", "vulnerability": {"vulnId": "CVE-2023-21237", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-03-05T00:00:00+00:00"}, "gcve": {"object_uuid": "f17984f5-2584-4a23-8794-e70b8147e2f6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-03-05T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-03-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or... | Affected: Google / Android | CVSS: 5.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-21237", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21237"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-21237"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or...", "vendor": "Google", "product": "Android", "added_date": "2024-03-05T00:00:00.000Z", "cvss_score": 5.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cbbdb7e6-7f84-4d3c-afa3-f334ea8adac8", "vulnerability": {"vulnId": "CVE-2021-36380", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-03-05T00:00:00+00:00"}, "gcve": {"object_uuid": "cbbdb7e6-7f84-4d3c-afa3-f334ea8adac8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-03-05T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-03-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dnsAddr /cgi/networkDiag.cgi. | Affected: Sunhillo / SureLine | CVSS: 9.8 (CRITICAL) | EPSS: 0.97599 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-36380", "url": "https://www.cve.org/CVERecord?id=CVE-2021-36380"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-36380"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dnsAddr /cgi/networkDiag.cgi.", "vendor": "Sunhillo", "product": "SureLine", "added_date": "2024-03-05T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.97599, "cvss_severity": "CRITICAL", "epss_percentile": 0.99894, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cfe6cbb7-10c5-4a8b-a981-8bf2c238c641", "vulnerability": {"vulnId": "CVE-2024-21338", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-03-04T00:00:00+00:00"}, "gcve": {"object_uuid": "cfe6cbb7-10c5-4a8b-a981-8bf2c238c641", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-03-04T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-03-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Kernel Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-21338", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21338"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-21338"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Kernel Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation)", "added_date": "2024-03-04T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b19bcaf2-3e3a-4ee4-a006-a39da074813b", "vulnerability": {"vulnId": "CVE-2023-29360", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-02-29T00:00:00+00:00"}, "gcve": {"object_uuid": "b19bcaf2-3e3a-4ee4-a006-a39da074813b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-02-29T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-02-29T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Streaming Service Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation) | CVSS: 8.4 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-29360", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29360"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-29360"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Streaming Service Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation)", "added_date": "2024-02-29T00:00:00.000Z", "cvss_score": 8.4, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "1a0313b9-e62f-4f9d-8dd0-a1f45023567b", "vulnerability": {"vulnId": "CVE-2024-1709", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-02-22T00:00:00+00:00"}, "gcve": {"object_uuid": "1a0313b9-e62f-4f9d-8dd0-a1f45023567b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-02-22T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-02-22T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Authentication bypass using an alternate path or channel | Affected: ConnectWise / ScreenConnect | CVSS: 10.0 (CRITICAL) | EPSS: 0.99959 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-1709", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1709"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-1709"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Authentication bypass using an alternate path or channel", "vendor": "ConnectWise", "product": "ScreenConnect", "added_date": "2024-02-22T00:00:00.000Z", "cvss_score": 10.0, "epss_score": 0.99959, "cvss_severity": "CRITICAL", "epss_percentile": 0.99974, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "143f7cf8-a4ab-4e82-a8d1-27e8d711757a", "vulnerability": {"vulnId": "CVE-2024-21410", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-02-15T00:00:00+00:00"}, "gcve": {"object_uuid": "143f7cf8-a4ab-4e82-a8d1-27e8d711757a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-02-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-02-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Exchange Server Elevation of Privilege Vulnerability | Affected: Microsoft / Microsoft Exchange Server 2016 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 13, Microsoft Exchange Server 2019 Cumulative Update 14 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-21410", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21410"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-21410"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Exchange Server Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Microsoft Exchange Server 2016 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 13, Microsoft Exchange Server 2019 Cumulative Update 14", "added_date": "2024-02-15T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "51154cc4-2b97-41cb-91f0-33734e33607f", "vulnerability": {"vulnId": "CVE-2020-3259", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-02-15T00:00:00+00:00"}, "gcve": {"object_uuid": "51154cc4-2b97-41cb-91f0-33734e33607f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-02-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-02-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Information Disclosure Vulnerability | Affected: Cisco / Cisco Adaptive Security Appliance (ASA) Software | CVSS: 7.5 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-3259", "url": "https://www.cve.org/CVERecord?id=CVE-2020-3259"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-3259"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Information Disclosure Vulnerability", "vendor": "Cisco", "product": "Cisco Adaptive Security Appliance (ASA) Software", "added_date": "2024-02-15T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7f49cb92-1e4a-41af-b9b6-bd989f106649", "vulnerability": {"vulnId": "CVE-2024-21351", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "7f49cb92-1e4a-41af-b9b6-bd989f106649", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-02-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-02-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows SmartScreen Security Feature Bypass Vulnerability | Affected: Microsoft / Windows 11 Version 23H2, Windows 11 version 22H3, Windows 10 Version 1809, Windows Server 2019, Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016 | CVSS: 7.6 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-21351", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21351"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-21351"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows SmartScreen Security Feature Bypass Vulnerability", "vendor": "Microsoft", "product": "Windows 11 Version 23H2, Windows 11 version 22H3, Windows 10 Version 1809, Windows Server 2019, Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016", "added_date": "2024-02-13T00:00:00.000Z", "cvss_score": 7.6, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7c79df1e-4155-4f94-90af-b469e2760eed", "vulnerability": {"vulnId": "CVE-2024-21412", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "7c79df1e-4155-4f94-90af-b469e2760eed", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-02-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-02-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Internet Shortcut Files Security Feature Bypass Vulnerability | Affected: Microsoft / Windows 11 version 21H2, Windows 10 Version 1809, Windows 10 Version 21H2, Windows Server 2022, Windows 11 version 22H2, Windows 10 Version 22H2, Windows Server 2019, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2019 (Server Core installation) | CVSS: 8.1 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-21412", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21412"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-21412"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Internet Shortcut Files Security Feature Bypass Vulnerability", "vendor": "Microsoft", "product": "Windows 11 version 21H2, Windows 10 Version 1809, Windows 10 Version 21H2, Windows Server 2022, Windows 11 version 22H2, Windows 10 Version 22H2, Windows Server 2019, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2019 (Server Core installation)", "added_date": "2024-02-13T00:00:00.000Z", "cvss_score": 8.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3c3c1d30-b0e3-4c0c-aaa3-57e166879818", "vulnerability": {"vulnId": "CVE-2023-43770", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-02-12T00:00:00+00:00"}, "gcve": {"object_uuid": "3c3c1d30-b0e3-4c0c-aaa3-57e166879818", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-02-12T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-02-12T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of... | Affected: Roundcube / Roundcube Webmail | CVSS: 6.1 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-43770", "url": "https://www.cve.org/CVERecord?id=CVE-2023-43770"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-43770"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of...", "vendor": "Roundcube", "product": "Roundcube Webmail", "added_date": "2024-02-12T00:00:00.000Z", "cvss_score": 6.1, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "81742b56-8d48-455a-9313-5add629addbb", "vulnerability": {"vulnId": "CVE-2024-21762", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-02-09T00:00:00+00:00"}, "gcve": {"object_uuid": "81742b56-8d48-455a-9313-5add629addbb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-02-09T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-02-09T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0... | Affected: Fortinet / FortiProxy, FortiOS | CVSS: 9.6 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-21762", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21762"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-21762"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0...", "vendor": "Fortinet", "product": "FortiProxy, FortiOS", "added_date": "2024-02-09T00:00:00.000Z", "cvss_score": 9.6, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "84e5155a-9af3-4fe6-8c46-1169f7b39763", "vulnerability": {"vulnId": "CVE-2024-23660", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-02-08T00:00:00+00:00"}, "gcve": {"object_uuid": "84e5155a-9af3-4fe6-8c46-1169f7b39763", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-02-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-02-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and... | Affected: Binance / Trust Wallet | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2024-23660", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23660"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-23660"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and...", "vendor": "Binance", "product": "Trust Wallet", "added_date": "2024-02-08T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "b6e138b9-ee04-499c-872d-50917d948b60", "vulnerability": {"vulnId": "CVE-2023-4762", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-02-06T00:00:00+00:00"}, "gcve": {"object_uuid": "b6e138b9-ee04-499c-872d-50917d948b60", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-02-06T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-02-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page.... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-4762", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4762"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-4762"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page....", "vendor": "Google", "product": "Chrome", "added_date": "2024-02-06T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "1b727bfc-b301-405b-b753-afc33d4d578b", "vulnerability": {"vulnId": "CVE-2022-48618", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-31T00:00:00+00:00"}, "gcve": {"object_uuid": "1b727bfc-b301-405b-b753-afc33d4d578b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-31T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-01-31T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An... | Affected: Apple / tvOS, macOS, iOS and iPadOS, watchOS | CVSS: 7.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-48618", "url": "https://www.cve.org/CVERecord?id=CVE-2022-48618"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-48618"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An...", "vendor": "Apple", "product": "tvOS, macOS, iOS and iPadOS, watchOS", "added_date": "2024-01-31T00:00:00.000Z", "cvss_score": 7.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9f401d0b-c303-4a24-a48e-8835987f240f", "vulnerability": {"vulnId": "CVE-2024-21893", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-31T00:00:00+00:00"}, "gcve": {"object_uuid": "9f401d0b-c303-4a24-a48e-8835987f240f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-31T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-01-31T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and... | Affected: Ivanti / ICS, IPS | CVSS: 8.2 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-21893", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21893"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-21893"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and...", "vendor": "Ivanti", "product": "ICS, IPS", "added_date": "2024-01-31T00:00:00.000Z", "cvss_score": 8.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "93fad5d0-2e3d-4681-a12f-64f5052eb2e5", "vulnerability": {"vulnId": "CVE-2023-22527", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-24T00:00:00+00:00"}, "gcve": {"object_uuid": "93fad5d0-2e3d-4681-a12f-64f5052eb2e5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-01-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an... | Affected: Atlassian / Confluence Data Center, Confluence Server | CVSS: 9.8 (CRITICAL) | EPSS: 0.99984 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-22527", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22527"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-22527"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an...", "vendor": "Atlassian", "product": "Confluence Data Center, Confluence Server", "added_date": "2024-01-24T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99984, "cvss_severity": "CRITICAL", "epss_percentile": 0.99982, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7b8c80dc-8b0b-486e-a482-f80809f816f7", "vulnerability": {"vulnId": "CVE-2024-23222", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-23T00:00:00+00:00"}, "gcve": {"object_uuid": "7b8c80dc-8b0b-486e-a482-f80809f816f7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-01-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A type confusion issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 15.8.7 and iPadOS 15.8.7, iOS 16.7.5 and iPadOS... | Affected: Apple / Safari, iOS and iPadOS, macOS, tvOS, visionOS | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-23222", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23222"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-23222"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A type confusion issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 15.8.7 and iPadOS 15.8.7, iOS 16.7.5 and iPadOS...", "vendor": "Apple", "product": "Safari, iOS and iPadOS, macOS, tvOS, visionOS", "added_date": "2024-01-23T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d970d20d-b355-42d6-9ac0-c258a4e83e00", "vulnerability": {"vulnId": "CVE-2023-34048", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-22T00:00:00+00:00"}, "gcve": {"object_uuid": "d970d20d-b355-42d6-9ac0-c258a4e83e00", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-22T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-01-22T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: VMware vCenter Server Out-of-Bounds Write Vulnerability | Affected: VMware / VMware vCenter Server, VMware Cloud Foundation (VMware vCenter Server) | CVSS: 9.8 (CRITICAL) | EPSS: 0.99212 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-34048", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34048"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-34048"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "VMware vCenter Server Out-of-Bounds Write Vulnerability", "vendor": "VMware", "product": "VMware vCenter Server, VMware Cloud Foundation (VMware vCenter Server)", "added_date": "2024-01-22T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99212, "cvss_severity": "CRITICAL", "epss_percentile": 0.99929, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b7ffdf54-05a9-403a-a8a4-bbf34dc85610", "vulnerability": {"vulnId": "CVE-2023-35082", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-18T00:00:00+00:00"}, "gcve": {"object_uuid": "b7ffdf54-05a9-403a-a8a4-bbf34dc85610", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-01-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of... | Affected: Ivanti / EPMM | CVSS: 9.8 (CRITICAL) | EPSS: 0.99999 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-35082", "url": "https://www.cve.org/CVERecord?id=CVE-2023-35082"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-35082"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of...", "vendor": "Ivanti", "product": "EPMM", "added_date": "2024-01-18T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99999, "cvss_severity": "CRITICAL", "epss_percentile": 0.99996, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "be7730db-96b2-4761-8ed7-01b014129104", "vulnerability": {"vulnId": "CVE-2023-6549", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-17T00:00:00+00:00"}, "gcve": {"object_uuid": "be7730db-96b2-4761-8ed7-01b014129104", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-17T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-01-17T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of... | Affected: Cloud Software Group / NetScaler ADC | CVSS: 8.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-6549", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6549"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-6549"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of...", "vendor": "Cloud Software Group", "product": "NetScaler ADC", "added_date": "2024-01-17T00:00:00.000Z", "cvss_score": 8.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e17f1f39-b4fb-4449-9a87-6579237cf6f1", "vulnerability": {"vulnId": "CVE-2024-0519", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-17T00:00:00+00:00"}, "gcve": {"object_uuid": "e17f1f39-b4fb-4449-9a87-6579237cf6f1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-17T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-01-17T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-0519", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0519"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-0519"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a...", "vendor": "Google", "product": "Chrome", "added_date": "2024-01-17T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "29b98f57-682d-44d0-847e-e17dcadce566", "vulnerability": {"vulnId": "CVE-2023-6548", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-17T00:00:00+00:00"}, "gcve": {"object_uuid": "29b98f57-682d-44d0-847e-e17dcadce566", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-17T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-01-17T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway\u00a0allows an attacker with\u00a0access\u00a0to... | Affected: Cloud Software Group / NetScaler ADC, NetScaler Gateway | CVSS: 5.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-6548", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6548"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-6548"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway\u00a0allows an attacker with\u00a0access\u00a0to...", "vendor": "Cloud Software Group", "product": "NetScaler ADC, NetScaler Gateway", "added_date": "2024-01-17T00:00:00.000Z", "cvss_score": 5.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6b369fa6-1dc6-45c3-aeba-1a121c7a69f7", "vulnerability": {"vulnId": "CVE-2018-15133", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-16T00:00:00+00:00"}, "gcve": {"object_uuid": "6b369fa6-1dc6-45c3-aeba-1a121c7a69f7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-16T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-01-16T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially... | Affected: Laravel / Laravel Framework | CVSS: 8.1 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-15133", "url": "https://www.cve.org/CVERecord?id=CVE-2018-15133"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-15133"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially...", "vendor": "Laravel", "product": "Laravel Framework", "added_date": "2024-01-16T00:00:00.000Z", "cvss_score": 8.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "89ea04e1-b7cf-4219-a303-1edb998f1a28", "vulnerability": {"vulnId": "CVE-2023-46805", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "89ea04e1-b7cf-4219-a303-1edb998f1a28", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-01-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access... | Affected: Ivanti / ICS, IPS | CVSS: 8.2 (HIGH) | EPSS: 0.99986 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-46805", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46805"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-46805"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access...", "vendor": "Ivanti", "product": "ICS, IPS", "added_date": "2024-01-10T00:00:00.000Z", "cvss_score": 8.2, "epss_score": 0.99986, "cvss_severity": "HIGH", "epss_percentile": 0.99983, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "771bf595-0a6f-4880-9398-f7eb6cfa2496", "vulnerability": {"vulnId": "CVE-2023-29357", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "771bf595-0a6f-4880-9398-f7eb6cfa2496", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-01-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft SharePoint Server Elevation of Privilege Vulnerability | Affected: Microsoft / Microsoft SharePoint Server 2019 | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-29357", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29357"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-29357"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft SharePoint Server Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Microsoft SharePoint Server 2019", "added_date": "2024-01-10T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "1b38c847-741b-4548-8b48-0a7343a40684", "vulnerability": {"vulnId": "CVE-2024-21887", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "1b38c847-741b-4548-8b48-0a7343a40684", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-01-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x)  allows an... | Affected: Ivanti / ICS, IPS | CVSS: 9.1 (CRITICAL) | EPSS: 0.99999 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2024-21887", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21887"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-21887"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x)  allows an...", "vendor": "Ivanti", "product": "ICS, IPS", "added_date": "2024-01-10T00:00:00.000Z", "cvss_score": 9.1, "epss_score": 0.99999, "cvss_severity": "CRITICAL", "epss_percentile": 1.0, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "07b284f4-d701-4278-9d90-51f52afe8cfd", "vulnerability": {"vulnId": "CVE-2023-29300", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-08T00:00:00+00:00"}, "gcve": {"object_uuid": "07b284f4-d701-4278-9d90-51f52afe8cfd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-01-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe ColdFusion Deserialization of Untrusted Data Arbitrary code execution | Affected: Adobe / ColdFusion | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-29300", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29300"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-29300"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe ColdFusion Deserialization of Untrusted Data Arbitrary code execution", "vendor": "Adobe", "product": "ColdFusion", "added_date": "2024-01-08T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "982191ea-a32f-4453-a5cc-be2126df49a6", "vulnerability": {"vulnId": "CVE-2023-27524", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-08T00:00:00+00:00"}, "gcve": {"object_uuid": "982191ea-a32f-4453-a5cc-be2126df49a6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-01-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Apache Superset: Session validation vulnerability when using provided default SECRET_KEY | Affected: Apache Software Foundation / Apache Superset | CVSS: 8.9 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-27524", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27524"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-27524"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Apache Superset: Session validation vulnerability when using provided default SECRET_KEY", "vendor": "Apache Software Foundation", "product": "Apache Superset", "added_date": "2024-01-08T00:00:00.000Z", "cvss_score": 8.9, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8f6bc120-d6f0-43d0-b146-fd04621eb4ad", "vulnerability": {"vulnId": "CVE-2023-38203", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-08T00:00:00+00:00"}, "gcve": {"object_uuid": "8f6bc120-d6f0-43d0-b146-fd04621eb4ad", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-01-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Analysis CVE-2023-29300 Bypass: Adobe ColdFusion Pre-Auth RCE | Affected: Adobe / ColdFusion | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-38203", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38203"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-38203"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Analysis CVE-2023-29300 Bypass: Adobe ColdFusion Pre-Auth RCE", "vendor": "Adobe", "product": "ColdFusion", "added_date": "2024-01-08T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "281ee4ad-308a-41f0-a946-2352b7558e69", "vulnerability": {"vulnId": "CVE-2016-20017", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-08T00:00:00+00:00"}, "gcve": {"object_uuid": "281ee4ad-308a-41f0-a946-2352b7558e69", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-01-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in... | Affected: D-Link / DSL-2750B | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-20017", "url": "https://www.cve.org/CVERecord?id=CVE-2016-20017"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-20017"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in...", "vendor": "D-Link", "product": "DSL-2750B", "added_date": "2024-01-08T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d3c51f06-8796-4326-bfd2-9571112a482b", "vulnerability": {"vulnId": "CVE-2023-41990", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-08T00:00:00+00:00"}, "gcve": {"object_uuid": "d3c51f06-8796-4326-bfd2-9571112a482b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-01-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS... | Affected: Apple / iOS and iPadOS, tvOS, macOS, watchOS | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-41990", "url": "https://www.cve.org/CVERecord?id=CVE-2023-41990"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-41990"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS...", "vendor": "Apple", "product": "iOS and iPadOS, tvOS, macOS, watchOS", "added_date": "2024-01-08T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ae8b6312-cbaa-4a2e-8666-ff2c30c69f2a", "vulnerability": {"vulnId": "CVE-2023-23752", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-08T00:00:00+00:00"}, "gcve": {"object_uuid": "ae8b6312-cbaa-4a2e-8666-ff2c30c69f2a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-01-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: [20230201] - Core - Improper access check in webservice endpoints | Affected: Joomla! Project / Joomla! CMS | CVSS: 5.3 (MEDIUM) | EPSS: 0.99827 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-23752", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23752"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-23752"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "[20230201] - Core - Improper access check in webservice endpoints", "vendor": "Joomla! Project", "product": "Joomla! CMS", "added_date": "2024-01-08T00:00:00.000Z", "cvss_score": 5.3, "epss_score": 0.99827, "cvss_severity": "MEDIUM", "epss_percentile": 0.99959, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4d04ad56-b936-4c66-aaea-76b57ad7a638", "vulnerability": {"vulnId": "CVE-2023-7101", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-02T00:00:00+00:00"}, "gcve": {"object_uuid": "4d04ad56-b936-4c66-aaea-76b57ad7a638", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-02T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-01-02T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Arbitrary Code Execution (ACE) Vulnerability | Affected: Douglas Wilson / Spreadsheet::ParseExcel | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-7101", "url": "https://www.cve.org/CVERecord?id=CVE-2023-7101"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-7101"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Arbitrary Code Execution (ACE) Vulnerability", "vendor": "Douglas Wilson", "product": "Spreadsheet::ParseExcel", "added_date": "2024-01-02T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ab3ac150-3b2b-46d9-b837-6c6cdd91a10f", "vulnerability": {"vulnId": "CVE-2023-7024", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-02T00:00:00+00:00"}, "gcve": {"object_uuid": "ab3ac150-3b2b-46d9-b837-6c6cdd91a10f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-02T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-01-02T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-7024", "url": "https://www.cve.org/CVERecord?id=CVE-2023-7024"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-7024"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a...", "vendor": "Google", "product": "Chrome", "added_date": "2024-01-02T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "45597e9c-6608-4d46-9859-6f72eb5b21f4", "vulnerability": {"vulnId": "CVE-2023-47565", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-12-21T00:00:00+00:00"}, "gcve": {"object_uuid": "45597e9c-6608-4d46-9859-6f72eb5b21f4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-12-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-12-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Legacy VioStor NVR | Affected: QNAP Systems Inc. / VioStor NVR | CVSS: 8.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-47565", "url": "https://www.cve.org/CVERecord?id=CVE-2023-47565"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-47565"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Legacy VioStor NVR", "vendor": "QNAP Systems Inc.", "product": "VioStor NVR", "added_date": "2023-12-21T00:00:00.000Z", "cvss_score": 8.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "902d46c5-7709-44da-8637-659d134eb73d", "vulnerability": {"vulnId": "CVE-2023-49897", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-12-21T00:00:00+00:00"}, "gcve": {"object_uuid": "902d46c5-7709-44da-8637-659d134eb73d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-12-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-12-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this... | Affected: FXC Inc. / AE1021PE, AE1021 | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-49897", "url": "https://www.cve.org/CVERecord?id=CVE-2023-49897"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-49897"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this...", "vendor": "FXC Inc.", "product": "AE1021PE, AE1021", "added_date": "2023-12-21T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "14b58b13-c8b3-4184-97fa-ed317cf0967f", "vulnerability": {"vulnId": "CVE-2023-6448", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-12-11T00:00:00+00:00"}, "gcve": {"object_uuid": "14b58b13-c8b3-4184-97fa-ed317cf0967f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-12-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-12-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unitronics VisiLogic uses a default administrative password | Affected: Unitronics / VisiLogic | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-6448", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6448"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-6448"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unitronics VisiLogic uses a default administrative password", "vendor": "Unitronics", "product": "VisiLogic", "added_date": "2023-12-11T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "bbd5d9cf-8334-4963-9507-f30f8ba10436", "vulnerability": {"vulnId": "CVE-2023-41266", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-12-07T00:00:00+00:00"}, "gcve": {"object_uuid": "bbd5d9cf-8334-4963-9507-f30f8ba10436", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-12-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-12-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and... | Affected: Qlik / Qlik Sense Enterprise for Windows | CVSS: 8.2 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-41266", "url": "https://www.cve.org/CVERecord?id=CVE-2023-41266"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-41266"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and...", "vendor": "Qlik", "product": "Qlik Sense Enterprise for Windows", "added_date": "2023-12-07T00:00:00.000Z", "cvss_score": 8.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a0133c74-f743-4c98-9e3d-b1d2a4baff7c", "vulnerability": {"vulnId": "CVE-2023-41265", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-12-07T00:00:00+00:00"}, "gcve": {"object_uuid": "a0133c74-f743-4c98-9e3d-b1d2a4baff7c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-12-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-12-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7... | Affected: Qlik / Qlik Sense Enterprise for Windows | CVSS: 9.6 (CRITICAL) | EPSS: 0.84967 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-41265", "url": "https://www.cve.org/CVERecord?id=CVE-2023-41265"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-41265"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7...", "vendor": "Qlik", "product": "Qlik Sense Enterprise for Windows", "added_date": "2023-12-07T00:00:00.000Z", "cvss_score": 9.6, "epss_score": 0.84967, "cvss_severity": "CRITICAL", "epss_percentile": 0.99683, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "364b0fc8-85cd-4352-aa62-6581d90bf1c2", "vulnerability": {"vulnId": "CVE-2023-33063", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-12-05T00:00:00+00:00"}, "gcve": {"object_uuid": "364b0fc8-85cd-4352-aa62-6581d90bf1c2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-12-05T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-12-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Use After Free in DSP Services | Affected: Qualcomm, Inc. / Snapdragon | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-33063", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33063"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-33063"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use After Free in DSP Services", "vendor": "Qualcomm, Inc.", "product": "Snapdragon", "added_date": "2023-12-05T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "83d8aefe-560a-45ca-b94e-64ca2385c6b0", "vulnerability": {"vulnId": "CVE-2023-33107", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-12-05T00:00:00+00:00"}, "gcve": {"object_uuid": "83d8aefe-560a-45ca-b94e-64ca2385c6b0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-12-05T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-12-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Integer Overflow or Wraparound in Graphics Linux | Affected: Qualcomm, Inc. / Snapdragon | CVSS: 8.4 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-33107", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33107"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-33107"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Integer Overflow or Wraparound in Graphics Linux", "vendor": "Qualcomm, Inc.", "product": "Snapdragon", "added_date": "2023-12-05T00:00:00.000Z", "cvss_score": 8.4, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7f451ab0-e0e3-4483-a954-d8a4a2a00433", "vulnerability": {"vulnId": "CVE-2023-33106", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-12-05T00:00:00+00:00"}, "gcve": {"object_uuid": "7f451ab0-e0e3-4483-a954-d8a4a2a00433", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-12-05T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-12-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Use of Out-of-range Pointer Offset in Graphics | Affected: Qualcomm, Inc. / Snapdragon | CVSS: 8.4 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-33106", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33106"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-33106"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use of Out-of-range Pointer Offset in Graphics", "vendor": "Qualcomm, Inc.", "product": "Snapdragon", "added_date": "2023-12-05T00:00:00.000Z", "cvss_score": 8.4, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8db9edf0-2b76-4226-ac03-48fb5cb87b34", "vulnerability": {"vulnId": "CVE-2022-22071", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-12-05T00:00:00+00:00"}, "gcve": {"object_uuid": "8db9edf0-2b76-4226-ac03-48fb5cb87b34", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-12-05T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-12-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto,... | Affected: Qualcomm, Inc. / Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | CVSS: 8.4 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-22071", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22071"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-22071"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto,...", "vendor": "Qualcomm, Inc.", "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music", "added_date": "2023-12-05T00:00:00.000Z", "cvss_score": 8.4, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "751fd4b1-024a-4220-8e4e-08cbc5fedc13", "vulnerability": {"vulnId": "CVE-2023-42917", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-12-04T00:00:00+00:00"}, "gcve": {"object_uuid": "751fd4b1-024a-4220-8e4e-08cbc5fedc13", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-12-04T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-12-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2,... | Affected: Apple / Safari, macOS, iOS and iPadOS | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-42917", "url": "https://www.cve.org/CVERecord?id=CVE-2023-42917"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-42917"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2,...", "vendor": "Apple", "product": "Safari, macOS, iOS and iPadOS", "added_date": "2023-12-04T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "77936040-5a71-4670-9b49-dabaa7321daf", "vulnerability": {"vulnId": "CVE-2023-42916", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-12-04T00:00:00+00:00"}, "gcve": {"object_uuid": "77936040-5a71-4670-9b49-dabaa7321daf", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-12-04T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-12-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2,... | Affected: Apple / Safari, macOS, iOS and iPadOS | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-42916", "url": "https://www.cve.org/CVERecord?id=CVE-2023-42916"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-42916"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2,...", "vendor": "Apple", "product": "Safari, macOS, iOS and iPadOS", "added_date": "2023-12-04T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5bef38cc-9e7f-47cb-b27d-da190f86efd6", "vulnerability": {"vulnId": "CVE-2023-6345", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-11-30T00:00:00+00:00"}, "gcve": {"object_uuid": "5bef38cc-9e7f-47cb-b27d-da190f86efd6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-30T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-11-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially... | Affected: Google / Chrome | CVSS: 9.6 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-6345", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6345"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-6345"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially...", "vendor": "Google", "product": "Chrome", "added_date": "2023-11-30T00:00:00.000Z", "cvss_score": 9.6, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e2593ee9-ef74-4486-a0e2-6dd7183b1b9c", "vulnerability": {"vulnId": "CVE-2023-49103", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-11-30T00:00:00+00:00"}, "gcve": {"object_uuid": "e2593ee9-ef74-4486-a0e2-6dd7183b1b9c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-30T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-11-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party... | Affected: ownCloud / owncloud/graphapi | CVSS: 10.0 (CRITICAL) | EPSS: 0.78428 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-49103", "url": "https://www.cve.org/CVERecord?id=CVE-2023-49103"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-49103"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party...", "vendor": "ownCloud", "product": "owncloud/graphapi", "added_date": "2023-11-30T00:00:00.000Z", "cvss_score": 10.0, "epss_score": 0.78428, "cvss_severity": "CRITICAL", "epss_percentile": 0.99528, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "eb882a7c-6ed8-4e07-b5fa-a37bf8069a2e", "vulnerability": {"vulnId": "CVE-2023-4911", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-11-21T00:00:00+00:00"}, "gcve": {"object_uuid": "eb882a7c-6ed8-4e07-b5fa-a37bf8069a2e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-11-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Glibc: buffer overflow in ld.so leading to privilege escalation | Affected: , Red Hat / , Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.6 Extended Update Support, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 9.0 Extended Update Support, Red Hat Virtualization 4 for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7 | CVSS: 7.8 (HIGH) | EPSS: 0.78607 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-4911", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4911"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-4911"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Glibc: buffer overflow in ld.so leading to privilege escalation", "vendor": ", Red Hat", "product": ", Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.6 Extended Update Support, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 9.0 Extended Update Support, Red Hat Virtualization 4 for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7", "added_date": "2023-11-21T00:00:00.000Z", "cvss_score": 7.8, "epss_score": 0.78607, "cvss_severity": "HIGH", "epss_percentile": 0.99533, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "92513da5-9c0d-4159-a886-3b4531ffb70f", "vulnerability": {"vulnId": "CVE-2020-2551", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-11-16T00:00:00+00:00"}, "gcve": {"object_uuid": "92513da5-9c0d-4159-a886-3b4531ffb70f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-16T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-11-16T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are... | Affected: Oracle Corporation / WebLogic Server | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-2551", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2551"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-2551"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are...", "vendor": "Oracle Corporation", "product": "WebLogic Server", "added_date": "2023-11-16T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a0afe0d0-92da-4267-a52f-b2b9494b0f79", "vulnerability": {"vulnId": "CVE-2023-1671", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-11-16T00:00:00+00:00"}, "gcve": {"object_uuid": "a0afe0d0-92da-4267-a52f-b2b9494b0f79", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-16T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-11-16T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of... | Affected: Sophos / Sophos Web Appliance | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-1671", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1671"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-1671"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of...", "vendor": "Sophos", "product": "Sophos Web Appliance", "added_date": "2023-11-16T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "527f667c-44e2-45c3-bf55-4ce6365dd8fe", "vulnerability": {"vulnId": "CVE-2023-36584", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-11-16T00:00:00+00:00"}, "gcve": {"object_uuid": "527f667c-44e2-45c3-bf55-4ce6365dd8fe", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-16T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-11-16T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Mark of the Web Security Feature Bypass Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 5.4 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-36584", "url": "https://www.cve.org/CVERecord?id=CVE-2023-36584"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-36584"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Mark of the Web Security Feature Bypass Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2023-11-16T00:00:00.000Z", "cvss_score": 5.4, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4c0f4640-c9bf-4647-b55a-0c6e928f0c2d", "vulnerability": {"vulnId": "CVE-2023-36033", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-11-14T00:00:00+00:00"}, "gcve": {"object_uuid": "4c0f4640-c9bf-4647-b55a-0c6e928f0c2d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-14T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-11-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows DWM Core Library Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-36033", "url": "https://www.cve.org/CVERecord?id=CVE-2023-36033"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-36033"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows DWM Core Library Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation)", "added_date": "2023-11-14T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cf5fdcc4-313e-4e4f-9173-489bb92fb0c2", "vulnerability": {"vulnId": "CVE-2023-36036", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-11-14T00:00:00+00:00"}, "gcve": {"object_uuid": "cf5fdcc4-313e-4e4f-9173-489bb92fb0c2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-14T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-11-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows 11 version 22H3, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 23H2 | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-36036", "url": "https://www.cve.org/CVERecord?id=CVE-2023-36036"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-36036"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows 11 version 22H3, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 23H2", "added_date": "2023-11-14T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "75ada311-a6a0-4963-8a06-695f445d99fd", "vulnerability": {"vulnId": "CVE-2023-36025", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-11-14T00:00:00+00:00"}, "gcve": {"object_uuid": "75ada311-a6a0-4963-8a06-695f445d99fd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-14T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-11-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows SmartScreen Security Feature Bypass Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-36025", "url": "https://www.cve.org/CVERecord?id=CVE-2023-36025"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-36025"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows SmartScreen Security Feature Bypass Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2023-11-14T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0d1ef211-c8e2-4d20-8dd8-e47d63fc123b", "vulnerability": {"vulnId": "CVE-2023-36851", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-11-13T00:00:00+00:00"}, "gcve": {"object_uuid": "0d1ef211-c8e2-4d20-8dd8-e47d63fc123b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-11-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Junos OS: SRX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload and download arbitrary files | Affected: Juniper Networks / Junos OS | CVSS: 5.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-36851", "url": "https://www.cve.org/CVERecord?id=CVE-2023-36851"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-36851"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Junos OS: SRX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload and download arbitrary files", "vendor": "Juniper Networks", "product": "Junos OS", "added_date": "2023-11-13T00:00:00.000Z", "cvss_score": 5.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3e7946b0-b521-4900-9f63-e0e424d3a80d", "vulnerability": {"vulnId": "CVE-2023-36846", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-11-13T00:00:00+00:00"}, "gcve": {"object_uuid": "3e7946b0-b521-4900-9f63-e0e424d3a80d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-11-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Junos OS: SRX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload arbitrary files | Affected: Juniper Networks / Junos OS | CVSS: 5.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-36846", "url": "https://www.cve.org/CVERecord?id=CVE-2023-36846"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-36846"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Junos OS: SRX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload arbitrary files", "vendor": "Juniper Networks", "product": "Junos OS", "added_date": "2023-11-13T00:00:00.000Z", "cvss_score": 5.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8354a9fe-2077-49fe-8637-5815ef6dfb81", "vulnerability": {"vulnId": "CVE-2023-47246", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-11-13T00:00:00+00:00"}, "gcve": {"object_uuid": "8354a9fe-2077-49fe-8637-5815ef6dfb81", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-11-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot,... | Affected: SysAid Technologies / SysAid On-Premise | CVSS: 9.8 (CRITICAL) | EPSS: 0.98851 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-47246", "url": "https://www.cve.org/CVERecord?id=CVE-2023-47246"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-47246"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot,...", "vendor": "SysAid Technologies", "product": "SysAid On-Premise", "added_date": "2023-11-13T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.98851, "cvss_severity": "CRITICAL", "epss_percentile": 0.99921, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "fa897871-d82a-4a2e-b944-b06f6d7a0261", "vulnerability": {"vulnId": "CVE-2023-36844", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-11-13T00:00:00+00:00"}, "gcve": {"object_uuid": "fa897871-d82a-4a2e-b944-b06f6d7a0261", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-11-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Junos OS: EX Series: A PHP vulnerability in J-Web allows an unauthenticated attacker to control important environment variables | Affected: Juniper Networks / Junos OS | CVSS: 5.3 (MEDIUM) | EPSS: 0.89628 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-36844", "url": "https://www.cve.org/CVERecord?id=CVE-2023-36844"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-36844"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Junos OS: EX Series: A PHP vulnerability in J-Web allows an unauthenticated attacker to control important environment variables", "vendor": "Juniper Networks", "product": "Junos OS", "added_date": "2023-11-13T00:00:00.000Z", "cvss_score": 5.3, "epss_score": 0.89628, "cvss_severity": "MEDIUM", "epss_percentile": 0.99771, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "76577962-f445-4e1d-b0a5-506139253c03", "vulnerability": {"vulnId": "CVE-2023-36845", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-11-13T00:00:00+00:00"}, "gcve": {"object_uuid": "76577962-f445-4e1d-b0a5-506139253c03", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-11-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Junos OS: EX and SRX Series: A PHP vulnerability in J-Web allows an unauthenticated to control an important environment variable | Affected: Juniper Networks / Junos OS | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-36845", "url": "https://www.cve.org/CVERecord?id=CVE-2023-36845"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-36845"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Junos OS: EX and SRX Series: A PHP vulnerability in J-Web allows an unauthenticated to control an important environment variable", "vendor": "Juniper Networks", "product": "Junos OS", "added_date": "2023-11-13T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e36713f7-a59a-414a-85bc-56ae6a8b70d6", "vulnerability": {"vulnId": "CVE-2023-36847", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-11-13T00:00:00+00:00"}, "gcve": {"object_uuid": "e36713f7-a59a-414a-85bc-56ae6a8b70d6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-11-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Junos OS: EX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload arbitrary files | Affected: Juniper Networks / Junos OS | CVSS: 5.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-36847", "url": "https://www.cve.org/CVERecord?id=CVE-2023-36847"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-36847"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Junos OS: EX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload arbitrary files", "vendor": "Juniper Networks", "product": "Junos OS", "added_date": "2023-11-13T00:00:00.000Z", "cvss_score": 5.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "37bbb47f-8965-4a26-8b7d-21a102825267", "vulnerability": {"vulnId": "CVE-2023-29552", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-11-08T00:00:00+00:00"}, "gcve": {"object_uuid": "37bbb47f-8965-4a26-8b7d-21a102825267", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-11-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the... | Affected: VMware / Service Location Protocol (SLP) | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-29552", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29552"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-29552"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the...", "vendor": "VMware", "product": "Service Location Protocol (SLP)", "added_date": "2023-11-08T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d85b98f5-6fe4-4b19-bc45-455beb2932e8", "vulnerability": {"vulnId": "CVE-2023-22518", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-11-07T00:00:00+00:00"}, "gcve": {"object_uuid": "d85b98f5-6fe4-4b19-bc45-455beb2932e8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-11-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows... | Affected: Atlassian / Confluence Data Center, Confluence Server | CVSS: 9.8 (CRITICAL) | EPSS: 0.99999 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-22518", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22518"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-22518"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows...", "vendor": "Atlassian", "product": "Confluence Data Center, Confluence Server", "added_date": "2023-11-07T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99999, "cvss_severity": "CRITICAL", "epss_percentile": 0.99996, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "77892e63-7df0-4c8a-9040-bcbcc1411475", "vulnerability": {"vulnId": "CVE-2023-46604", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-11-02T00:00:00+00:00"}, "gcve": {"object_uuid": "77892e63-7df0-4c8a-9040-bcbcc1411475", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-02T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-11-02T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack | Affected: Apache Software Foundation / Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module | CVSS: 10.0 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-46604", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46604"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-46604"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack", "vendor": "Apache Software Foundation", "product": "Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module", "added_date": "2023-11-02T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "358dc49d-9a62-40ad-a71e-65b54c244d65", "vulnerability": {"vulnId": "CVE-2023-46747", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-31T00:00:00+00:00"}, "gcve": {"object_uuid": "358dc49d-9a62-40ad-a71e-65b54c244d65", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-31T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-10-31T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: BIG-IP Configuration utility unauthenticated remote code execution vulnerability | Affected: F5 / BIG-IP | CVSS: 9.8 (CRITICAL) | EPSS: 0.96515 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-46747", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46747"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-46747"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "BIG-IP Configuration utility unauthenticated remote code execution vulnerability", "vendor": "F5", "product": "BIG-IP", "added_date": "2023-10-31T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.96515, "cvss_severity": "CRITICAL", "epss_percentile": 0.99875, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5fc6947c-50e8-4a2a-90ea-5ef41e830a8f", "vulnerability": {"vulnId": "CVE-2023-46748", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-31T00:00:00+00:00"}, "gcve": {"object_uuid": "5fc6947c-50e8-4a2a-90ea-5ef41e830a8f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-31T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-10-31T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: BIG-IP Configuration utility authenticated SQL injection vulnerability | Affected: F5 / BIG-IP | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-46748", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46748"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-46748"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "BIG-IP Configuration utility authenticated SQL injection vulnerability", "vendor": "F5", "product": "BIG-IP", "added_date": "2023-10-31T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "719139fa-222a-499f-ad94-3ad84910b2b7", "vulnerability": {"vulnId": "CVE-2023-5631", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-26T00:00:00+00:00"}, "gcve": {"object_uuid": "719139fa-222a-499f-ad94-3ad84910b2b7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-10-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Stored XSS vulnerability in Roundcube | Affected: Roundcube / Roundcubemail | CVSS: 6.1 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-5631", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5631"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-5631"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Stored XSS vulnerability in Roundcube", "vendor": "Roundcube", "product": "Roundcubemail", "added_date": "2023-10-26T00:00:00.000Z", "cvss_score": 6.1, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4614cb7e-91a4-4f5a-895c-05f3fcba5c5f", "vulnerability": {"vulnId": "CVE-2023-20273", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-23T00:00:00+00:00"}, "gcve": {"object_uuid": "4614cb7e-91a4-4f5a-895c-05f3fcba5c5f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-10-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges... | Affected: Cisco / Cisco IOS XE Software | CVSS: 7.2 (HIGH) | EPSS: 0.89634 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-20273", "url": "https://www.cve.org/CVERecord?id=CVE-2023-20273"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-20273"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges...", "vendor": "Cisco", "product": "Cisco IOS XE Software", "added_date": "2023-10-23T00:00:00.000Z", "cvss_score": 7.2, "epss_score": 0.89634, "cvss_severity": "HIGH", "epss_percentile": 0.99772, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "45d74c87-8fc3-4c7f-ba28-6c91c27d500d", "vulnerability": {"vulnId": "CVE-2023-4966", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-18T00:00:00+00:00"}, "gcve": {"object_uuid": "45d74c87-8fc3-4c7f-ba28-6c91c27d500d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-10-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unauthenticated sensitive information disclosure | Affected: Citrix / NetScaler ADC, NetScaler Gateway | CVSS: 9.4 (CRITICAL) | EPSS: 0.99999 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-4966", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4966"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-4966"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unauthenticated sensitive information disclosure", "vendor": "Citrix", "product": "NetScaler ADC, NetScaler Gateway", "added_date": "2023-10-18T00:00:00.000Z", "cvss_score": 9.4, "epss_score": 0.99999, "cvss_severity": "CRITICAL", "epss_percentile": 0.99993, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3108ec93-2edb-49a5-adf2-8e04b5a03cd8", "vulnerability": {"vulnId": "CVE-2023-20198", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-16T00:00:00+00:00"}, "gcve": {"object_uuid": "3108ec93-2edb-49a5-adf2-8e04b5a03cd8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-16T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-10-16T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are... | Affected: Cisco / Cisco IOS XE Software | CVSS: 10.0 (CRITICAL) | EPSS: 0.99571 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-20198", "url": "https://www.cve.org/CVERecord?id=CVE-2023-20198"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-20198"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are...", "vendor": "Cisco", "product": "Cisco IOS XE Software", "added_date": "2023-10-16T00:00:00.000Z", "cvss_score": 10.0, "epss_score": 0.99571, "cvss_severity": "CRITICAL", "epss_percentile": 0.99941, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c439326d-7eb8-406f-902f-1d937bba85b3", "vulnerability": {"vulnId": "CVE-2023-5360", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-13T14:44:23+00:00"}, "gcve": {"object_uuid": "c439326d-7eb8-406f-902f-1d937bba85b3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-13T14:44:23+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-10-13T14:44:23+00:00"}, "scope": {"notes": "KEVIntel entry: Royal Elementor Addons and Templates < 1.3.79 - Unauthenticated Arbitrary File Upload | Affected: Unknown / Royal Elementor Addons and Templates | CVSS: 9.8 (CRITICAL) | EPSS: 0.93116 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-5360", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5360"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-5360"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Royal Elementor Addons and Templates < 1.3.79 - Unauthenticated Arbitrary File Upload", "vendor": "Unknown", "product": "Royal Elementor Addons and Templates", "added_date": "2023-10-13T14:44:23.000Z", "cvss_score": 9.8, "epss_score": 0.93116, "cvss_severity": "CRITICAL", "epss_percentile": 0.99777, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "ff63ced3-e5fc-4fd0-a6d1-444135623ccf", "vulnerability": {"vulnId": "CVE-2023-30801", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-10T13:46:46+00:00"}, "gcve": {"object_uuid": "ff63ced3-e5fc-4fd0-a6d1-444135623ccf", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-10T13:46:46+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-10-10T13:46:46+00:00"}, "scope": {"notes": "KEVIntel entry: qBittorrent Web UI Default Credentials Lead to RCE | Affected: qBittorrent / qBittorrent client | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-30801", "url": "https://www.cve.org/CVERecord?id=CVE-2023-30801"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-30801"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "qBittorrent Web UI Default Credentials Lead to RCE", "vendor": "qBittorrent", "product": "qBittorrent client", "added_date": "2023-10-10T13:46:46.775Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "3ce53274-3932-4b30-8b6a-5b50ec88e45b", "vulnerability": {"vulnId": "CVE-2023-36563", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-10T00:00:00+00:00"}, "gcve": {"object_uuid": "3ce53274-3932-4b30-8b6a-5b50ec88e45b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-10-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft WordPad Information Disclosure Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-36563", "url": "https://www.cve.org/CVERecord?id=CVE-2023-36563"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-36563"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft WordPad Information Disclosure Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2023-10-10T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "bda19d3c-c63d-4779-b0c5-ce53e147f8d2", "vulnerability": {"vulnId": "CVE-2023-21608", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-10T00:00:00+00:00"}, "gcve": {"object_uuid": "bda19d3c-c63d-4779-b0c5-ce53e147f8d2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-10-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe Acrobat Reader DC resetForm Use-After-Free Remote Code Execution Vulnerability | Affected: Adobe / Acrobat Reader | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-21608", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21608"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-21608"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe Acrobat Reader DC resetForm Use-After-Free Remote Code Execution Vulnerability", "vendor": "Adobe", "product": "Acrobat Reader", "added_date": "2023-10-10T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f3acc142-2ab4-4534-b6f6-3dc2c1d89ada", "vulnerability": {"vulnId": "CVE-2023-41763", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-10T00:00:00+00:00"}, "gcve": {"object_uuid": "f3acc142-2ab4-4534-b6f6-3dc2c1d89ada", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-10-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Skype for Business Elevation of Privilege Vulnerability | Affected: Microsoft / Skype for Business Server 2015 CU13, Skype for Business Server 2019 CU7 | CVSS: 5.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-41763", "url": "https://www.cve.org/CVERecord?id=CVE-2023-41763"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-41763"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Skype for Business Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Skype for Business Server 2015 CU13, Skype for Business Server 2019 CU7", "added_date": "2023-10-10T00:00:00.000Z", "cvss_score": 5.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "146c18bd-f393-4663-b5e3-34afe2fbb288", "vulnerability": {"vulnId": "CVE-2023-20109", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-10T00:00:00+00:00"}, "gcve": {"object_uuid": "146c18bd-f393-4663-b5e3-34afe2fbb288", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-10-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an... | Affected: Cisco / IOS, Cisco IOS XE Software | CVSS: 6.6 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-20109", "url": "https://www.cve.org/CVERecord?id=CVE-2023-20109"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-20109"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an...", "vendor": "Cisco", "product": "IOS, Cisco IOS XE Software", "added_date": "2023-10-10T00:00:00.000Z", "cvss_score": 6.6, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "fae08f6d-923d-44ec-9dcd-b7aef9e8e475", "vulnerability": {"vulnId": "CVE-2023-44487", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-10T00:00:00+00:00"}, "gcve": {"object_uuid": "fae08f6d-923d-44ec-9dcd-b7aef9e8e475", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-10-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as... | Affected: Google / Cloud Platform | CVSS: 7.5 (HIGH) | EPSS: 0.99999 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-44487", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-44487"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as...", "vendor": "Google", "product": "Cloud Platform", "added_date": "2023-10-10T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.99999, "cvss_severity": "HIGH", "epss_percentile": 0.99996, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "15879b92-ea88-4a4d-9c7d-fb0a8ed047c8", "vulnerability": {"vulnId": "CVE-2023-40044", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-05T00:00:00+00:00"}, "gcve": {"object_uuid": "15879b92-ea88-4a4d-9c7d-fb0a8ed047c8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-05T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-10-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: WS_FTP Server Ad Hoc Transfer Module .NET Deserialization Vulnerability | Affected: Progress Software Corporation / WS_FTP Server | CVSS: 10.0 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-40044", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40044"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-40044"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WS_FTP Server Ad Hoc Transfer Module .NET Deserialization Vulnerability", "vendor": "Progress Software Corporation", "product": "WS_FTP Server", "added_date": "2023-10-05T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "935bd84a-728b-49b0-9960-5ec6983315ac", "vulnerability": {"vulnId": "CVE-2023-22515", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-05T00:00:00+00:00"}, "gcve": {"object_uuid": "935bd84a-728b-49b0-9960-5ec6983315ac", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-05T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-10-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown... | Affected: Atlassian / Confluence Data Center, Confluence Server | CVSS: 9.8 (CRITICAL) | EPSS: 0.99699 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-22515", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22515"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-22515"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown...", "vendor": "Atlassian", "product": "Confluence Data Center, Confluence Server", "added_date": "2023-10-05T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99699, "cvss_severity": "CRITICAL", "epss_percentile": 0.9995, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f34f694d-29e7-4d79-930d-12a62b402de6", "vulnerability": {"vulnId": "CVE-2023-42824", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-05T00:00:00+00:00"}, "gcve": {"object_uuid": "f34f694d-29e7-4d79-930d-12a62b402de6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-05T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-10-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The issue was addressed with improved checks. This issue is fixed in iOS 16.7.1 and iPadOS 16.7.1. A local attacker may be able to elevate their... | Affected: Apple / iOS and iPadOS | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-42824", "url": "https://www.cve.org/CVERecord?id=CVE-2023-42824"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-42824"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The issue was addressed with improved checks. This issue is fixed in iOS 16.7.1 and iPadOS 16.7.1. A local attacker may be able to elevate their...", "vendor": "Apple", "product": "iOS and iPadOS", "added_date": "2023-10-05T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "46d771a7-2c2f-4d2a-bed7-4cdf2aa05101", "vulnerability": {"vulnId": "CVE-2023-28229", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-04T00:00:00+00:00"}, "gcve": {"object_uuid": "46d771a7-2c2f-4d2a-bed7-4cdf2aa05101", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-04T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-10-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-28229", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28229"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-28229"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows CNG Key Isolation Service Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2023-10-04T00:00:00.000Z", "cvss_score": 7.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4a93956a-0330-484a-a51b-ad6abb85369a", "vulnerability": {"vulnId": "CVE-2023-42793", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-04T00:00:00+00:00"}, "gcve": {"object_uuid": "4a93956a-0330-484a-a51b-ad6abb85369a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-04T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-10-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible | Affected: JetBrains / TeamCity | CVSS: 9.8 (CRITICAL) | EPSS: 0.99979 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-42793", "url": "https://www.cve.org/CVERecord?id=CVE-2023-42793"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-42793"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible", "vendor": "JetBrains", "product": "TeamCity", "added_date": "2023-10-04T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99979, "cvss_severity": "CRITICAL", "epss_percentile": 0.9998, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9d4940c2-40e3-4f06-bee9-459103fe095e", "vulnerability": {"vulnId": "CVE-2023-4211", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-03T00:00:00+00:00"}, "gcve": {"object_uuid": "9d4940c2-40e3-4f06-bee9-459103fe095e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-10-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations | Affected: Arm Ltd / Midgard GPU Kernel Driver, Bifrost GPU Kernel Driver, Valhall GPU Kernel Driver, Arm 5th Gen GPU Architecture Kernel  Driver | CVSS: 5.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-4211", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4211"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-4211"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations", "vendor": "Arm Ltd", "product": "Midgard GPU Kernel Driver, Bifrost GPU Kernel Driver, Valhall GPU Kernel Driver, Arm 5th Gen GPU Architecture Kernel  Driver", "added_date": "2023-10-03T00:00:00.000Z", "cvss_score": 5.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "53b9011b-7d5b-4964-9464-b6c994311330", "vulnerability": {"vulnId": "CVE-2023-5217", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-02T00:00:00+00:00"}, "gcve": {"object_uuid": "53b9011b-7d5b-4964-9464-b6c994311330", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-02T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-10-02T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially... | Affected: Google / Chrome, libvpx | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-5217", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5217"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-5217"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially...", "vendor": "Google", "product": "Chrome, libvpx", "added_date": "2023-10-02T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "eeeeea02-d41c-4024-846f-ef880f56be7a", "vulnerability": {"vulnId": "CVE-2018-14667", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-28T00:00:00+00:00"}, "gcve": {"object_uuid": "eeeeea02-d41c-4024-846f-ef880f56be7a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-09-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote,... | Affected: [UNKNOWN] / RichFaces | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-14667", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14667"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-14667"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote,...", "vendor": "[UNKNOWN]", "product": "RichFaces", "added_date": "2023-09-28T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "feb3ef33-7e1a-4914-82fd-786d8c4dc4b9", "vulnerability": {"vulnId": "CVE-2023-41993", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-25T00:00:00+00:00"}, "gcve": {"object_uuid": "feb3ef33-7e1a-4914-82fd-786d8c4dc4b9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-09-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution.... | Affected: Apple / macOS | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-41993", "url": "https://www.cve.org/CVERecord?id=CVE-2023-41993"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-41993"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution....", "vendor": "Apple", "product": "macOS", "added_date": "2023-09-25T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "96f5938e-5346-4899-abe5-b5c525bdc692", "vulnerability": {"vulnId": "CVE-2023-41991", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-25T00:00:00+00:00"}, "gcve": {"object_uuid": "96f5938e-5346-4899-abe5-b5c525bdc692", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-09-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to... | Affected: Apple / iOS and iPadOS, macOS | CVSS: 5.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-41991", "url": "https://www.cve.org/CVERecord?id=CVE-2023-41991"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-41991"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to...", "vendor": "Apple", "product": "iOS and iPadOS, macOS", "added_date": "2023-09-25T00:00:00.000Z", "cvss_score": 5.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f2417789-184e-48d0-9f38-568d601b005a", "vulnerability": {"vulnId": "CVE-2023-41992", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-25T00:00:00+00:00"}, "gcve": {"object_uuid": "f2417789-184e-48d0-9f38-568d601b005a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-09-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, macOS Ventura 13.6. A local... | Affected: Apple / macOS, iOS and iPadOS | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-41992", "url": "https://www.cve.org/CVERecord?id=CVE-2023-41992"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-41992"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, macOS Ventura 13.6. A local...", "vendor": "Apple", "product": "macOS, iOS and iPadOS", "added_date": "2023-09-25T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3fe1aef3-04fd-4870-85a3-95e84a7c593a", "vulnerability": {"vulnId": "CVE-2023-41179", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-21T00:00:00+00:00"}, "gcve": {"object_uuid": "3fe1aef3-04fd-4870-85a3-95e84a7c593a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-09-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and... | Affected: Trend Micro, Inc. / Trend Micro Apex One, Trend Micro Worry-Free Business Security, Trend Micro Worry-Free Business Security Services | CVSS: 7.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-41179", "url": "https://www.cve.org/CVERecord?id=CVE-2023-41179"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-41179"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and...", "vendor": "Trend Micro, Inc.", "product": "Trend Micro Apex One, Trend Micro Worry-Free Business Security, Trend Micro Worry-Free Business Security Services", "added_date": "2023-09-21T00:00:00.000Z", "cvss_score": 7.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "892962b6-55cf-495f-8c68-c43d34de9c89", "vulnerability": {"vulnId": "CVE-2023-28434", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-19T00:00:00+00:00"}, "gcve": {"object_uuid": "892962b6-55cf-495f-8c68-c43d34de9c89", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-19T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-09-19T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: MinIO is vulnerable to privilege escalation on Linux/MacOS | Affected: minio / minio | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-28434", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28434"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-28434"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "MinIO is vulnerable to privilege escalation on Linux/MacOS", "vendor": "minio", "product": "minio", "added_date": "2023-09-19T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "49db3367-fd77-4b80-aba9-64a22ba9fe9f", "vulnerability": {"vulnId": "CVE-2017-6884", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-18T00:00:00+00:00"}, "gcve": {"object_uuid": "49db3367-fd77-4b80-aba9-64a22ba9fe9f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-09-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in... | Affected: Zyxel / EMG2926 | CVSS: 8.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-6884", "url": "https://www.cve.org/CVERecord?id=CVE-2017-6884"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-6884"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in...", "vendor": "Zyxel", "product": "EMG2926", "added_date": "2023-09-18T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "43a3da1b-ccd7-4b4b-a24e-140f2e7d6b98", "vulnerability": {"vulnId": "CVE-2022-22265", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-18T00:00:00+00:00"}, "gcve": {"object_uuid": "43a3da1b-ccd7-4b4b-a24e-140f2e7d6b98", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-09-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code... | Affected: Samsung Mobile / Samsung Mobile Devices | CVSS: 5.0 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-22265", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22265"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-22265"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code...", "vendor": "Samsung Mobile", "product": "Samsung Mobile Devices", "added_date": "2023-09-18T00:00:00.000Z", "cvss_score": 5.0, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "39aeb1ae-940a-46a2-8ec8-6f24a4370678", "vulnerability": {"vulnId": "CVE-2014-8361", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-18T00:00:00+00:00"}, "gcve": {"object_uuid": "39aeb1ae-940a-46a2-8ec8-6f24a4370678", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-09-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in... | Affected: Realtek / SDK | CVSS: 9.8 (CRITICAL) | EPSS: 0.99975 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2014-8361", "url": "https://www.cve.org/CVERecord?id=CVE-2014-8361"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-8361"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in...", "vendor": "Realtek", "product": "SDK", "added_date": "2023-09-18T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99975, "cvss_severity": "CRITICAL", "epss_percentile": 0.99979, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "bc4cd2dc-c759-4eec-919d-db141ba4051e", "vulnerability": {"vulnId": "CVE-2021-3129", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-18T00:00:00+00:00"}, "gcve": {"object_uuid": "bc4cd2dc-c759-4eec-919d-db141ba4051e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-09-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure... | Affected: Facade / Ignition | CVSS: 9.8 (CRITICAL) | EPSS: 0.99943 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-3129", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3129"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-3129"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure...", "vendor": "Facade", "product": "Ignition", "added_date": "2023-09-18T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99943, "cvss_severity": "CRITICAL", "epss_percentile": 0.99971, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0be1709a-3211-4923-8c50-46dd21aa13a2", "vulnerability": {"vulnId": "CVE-2023-26369", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-14T00:00:00+00:00"}, "gcve": {"object_uuid": "0be1709a-3211-4923-8c50-46dd21aa13a2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-14T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-09-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: [Google Project Zero] Adobe Acrobat DC OOBW 0-day actively exploited in the wild | Affected: Adobe / Acrobat Reader | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-26369", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26369"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-26369"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "[Google Project Zero] Adobe Acrobat DC OOBW 0-day actively exploited in the wild", "vendor": "Adobe", "product": "Acrobat Reader", "added_date": "2023-09-14T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3cd42080-114f-4a08-9677-60396b6786dc", "vulnerability": {"vulnId": "CVE-2023-20269", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-13T00:00:00+00:00"}, "gcve": {"object_uuid": "3cd42080-114f-4a08-9677-60396b6786dc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-09-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)... | Affected: Cisco / Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense Software | CVSS: 5.0 (MEDIUM) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-20269", "url": "https://www.cve.org/CVERecord?id=CVE-2023-20269"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-20269"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)...", "vendor": "Cisco", "product": "Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense Software", "added_date": "2023-09-13T00:00:00.000Z", "cvss_score": 5.0, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "14518d7d-28aa-42de-8078-e8758d91d19c", "vulnerability": {"vulnId": "CVE-2023-35674", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-13T00:00:00+00:00"}, "gcve": {"object_uuid": "14518d7d-28aa-42de-8078-e8758d91d19c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-09-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local... | Affected: Google / Android | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-35674", "url": "https://www.cve.org/CVERecord?id=CVE-2023-35674"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-35674"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local...", "vendor": "Google", "product": "Android", "added_date": "2023-09-13T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "90b00674-33b5-48f8-8ae4-b806d8eeab3e", "vulnerability": {"vulnId": "CVE-2023-4863", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-13T00:00:00+00:00"}, "gcve": {"object_uuid": "90b00674-33b5-48f8-8ae4-b806d8eeab3e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-09-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds... | Affected: Google / Chrome, libwebp | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-4863", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-4863"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds...", "vendor": "Google", "product": "Chrome, libwebp", "added_date": "2023-09-13T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a41c560f-d2d5-43b4-9a28-0e7e36336267", "vulnerability": {"vulnId": "CVE-2023-36802", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-12T00:00:00+00:00"}, "gcve": {"object_uuid": "a41c560f-d2d5-43b4-9a28-0e7e36336267", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-12T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-09-12T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2 | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-36802", "url": "https://www.cve.org/CVERecord?id=CVE-2023-36802"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-36802"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2", "added_date": "2023-09-12T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a4524070-a4fc-409b-8f6e-fc040bf0408e", "vulnerability": {"vulnId": "CVE-2023-36761", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-12T00:00:00+00:00"}, "gcve": {"object_uuid": "a4524070-a4fc-409b-8f6e-fc040bf0408e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-12T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-09-12T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Word Information Disclosure Vulnerability | Affected: Microsoft / Microsoft Office 2019, Microsoft 365 Apps for Enterprise, Microsoft Office LTSC 2021, Microsoft Word 2016, Microsoft Word 2013 Service Pack 1 | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-36761", "url": "https://www.cve.org/CVERecord?id=CVE-2023-36761"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-36761"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Word Information Disclosure Vulnerability", "vendor": "Microsoft", "product": "Microsoft Office 2019, Microsoft 365 Apps for Enterprise, Microsoft Office LTSC 2021, Microsoft Word 2016, Microsoft Word 2013 Service Pack 1", "added_date": "2023-09-12T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7937141e-5efe-4744-87d2-b888eff1eeec", "vulnerability": {"vulnId": "CVE-2023-41064", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-11T00:00:00+00:00"}, "gcve": {"object_uuid": "7937141e-5efe-4744-87d2-b888eff1eeec", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-09-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9,... | Affected: Apple / macOS, iOS and iPadOS | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-41064", "url": "https://www.cve.org/CVERecord?id=CVE-2023-41064"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-41064"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9,...", "vendor": "Apple", "product": "macOS, iOS and iPadOS", "added_date": "2023-09-11T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "786ccca2-91cd-434d-9c56-e26cc2628d1d", "vulnerability": {"vulnId": "CVE-2023-41061", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-11T00:00:00+00:00"}, "gcve": {"object_uuid": "786ccca2-91cd-434d-9c56-e26cc2628d1d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-09-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted... | Affected: Apple / iOS and iPadOS, watchOS | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-41061", "url": "https://www.cve.org/CVERecord?id=CVE-2023-41061"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-41061"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted...", "vendor": "Apple", "product": "iOS and iPadOS, watchOS", "added_date": "2023-09-11T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "bcdd0308-80df-4c59-8bd6-39fa68d78d92", "vulnerability": {"vulnId": "CVE-2023-33246", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-06T00:00:00+00:00"}, "gcve": {"object_uuid": "bcdd0308-80df-4c59-8bd6-39fa68d78d92", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-06T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-09-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Apache RocketMQ: Possible remote code execution vulnerability when using the update configuration function | Affected: Apache Software Foundation / Apache RocketMQ | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-33246", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33246"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-33246"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Apache RocketMQ: Possible remote code execution vulnerability when using the update configuration function", "vendor": "Apache Software Foundation", "product": "Apache RocketMQ", "added_date": "2023-09-06T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "82c7405d-9977-48af-ad45-4b0a5f4851e0", "vulnerability": {"vulnId": "CVE-2023-32315", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-08-24T00:00:00+00:00"}, "gcve": {"object_uuid": "82c7405d-9977-48af-ad45-4b0a5f4851e0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-08-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-08-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Openfire administration console authentication bypass | Affected: igniterealtime / Openfire | CVSS: 8.6 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-32315", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32315"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-32315"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Openfire administration console authentication bypass", "vendor": "igniterealtime", "product": "Openfire", "added_date": "2023-08-24T00:00:00.000Z", "cvss_score": 8.6, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f599bfd7-e0a6-433f-8f80-c49b19c561d5", "vulnerability": {"vulnId": "CVE-2023-38831", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-08-24T00:00:00+00:00"}, "gcve": {"object_uuid": "f599bfd7-e0a6-433f-8f80-c49b19c561d5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-08-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-08-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue... | Affected: RARLAB / WinRAR | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-38831", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38831"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-38831"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue...", "vendor": "RARLAB", "product": "WinRAR", "added_date": "2023-08-24T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3730c727-efd0-43dd-994f-ff3aa817b55d", "vulnerability": {"vulnId": "CVE-2023-27532", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-08-22T00:00:00+00:00"}, "gcve": {"object_uuid": "3730c727-efd0-43dd-994f-ff3aa817b55d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-08-22T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-08-22T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This... | Affected: Veeam / Veeam Backup & Replication | CVSS: 7.5 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-27532", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27532"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-27532"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This...", "vendor": "Veeam", "product": "Veeam Backup & Replication", "added_date": "2023-08-22T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e5e51061-b019-4e90-afbf-c7bc05166e37", "vulnerability": {"vulnId": "CVE-2023-38035", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-08-22T00:00:00+00:00"}, "gcve": {"object_uuid": "e5e51061-b019-4e90-afbf-c7bc05166e37", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-08-22T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-08-22T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass... | Affected: Ivanti / MobileIron Sentry | CVSS: 9.8 (CRITICAL) | EPSS: 0.99949 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-38035", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38035"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-38035"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass...", "vendor": "Ivanti", "product": "MobileIron Sentry", "added_date": "2023-08-22T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99949, "cvss_severity": "CRITICAL", "epss_percentile": 0.99972, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0fcca478-93ee-4b13-b3a1-e9088b2b0bdf", "vulnerability": {"vulnId": "CVE-2023-26359", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-08-21T00:00:00+00:00"}, "gcve": {"object_uuid": "0fcca478-93ee-4b13-b3a1-e9088b2b0bdf", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-08-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-08-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe ColdFusion Deserialization of Untrusted Data Arbitrary code execution | Affected: Adobe / ColdFusion | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-26359", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26359"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-26359"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe ColdFusion Deserialization of Untrusted Data Arbitrary code execution", "vendor": "Adobe", "product": "ColdFusion", "added_date": "2023-08-21T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "310e583f-df08-4a4d-bec8-aa39b8ab27cc", "vulnerability": {"vulnId": "CVE-2023-40711", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-08-20T00:00:00+00:00"}, "gcve": {"object_uuid": "310e583f-df08-4a4d-bec8-aa39b8ab27cc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-08-20T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-08-20T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Veilid before 0.1.9 does not check the size of uncompressed data during decompression upon an envelope receipt, which allows remote attackers to... | Affected: Veilid / Veilid | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-40711", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40711"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-40711"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Veilid before 0.1.9 does not check the size of uncompressed data during decompression upon an envelope receipt, which allows remote attackers to...", "vendor": "Veilid", "product": "Veilid", "added_date": "2023-08-20T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "5a77f2b6-9389-423a-ba87-5cb8c464a4d4", "vulnerability": {"vulnId": "CVE-2023-24489", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-08-16T00:00:00+00:00"}, "gcve": {"object_uuid": "5a77f2b6-9389-423a-ba87-5cb8c464a4d4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-08-16T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-08-16T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated... | Affected: Citrix / Citrix ShareFile Storage Zones Controller | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-24489", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24489"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-24489"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated...", "vendor": "Citrix", "product": "Citrix ShareFile Storage Zones Controller", "added_date": "2023-08-16T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e96cba18-ef93-49ef-8a47-39dc61848293", "vulnerability": {"vulnId": "CVE-2023-39910", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-08-09T00:00:00+00:00"}, "gcve": {"object_uuid": "e96cba18-ef93-49ef-8a47-39dc61848293", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-08-09T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-08-09T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 is weak, aka the Milk Sad issue. The use of an... | Affected: Libbitcoin / Libbitcoin Explorer | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-39910", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39910"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-39910"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 is weak, aka the Milk Sad issue. The use of an...", "vendor": "Libbitcoin", "product": "Libbitcoin Explorer", "added_date": "2023-08-09T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a31a2dc0-a68b-4390-b631-99baa60362e9", "vulnerability": {"vulnId": "CVE-2023-38180", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-08-09T00:00:00+00:00"}, "gcve": {"object_uuid": "a31a2dc0-a68b-4390-b631-99baa60362e9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-08-09T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-08-09T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: .NET and Visual Studio Denial of Service Vulnerability | Affected: Microsoft / ASP.NET Core 2.1, .NET 6.0, .NET 7.0, Microsoft Visual Studio 2022 version 17.2, Microsoft Visual Studio 2022 version 17.4, Microsoft Visual Studio 2022 version 17.6 | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-38180", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38180"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-38180"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": ".NET and Visual Studio Denial of Service Vulnerability", "vendor": "Microsoft", "product": "ASP.NET Core 2.1, .NET 6.0, .NET 7.0, Microsoft Visual Studio 2022 version 17.2, Microsoft Visual Studio 2022 version 17.4, Microsoft Visual Studio 2022 version 17.6", "added_date": "2023-08-09T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "78999b30-4e8c-453f-b846-3955d4a73e4c", "vulnerability": {"vulnId": "CVE-2017-18368", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-08-07T00:00:00+00:00"}, "gcve": {"object_uuid": "78999b30-4e8c-453f-b846-3955d4a73e4c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-08-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-08-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the... | Affected: ZyXEL / P660HN-T1A v1 TCLinux Fw | CVSS: 9.8 (CRITICAL) | EPSS: 0.94508 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-18368", "url": "https://www.cve.org/CVERecord?id=CVE-2017-18368"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-18368"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the...", "vendor": "ZyXEL", "product": "P660HN-T1A v1 TCLinux Fw", "added_date": "2023-08-07T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.94508, "cvss_severity": "CRITICAL", "epss_percentile": 0.99843, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "88d55623-2b56-49bd-a439-fcde10b63229", "vulnerability": {"vulnId": "CVE-2023-3162", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-08-01T07:50:22+00:00"}, "gcve": {"object_uuid": "88d55623-2b56-49bd-a439-fcde10b63229", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-08-01T07:50:22+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-08-01T07:50:22+00:00"}, "scope": {"notes": "KEVIntel entry: The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.7.7. This... | Affected: webtoffee / Stripe Payment Plugin for WooCommerce | CVSS: 9.8 (CRITICAL) | EPSS: 0.00379 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-3162", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3162"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-3162"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.7.7. This...", "vendor": "webtoffee", "product": "Stripe Payment Plugin for WooCommerce", "added_date": "2023-08-01T07:50:22.000Z", "cvss_score": 9.8, "epss_score": 0.00379, "cvss_severity": "CRITICAL", "epss_percentile": 0.58367, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "0964714d-c7ac-4369-a4fb-210b23181902", "vulnerability": {"vulnId": "CVE-2023-35081", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-07-31T00:00:00+00:00"}, "gcve": {"object_uuid": "0964714d-c7ac-4369-a4fb-210b23181902", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-07-31T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-07-31T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3,  11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an... | Affected: Ivanti / EPMM | CVSS: 7.2 (HIGH) | EPSS: 0.63316 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-35081", "url": "https://www.cve.org/CVERecord?id=CVE-2023-35081"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-35081"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3,  11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an...", "vendor": "Ivanti", "product": "EPMM", "added_date": "2023-07-31T00:00:00.000Z", "cvss_score": 7.2, "epss_score": 0.63316, "cvss_severity": "HIGH", "epss_percentile": 0.99101, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "bc5f1b55-0352-4abb-aaf4-3a22fda81227", "vulnerability": {"vulnId": "CVE-2023-37580", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-07-27T00:00:00+00:00"}, "gcve": {"object_uuid": "bc5f1b55-0352-4abb-aaf4-3a22fda81227", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-07-27T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-07-27T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client. | Affected: Zimbra / Zimbra Collaboration | CVSS: 6.1 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-37580", "url": "https://www.cve.org/CVERecord?id=CVE-2023-37580"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-37580"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.", "vendor": "Zimbra", "product": "Zimbra Collaboration", "added_date": "2023-07-27T00:00:00.000Z", "cvss_score": 6.1, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "774c447d-9008-4ad9-ae1a-d82e5be62925", "vulnerability": {"vulnId": "CVE-2023-38606", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-07-26T00:00:00+00:00"}, "gcve": {"object_uuid": "774c447d-9008-4ad9-ae1a-d82e5be62925", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-07-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-07-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: This issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and... | Affected: Apple / tvOS, iOS and iPadOS, macOS, watchOS | CVSS: 5.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-38606", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38606"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-38606"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "This issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and...", "vendor": "Apple", "product": "tvOS, iOS and iPadOS, macOS, watchOS", "added_date": "2023-07-26T00:00:00.000Z", "cvss_score": 5.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "1f938b16-0d06-43cc-9c0e-d4bb8c87ef97", "vulnerability": {"vulnId": "CVE-2023-35078", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-07-25T00:00:00+00:00"}, "gcve": {"object_uuid": "1f938b16-0d06-43cc-9c0e-d4bb8c87ef97", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-07-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-07-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application... | Affected: Ivanti / Endpoint Manager Mobile | CVSS: 9.8 (CRITICAL) | EPSS: 0.99999 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-35078", "url": "https://www.cve.org/CVERecord?id=CVE-2023-35078"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-35078"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application...", "vendor": "Ivanti", "product": "Endpoint Manager Mobile", "added_date": "2023-07-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99999, "cvss_severity": "CRITICAL", "epss_percentile": 0.99995, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a8648e4d-bc3e-4c46-9b0b-9a78c4d18b4e", "vulnerability": {"vulnId": "CVE-2023-29298", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-07-20T00:00:00+00:00"}, "gcve": {"object_uuid": "a8648e4d-bc3e-4c46-9b0b-9a78c4d18b4e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-07-20T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-07-20T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe ColdFusion Improper Access Control Security feature bypass | Affected: Adobe / ColdFusion | CVSS: 7.5 (HIGH) | EPSS: 0.99754 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-29298", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29298"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-29298"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe ColdFusion Improper Access Control Security feature bypass", "vendor": "Adobe", "product": "ColdFusion", "added_date": "2023-07-20T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.99754, "cvss_severity": "HIGH", "epss_percentile": 0.99954, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "43252a82-c990-4c60-99d2-fd269b3b0b92", "vulnerability": {"vulnId": "CVE-2023-38205", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-07-20T00:00:00+00:00"}, "gcve": {"object_uuid": "43252a82-c990-4c60-99d2-fd269b3b0b92", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-07-20T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-07-20T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: ColdFusion Bypass - Vulnerability disclosure in ColdFusion | BYPASS CVE-2023-29298 | Affected: Adobe / ColdFusion | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-38205", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38205"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-38205"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "ColdFusion Bypass - Vulnerability disclosure in ColdFusion | BYPASS CVE-2023-29298", "vendor": "Adobe", "product": "ColdFusion", "added_date": "2023-07-20T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "fcde62ff-82a6-4dd1-8959-2d1c7ef203c3", "vulnerability": {"vulnId": "CVE-2023-3519", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-07-19T00:00:00+00:00"}, "gcve": {"object_uuid": "fcde62ff-82a6-4dd1-8959-2d1c7ef203c3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-07-19T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-07-19T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unauthenticated remote code execution | Affected: Citrix / NetScaler ADC, NetScaler Gateway | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-3519", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3519"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-3519"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unauthenticated remote code execution", "vendor": "Citrix", "product": "NetScaler ADC, NetScaler Gateway", "added_date": "2023-07-19T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4a78d4f2-33df-48c6-89e1-8b969f9af80a", "vulnerability": {"vulnId": "CVE-2023-28121", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-07-17T10:27:14+00:00"}, "gcve": {"object_uuid": "4a78d4f2-33df-48c6-89e1-8b969f9af80a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-07-17T10:27:14+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-07-17T10:27:14+00:00"}, "scope": {"notes": "KEVIntel entry: An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of... | Affected: WooCommerce / WooCommerce Payments | CVSS: 9.8 (CRITICAL) | EPSS: 0.93462 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-28121", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28121"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-28121"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of...", "vendor": "WooCommerce", "product": "WooCommerce Payments", "added_date": "2023-07-17T10:27:14.000Z", "cvss_score": 9.8, "epss_score": 0.93462, "cvss_severity": "CRITICAL", "epss_percentile": 0.99808, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "c4a49dc5-b86e-4a28-8db1-296711eecef0", "vulnerability": {"vulnId": "CVE-2023-36884", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-07-17T00:00:00+00:00"}, "gcve": {"object_uuid": "c4a49dc5-b86e-4a28-8db1-296711eecef0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-07-17T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-07-17T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Search Remote Code Execution Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.5 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-36884", "url": "https://www.cve.org/CVERecord?id=CVE-2023-36884"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-36884"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Search Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2023-07-17T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f927b8bb-5bf9-47fe-a7ef-4dab55503aa6", "vulnerability": {"vulnId": "CVE-2022-29303", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-07-13T00:00:00+00:00"}, "gcve": {"object_uuid": "f927b8bb-5bf9-47fe-a7ef-4dab55503aa6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-07-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-07-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php. | Affected: SolarView / Compact | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-29303", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29303"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-29303"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php.", "vendor": "SolarView", "product": "Compact", "added_date": "2023-07-13T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f2097a8a-7248-42ad-bda8-6f66673587db", "vulnerability": {"vulnId": "CVE-2023-37450", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-07-13T00:00:00+00:00"}, "gcve": {"object_uuid": "f2097a8a-7248-42ad-bda8-6f66673587db", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-07-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-07-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5,... | Affected: Apple / Safari, tvOS, iOS and iPadOS, macOS, watchOS | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-37450", "url": "https://www.cve.org/CVERecord?id=CVE-2023-37450"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-37450"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5,...", "vendor": "Apple", "product": "Safari, tvOS, iOS and iPadOS, macOS, watchOS", "added_date": "2023-07-13T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "91f7ad32-dce1-4d37-ae24-ab4868c8b15c", "vulnerability": {"vulnId": "CVE-2023-32046", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-07-11T00:00:00+00:00"}, "gcve": {"object_uuid": "91f7ad32-dce1-4d37-ae24-ab4868c8b15c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-07-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-07-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows MSHTML Platform Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.8 (HIGH) | EPSS: 0.09083 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-32046", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32046"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-32046"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows MSHTML Platform Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2023-07-11T00:00:00.000Z", "cvss_score": 7.8, "epss_score": 0.09083, "cvss_severity": "HIGH", "epss_percentile": 0.94638, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3077581c-f8a6-4950-a736-297d8f03c335", "vulnerability": {"vulnId": "CVE-2023-35311", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-07-11T00:00:00+00:00"}, "gcve": {"object_uuid": "3077581c-f8a6-4950-a736-297d8f03c335", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-07-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-07-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Outlook Security Feature Bypass Vulnerability | Affected: Microsoft / Microsoft 365 Apps for Enterprise, Microsoft Office LTSC 2021, Microsoft Office 2019, Microsoft Outlook 2016, Microsoft Outlook 2013, Microsoft Outlook 2013 Service Pack 1 | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-35311", "url": "https://www.cve.org/CVERecord?id=CVE-2023-35311"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-35311"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Outlook Security Feature Bypass Vulnerability", "vendor": "Microsoft", "product": "Microsoft 365 Apps for Enterprise, Microsoft Office LTSC 2021, Microsoft Office 2019, Microsoft Outlook 2016, Microsoft Outlook 2013, Microsoft Outlook 2013 Service Pack 1", "added_date": "2023-07-11T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cbd462fe-3f43-416a-9616-e31c69d61475", "vulnerability": {"vulnId": "CVE-2023-36874", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-07-11T00:00:00+00:00"}, "gcve": {"object_uuid": "cbd462fe-3f43-416a-9616-e31c69d61475", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-07-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-07-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Error Reporting Service Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.8 (HIGH) | EPSS: 0.32309 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-36874", "url": "https://www.cve.org/CVERecord?id=CVE-2023-36874"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-36874"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Error Reporting Service Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2023-07-11T00:00:00.000Z", "cvss_score": 7.8, "epss_score": 0.32309, "cvss_severity": "HIGH", "epss_percentile": 0.98102, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cef0f19c-b9ec-4f85-a012-ad86945a2e8b", "vulnerability": {"vulnId": "CVE-2022-31199", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-07-11T00:00:00+00:00"}, "gcve": {"object_uuid": "cef0f19c-b9ec-4f85-a012-ad86945a2e8b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-07-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-07-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor... | Affected: Netwrix / Auditor | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-31199", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31199"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-31199"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor...", "vendor": "Netwrix", "product": "Auditor", "added_date": "2023-07-11T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "bd812e53-b86a-453b-b0b7-d91ebdee4086", "vulnerability": {"vulnId": "CVE-2023-32049", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-07-11T00:00:00+00:00"}, "gcve": {"object_uuid": "bd812e53-b86a-453b-b0b7-d91ebdee4086", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-07-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-07-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows SmartScreen Security Feature Bypass Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation) | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-32049", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32049"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-32049"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows SmartScreen Security Feature Bypass Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation)", "added_date": "2023-07-11T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "60e43bd8-3ed8-4e66-bb7f-05352e2bd210", "vulnerability": {"vulnId": "CVE-2021-29256", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-07-07T00:00:00+00:00"}, "gcve": {"object_uuid": "60e43bd8-3ed8-4e66-bb7f-05352e2bd210", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-07-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-07-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: . The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege... | Affected: Arm / Mali GPU kernel driver | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-29256", "url": "https://www.cve.org/CVERecord?id=CVE-2021-29256"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-29256"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": ". The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege...", "vendor": "Arm", "product": "Mali GPU kernel driver", "added_date": "2023-07-07T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5998b0de-e15f-4b22-9534-d5448da1ca08", "vulnerability": {"vulnId": "CVE-2021-25372", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-29T00:00:00+00:00"}, "gcve": {"object_uuid": "5998b0de-e15f-4b22-9534-d5448da1ca08", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-29T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-06-29T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access. | Affected: Samsung Mobile / Samsung Mobile Devices | CVSS: 6.1 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-25372", "url": "https://www.cve.org/CVERecord?id=CVE-2021-25372"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-25372"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access.", "vendor": "Samsung Mobile", "product": "Samsung Mobile Devices", "added_date": "2023-06-29T00:00:00.000Z", "cvss_score": 6.1, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ec9eb113-88df-4d88-943e-2c8c3a355af3", "vulnerability": {"vulnId": "CVE-2021-25394", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-29T00:00:00+00:00"}, "gcve": {"object_uuid": "ec9eb113-88df-4d88-943e-2c8c3a355af3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-29T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-06-29T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio... | Affected: Samsung Mobile / Samsung Mobile Devices | CVSS: 6.4 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-25394", "url": "https://www.cve.org/CVERecord?id=CVE-2021-25394"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-25394"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio...", "vendor": "Samsung Mobile", "product": "Samsung Mobile Devices", "added_date": "2023-06-29T00:00:00.000Z", "cvss_score": 6.4, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "bacb0135-2dee-4b5a-a00e-232c576f1b69", "vulnerability": {"vulnId": "CVE-2021-25487", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-29T00:00:00+00:00"}, "gcve": {"object_uuid": "bacb0135-2dee-4b5a-a00e-232c576f1b69", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-29T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-06-29T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in... | Affected: Samsung Mobile / Samsung Mobile Devices | CVSS: 7.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-25487", "url": "https://www.cve.org/CVERecord?id=CVE-2021-25487"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-25487"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in...", "vendor": "Samsung Mobile", "product": "Samsung Mobile Devices", "added_date": "2023-06-29T00:00:00.000Z", "cvss_score": 7.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a8c728e6-5314-43cd-8903-5c49fc4dee89", "vulnerability": {"vulnId": "CVE-2019-20500", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-29T00:00:00+00:00"}, "gcve": {"object_uuid": "a8c728e6-5314-43cd-8903-5c49fc4dee89", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-29T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-06-29T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the... | Affected: D-Link / DWL-2600AP | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-20500", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20500"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-20500"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the...", "vendor": "D-Link", "product": "DWL-2600AP", "added_date": "2023-06-29T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c45bc935-d22b-4878-8288-0665363d53ee", "vulnerability": {"vulnId": "CVE-2021-25489", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-29T00:00:00+00:00"}, "gcve": {"object_uuid": "c45bc935-d22b-4878-8288-0665363d53ee", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-29T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-06-29T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string... | Affected: Samsung Mobile / Samsung Mobile Devices | CVSS: 3.3 (LOW) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-25489", "url": "https://www.cve.org/CVERecord?id=CVE-2021-25489"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-25489"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string...", "vendor": "Samsung Mobile", "product": "Samsung Mobile Devices", "added_date": "2023-06-29T00:00:00.000Z", "cvss_score": 3.3, "epss_score": null, "cvss_severity": "LOW", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d2519b7c-c63f-4139-8edf-7ef9d9439ea0", "vulnerability": {"vulnId": "CVE-2019-17621", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-29T00:00:00+00:00"}, "gcve": {"object_uuid": "d2519b7c-c63f-4139-8edf-7ef9d9439ea0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-29T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-06-29T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute... | Affected: D-Link / DIR-859 Wi-Fi router | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-17621", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17621"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-17621"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute...", "vendor": "D-Link", "product": "DIR-859 Wi-Fi router", "added_date": "2023-06-29T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "355fb930-267f-407c-beb2-9e10bb0df76e", "vulnerability": {"vulnId": "CVE-2021-25395", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-29T00:00:00+00:00"}, "gcve": {"object_uuid": "355fb930-267f-407c-beb2-9e10bb0df76e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-29T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-06-29T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is... | Affected: Samsung Mobile / Samsung Mobile Devices | CVSS: 6.4 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-25395", "url": "https://www.cve.org/CVERecord?id=CVE-2021-25395"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-25395"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is...", "vendor": "Samsung Mobile", "product": "Samsung Mobile Devices", "added_date": "2023-06-29T00:00:00.000Z", "cvss_score": 6.4, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e8838d9d-240c-4989-a9c2-864430e594b2", "vulnerability": {"vulnId": "CVE-2021-25371", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-29T00:00:00+00:00"}, "gcve": {"object_uuid": "e8838d9d-240c-4989-a9c2-864430e594b2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-29T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-06-29T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP. | Affected: Samsung Mobile / Samsung Mobile Devices | CVSS: 6.1 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-25371", "url": "https://www.cve.org/CVERecord?id=CVE-2021-25371"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-25371"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP.", "vendor": "Samsung Mobile", "product": "Samsung Mobile Devices", "added_date": "2023-06-29T00:00:00.000Z", "cvss_score": 6.1, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ebd13fc4-ec4f-47fa-bc24-6a4f21d86637", "vulnerability": {"vulnId": "CVE-2023-32435", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-23T00:00:00+00:00"}, "gcve": {"object_uuid": "ebd13fc4-ec4f-47fa-bc24-6a4f21d86637", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-06-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS... | Affected: Apple / macOS, iOS and iPadOS, Safari | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-32435", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32435"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-32435"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS...", "vendor": "Apple", "product": "macOS, iOS and iPadOS, Safari", "added_date": "2023-06-23T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "70598828-8514-4deb-a3c9-54d614d53be8", "vulnerability": {"vulnId": "CVE-2023-20867", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-23T00:00:00+00:00"}, "gcve": {"object_uuid": "70598828-8514-4deb-a3c9-54d614d53be8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-06-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: VMware Tools Authentication Bypass Vulnerability | Affected: VMware / VMware Tools | CVSS: 3.9 (LOW) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-20867", "url": "https://www.cve.org/CVERecord?id=CVE-2023-20867"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-20867"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "VMware Tools Authentication Bypass Vulnerability", "vendor": "VMware", "product": "VMware Tools", "added_date": "2023-06-23T00:00:00.000Z", "cvss_score": 3.9, "epss_score": null, "cvss_severity": "LOW", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "435c85de-383a-435d-a938-8278164f88a3", "vulnerability": {"vulnId": "CVE-2023-27992", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-23T00:00:00+00:00"}, "gcve": {"object_uuid": "435c85de-383a-435d-a938-8278164f88a3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-06-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to\u00a0V5.21(AAZF.14)C0, NAS540 firmware... | Affected: Zyxel / NAS326 firmware, NAS540 firmware, NAS542 firmware | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-27992", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27992"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-27992"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to\u00a0V5.21(AAZF.14)C0, NAS540 firmware...", "vendor": "Zyxel", "product": "NAS326 firmware, NAS540 firmware, NAS542 firmware", "added_date": "2023-06-23T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7722ec97-c22c-4147-bcc2-18ecda2adbe9", "vulnerability": {"vulnId": "CVE-2023-32434", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-23T00:00:00+00:00"}, "gcve": {"object_uuid": "7722ec97-c22c-4147-bcc2-18ecda2adbe9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-06-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS... | Affected: Apple / macOS, iOS and iPadOS, watchOS | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-32434", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32434"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-32434"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS...", "vendor": "Apple", "product": "macOS, iOS and iPadOS, watchOS", "added_date": "2023-06-23T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "680f00cf-a576-49b5-b0fb-3698721f9e3d", "vulnerability": {"vulnId": "CVE-2023-32439", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-23T00:00:00+00:00"}, "gcve": {"object_uuid": "680f00cf-a576-49b5-b0fb-3698721f9e3d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-06-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS... | Affected: Apple / iOS and iPadOS, Safari, macOS | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-32439", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32439"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-32439"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS...", "vendor": "Apple", "product": "iOS and iPadOS, Safari, macOS", "added_date": "2023-06-23T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "be4fdd6c-9826-4390-be63-34fc26cb04ab", "vulnerability": {"vulnId": "CVE-2023-20887", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-22T00:00:00+00:00"}, "gcve": {"object_uuid": "be4fdd6c-9826-4390-be63-34fc26cb04ab", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-22T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-06-22T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for... | Affected: VMware / Aria Operations for Networks (Formerly vRealize Network Insight) | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-20887", "url": "https://www.cve.org/CVERecord?id=CVE-2023-20887"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-20887"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for...", "vendor": "VMware", "product": "Aria Operations for Networks (Formerly vRealize Network Insight)", "added_date": "2023-06-22T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4fdb2103-fa03-4157-94fa-c4aad07c1ca8", "vulnerability": {"vulnId": "CVE-2020-35730", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-22T00:00:00+00:00"}, "gcve": {"object_uuid": "4fdb2103-fa03-4157-94fa-c4aad07c1ca8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-22T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-06-22T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text... | Affected: Roundcube / Webmail | CVSS: 6.1 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-35730", "url": "https://www.cve.org/CVERecord?id=CVE-2020-35730"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-35730"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text...", "vendor": "Roundcube", "product": "Webmail", "added_date": "2023-06-22T00:00:00.000Z", "cvss_score": 6.1, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b62e6f58-dddc-4921-a16b-d96d7dc25ce7", "vulnerability": {"vulnId": "CVE-2016-9079", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-22T00:00:00+00:00"}, "gcve": {"object_uuid": "b62e6f58-dddc-4921-a16b-d96d7dc25ce7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-22T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-06-22T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild... | Affected: Mozilla / Firefox, Firefox ESR, Thunderbird | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-9079", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9079"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-9079"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild...", "vendor": "Mozilla", "product": "Firefox, Firefox ESR, Thunderbird", "added_date": "2023-06-22T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f6ba257f-75b5-4cfb-9c25-782375d53a90", "vulnerability": {"vulnId": "CVE-2020-12641", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-22T00:00:00+00:00"}, "gcve": {"object_uuid": "f6ba257f-75b5-4cfb-9c25-782375d53a90", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-22T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-06-22T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting... | Affected: Roundcube / Webmail | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-12641", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12641"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-12641"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting...", "vendor": "Roundcube", "product": "Webmail", "added_date": "2023-06-22T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7f356014-b9f9-4fa4-99af-f62e8cdb9b6e", "vulnerability": {"vulnId": "CVE-2021-44026", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-22T00:00:00+00:00"}, "gcve": {"object_uuid": "7f356014-b9f9-4fa4-99af-f62e8cdb9b6e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-22T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-06-22T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params. | Affected: Roundcube / Roundcube Webmail | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-44026", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44026"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-44026"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.", "vendor": "Roundcube", "product": "Roundcube Webmail", "added_date": "2023-06-22T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "94daf540-726e-4ac5-add2-66778342f048", "vulnerability": {"vulnId": "CVE-2016-0165", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-22T00:00:00+00:00"}, "gcve": {"object_uuid": "94daf540-726e-4ac5-add2-66778342f048", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-22T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-06-22T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and... | Affected: Microsoft / Windows | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-0165", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0165"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-0165"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and...", "vendor": "Microsoft", "product": "Windows", "added_date": "2023-06-22T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "81e2d5c1-9405-45ba-8139-030ff6133ab4", "vulnerability": {"vulnId": "CVE-2023-27997", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-13T00:00:00+00:00"}, "gcve": {"object_uuid": "81e2d5c1-9405-45ba-8139-030ff6133ab4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-06-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below,... | Affected: Fortinet / FortiOS-6K7K, FortiProxy, FortiOS | CVSS: 9.2 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-27997", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27997"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-27997"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below,...", "vendor": "Fortinet", "product": "FortiOS-6K7K, FortiProxy, FortiOS", "added_date": "2023-06-13T00:00:00.000Z", "cvss_score": 9.2, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2d3ddaaf-3cb1-4d40-9427-02f6ce5f7b36", "vulnerability": {"vulnId": "CVE-2023-35042", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-12T00:00:00+00:00"}, "gcve": {"object_uuid": "2d3ddaaf-3cb1-4d40-9427-02f6ce5f7b36", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-12T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-06-12T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData... | Affected: GeoServer / GeoServer | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-35042", "url": "https://www.cve.org/CVERecord?id=CVE-2023-35042"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-35042"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData...", "vendor": "GeoServer", "product": "GeoServer", "added_date": "2023-06-12T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "5303374a-cf33-4ce8-86db-68511c8a0ec9", "vulnerability": {"vulnId": "CVE-2023-3079", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-07T00:00:00+00:00"}, "gcve": {"object_uuid": "5303374a-cf33-4ce8-86db-68511c8a0ec9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-06-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-3079", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3079"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-3079"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...", "vendor": "Google", "product": "Chrome", "added_date": "2023-06-07T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "38e72cbd-fc31-4051-8543-7721db74fbe9", "vulnerability": {"vulnId": "CVE-2023-33009", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-05T00:00:00+00:00"}, "gcve": {"object_uuid": "38e72cbd-fc31-4051-8543-7721db74fbe9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-05T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-06-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series... | Affected: Zyxel / ATP series firmware, USG FLEX series firmware, USG FLEX 50(W) firmware, USG20(W)-VPN firmware, VPN series firmware, ZyWALL/USG series firmware | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-33009", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33009"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-33009"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series...", "vendor": "Zyxel", "product": "ATP series firmware, USG FLEX series firmware, USG FLEX 50(W) firmware, USG20(W)-VPN firmware, VPN series firmware, ZyWALL/USG series firmware", "added_date": "2023-06-05T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "82326f1b-65b7-458f-aa4b-bf11ee2828ec", "vulnerability": {"vulnId": "CVE-2023-33010", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-05T00:00:00+00:00"}, "gcve": {"object_uuid": "82326f1b-65b7-458f-aa4b-bf11ee2828ec", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-05T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-06-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series... | Affected: Zyxel / ATP series firmware, USG FLEX series firmware, USG FLEX 50(W) firmware, USG20(W)-VPN firmware, VPN series firmware, ZyWALL/USG series firmware | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-33010", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33010"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-33010"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series...", "vendor": "Zyxel", "product": "ATP series firmware, USG FLEX series firmware, USG FLEX 50(W) firmware, USG20(W)-VPN firmware, VPN series firmware, ZyWALL/USG series firmware", "added_date": "2023-06-05T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "60bef416-490c-4116-b1b3-463eb079f242", "vulnerability": {"vulnId": "CVE-2023-34362", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-02T00:00:00+00:00"}, "gcve": {"object_uuid": "60bef416-490c-4116-b1b3-463eb079f242", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-02T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-06-02T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL... | Affected: Progress / MOVEit Transfer | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-34362", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34362"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-34362"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL...", "vendor": "Progress", "product": "MOVEit Transfer", "added_date": "2023-06-02T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3225cea4-77cb-4a67-8bd6-6361e745ad46", "vulnerability": {"vulnId": "CVE-2023-27640", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-01T00:00:00+00:00"}, "gcve": {"object_uuid": "3225cea4-77cb-4a67-8bd6-6361e745ad46", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-01T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-06-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the... | Affected: PrestaShop / Custom Product Designer | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-27640", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27640"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-27640"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the...", "vendor": "PrestaShop", "product": "Custom Product Designer", "added_date": "2023-06-01T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "7fdd1ec3-3090-47b2-95e8-28d4553ef459", "vulnerability": {"vulnId": "CVE-2023-27639", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-01T00:00:00+00:00"}, "gcve": {"object_uuid": "7fdd1ec3-3090-47b2-95e8-28d4553ef459", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-01T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-06-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the... | Affected: PrestaShop / Custom Product Designer | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-27639", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27639"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-27639"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the...", "vendor": "PrestaShop", "product": "Custom Product Designer", "added_date": "2023-06-01T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "4ed23fe9-93c2-49ac-b9f1-49f6b30efcf5", "vulnerability": {"vulnId": "CVE-2023-28771", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-31T00:00:00+00:00"}, "gcve": {"object_uuid": "4ed23fe9-93c2-49ac-b9f1-49f6b30efcf5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-31T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-05-31T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG... | Affected: Zyxel / ZyWALL/USG series firmware, VPN series firmware, USG FLEX series firmware, ATP series firmware | CVSS: 9.8 (CRITICAL) | EPSS: 0.99284 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-28771", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28771"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-28771"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG...", "vendor": "Zyxel", "product": "ZyWALL/USG series firmware, VPN series firmware, USG FLEX series firmware, ATP series firmware", "added_date": "2023-05-31T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99284, "cvss_severity": "CRITICAL", "epss_percentile": 0.99931, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "770cd357-f93a-4cd3-87c7-1ae9fa310989", "vulnerability": {"vulnId": "CVE-2023-2868", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-26T00:00:00+00:00"}, "gcve": {"object_uuid": "770cd357-f93a-4cd3-87c7-1ae9fa310989", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-05-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Remote Code injection in Barracuda Email Security Gateway | Affected: Barracuda / Barracuda Email Security Gateway | CVSS: 9.4 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-2868", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2868"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-2868"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Remote Code injection in Barracuda Email Security Gateway", "vendor": "Barracuda", "product": "Barracuda Email Security Gateway", "added_date": "2023-05-26T00:00:00.000Z", "cvss_score": 9.4, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4f8438b3-6d2a-49ca-9f6e-5ef4847b4417", "vulnerability": {"vulnId": "CVE-2023-28204", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-22T00:00:00+00:00"}, "gcve": {"object_uuid": "4f8438b3-6d2a-49ca-9f6e-5ef4847b4417", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-22T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-05-22T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6... | Affected: Apple / macOS, Safari, watchOS, iOS and iPadOS, tvOS | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-28204", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28204"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-28204"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6...", "vendor": "Apple", "product": "macOS, Safari, watchOS, iOS and iPadOS, tvOS", "added_date": "2023-05-22T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f2904ac3-dfec-405d-bd09-5d9675439946", "vulnerability": {"vulnId": "CVE-2023-32373", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-22T00:00:00+00:00"}, "gcve": {"object_uuid": "f2904ac3-dfec-405d-bd09-5d9675439946", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-22T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-05-22T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6... | Affected: Apple / macOS, Safari, watchOS, iOS and iPadOS, tvOS | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-32373", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32373"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-32373"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6...", "vendor": "Apple", "product": "macOS, Safari, watchOS, iOS and iPadOS, tvOS", "added_date": "2023-05-22T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "772f7325-05fb-4b75-9175-e3fa00ac9d30", "vulnerability": {"vulnId": "CVE-2023-32409", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-22T00:00:00+00:00"}, "gcve": {"object_uuid": "772f7325-05fb-4b75-9175-e3fa00ac9d30", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-22T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-05-22T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS... | Affected: Apple / macOS, Safari, watchOS, iOS and iPadOS, tvOS | CVSS: 8.6 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-32409", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32409"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-32409"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS...", "vendor": "Apple", "product": "macOS, Safari, watchOS, iOS and iPadOS, tvOS", "added_date": "2023-05-22T00:00:00.000Z", "cvss_score": 8.6, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b489d24e-92c6-4df7-8787-2b00ba284893", "vulnerability": {"vulnId": "CVE-2023-21492", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-19T00:00:00+00:00"}, "gcve": {"object_uuid": "b489d24e-92c6-4df7-8787-2b00ba284893", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-19T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-05-19T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR. | Affected: Samsung Mobile / Samsung Mobile Devices | CVSS: 4.4 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-21492", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21492"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-21492"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.", "vendor": "Samsung Mobile", "product": "Samsung Mobile Devices", "added_date": "2023-05-19T00:00:00.000Z", "cvss_score": 4.4, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f9288559-afa6-4fa4-afbf-640aa1002ab2", "vulnerability": {"vulnId": "CVE-2004-1464", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-19T00:00:00+00:00"}, "gcve": {"object_uuid": "f9288559-afa6-4fa4-afbf-640aa1002ab2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-19T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-05-19T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP... | Affected: Cisco / IOS | CVSS: 5.9 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2004-1464", "url": "https://www.cve.org/CVERecord?id=CVE-2004-1464"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2004-1464"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP...", "vendor": "Cisco", "product": "IOS", "added_date": "2023-05-19T00:00:00.000Z", "cvss_score": 5.9, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a4637ce5-c872-4580-9b91-1be28292be7e", "vulnerability": {"vulnId": "CVE-2016-6415", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-19T00:00:00+00:00"}, "gcve": {"object_uuid": "a4637ce5-c872-4580-9b91-1be28292be7e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-19T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-05-19T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x,... | Affected: Cisco / IOS, IOS XE, IOS XR, PIX | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-6415", "url": "https://www.cve.org/CVERecord?id=CVE-2016-6415"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-6415"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x,...", "vendor": "Cisco", "product": "IOS, IOS XE, IOS XR, PIX", "added_date": "2023-05-19T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b367e1ab-75d5-412f-a3b6-4f601bf7977a", "vulnerability": {"vulnId": "CVE-2023-32243", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-17T09:33:52+00:00"}, "gcve": {"object_uuid": "b367e1ab-75d5-412f-a3b6-4f601bf7977a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-17T09:33:52+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-05-17T09:33:52+00:00"}, "scope": {"notes": "KEVIntel entry: WordPress Essential Addons for Elementor Plugin 5.4.0-5.7.1 is vulnerable to Privilege Escalation | Affected: WPDeveloper / Essential Addons for Elementor | CVSS: 9.8 (CRITICAL) | EPSS: 0.93638 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-32243", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32243"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-32243"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WordPress Essential Addons for Elementor Plugin 5.4.0-5.7.1 is vulnerable to Privilege Escalation", "vendor": "WPDeveloper", "product": "Essential Addons for Elementor", "added_date": "2023-05-17T09:33:52.000Z", "cvss_score": 9.8, "epss_score": 0.93638, "cvss_severity": "CRITICAL", "epss_percentile": 0.99827, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "35828f4f-ac18-44c8-a86c-00bd5d4b6d1a", "vulnerability": {"vulnId": "CVE-2016-3427", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-12T00:00:00+00:00"}, "gcve": {"object_uuid": "35828f4f-ac18-44c8-a86c-00bd5d4b6d1a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-12T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-05-12T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect... | Affected: Oracle / Java SE | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-3427", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3427"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-3427"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect...", "vendor": "Oracle", "product": "Java SE", "added_date": "2023-05-12T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "03836d20-45bc-49d3-9cc7-287198c38d4f", "vulnerability": {"vulnId": "CVE-2010-3904", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-12T00:00:00+00:00"}, "gcve": {"object_uuid": "03836d20-45bc-49d3-9cc7-287198c38d4f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-12T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-05-12T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36... | Affected: Linux / Linux Kernel | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2010-3904", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3904"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2010-3904"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36...", "vendor": "Linux", "product": "Linux Kernel", "added_date": "2023-05-12T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "289f0048-4917-4c97-93d0-b93e4c6ee410", "vulnerability": {"vulnId": "CVE-2023-25717", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-12T00:00:00+00:00"}, "gcve": {"object_uuid": "289f0048-4917-4c97-93d0-b93e4c6ee410", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-12T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-05-12T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a... | Affected: Ruckus Wireless / Admin | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-25717", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25717"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-25717"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a...", "vendor": "Ruckus Wireless", "product": "Admin", "added_date": "2023-05-12T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4edaddc4-6cc3-4784-8836-29cce7c94576", "vulnerability": {"vulnId": "CVE-2021-3560", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-12T00:00:00+00:00"}, "gcve": {"object_uuid": "4edaddc4-6cc3-4784-8836-29cce7c94576", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-12T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-05-12T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the... | Affected: Linux / polkit | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-3560", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3560"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-3560"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the...", "vendor": "Linux", "product": "polkit", "added_date": "2023-05-12T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "85ec5747-4560-4a35-852b-fa84f5317710", "vulnerability": {"vulnId": "CVE-2014-0196", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-12T00:00:00+00:00"}, "gcve": {"object_uuid": "85ec5747-4560-4a35-852b-fa84f5317710", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-12T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-05-12T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the \"LECHO &... | Affected: Linux / kernel | CVSS: 5.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2014-0196", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0196"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-0196"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the \"LECHO &...", "vendor": "Linux", "product": "kernel", "added_date": "2023-05-12T00:00:00.000Z", "cvss_score": 5.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7e5ebaed-d3d0-4401-9596-ec91a0f40680", "vulnerability": {"vulnId": "CVE-2016-8735", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-12T00:00:00+00:00"}, "gcve": {"object_uuid": "7e5ebaed-d3d0-4401-9596-ec91a0f40680", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-12T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-05-12T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before... | Affected: Apache Software Foundation / Apache Tomcat | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-8735", "url": "https://www.cve.org/CVERecord?id=CVE-2016-8735"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-8735"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before...", "vendor": "Apache Software Foundation", "product": "Apache Tomcat", "added_date": "2023-05-12T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c15e31c0-a815-445d-baec-ad9f179cc106", "vulnerability": {"vulnId": "CVE-2015-5317", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-12T00:00:00+00:00"}, "gcve": {"object_uuid": "c15e31c0-a815-445d-baec-ad9f179cc106", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-12T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-05-12T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name... | Affected: Jenkins / Jenkins | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-5317", "url": "https://www.cve.org/CVERecord?id=CVE-2015-5317"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-5317"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name...", "vendor": "Jenkins", "product": "Jenkins", "added_date": "2023-05-12T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "1a7c348e-bee1-44ee-a4cb-e07ce007affe", "vulnerability": {"vulnId": "CVE-2023-24932", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-09T17:03:07+00:00"}, "gcve": {"object_uuid": "1a7c348e-bee1-44ee-a4cb-e07ce007affe", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-09T17:03:07+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-05-09T17:03:07+00:00"}, "scope": {"notes": "KEVIntel entry: Secure Boot Security Feature Bypass Vulnerability | Affected: Microsoft / Windows Server 2025 (Server Core installation), Windows 11 Version 24H2, Windows Server 2025, Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 6.7 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-24932", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24932"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-24932"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Secure Boot Security Feature Bypass Vulnerability", "vendor": "Microsoft", "product": "Windows Server 2025 (Server Core installation), Windows 11 Version 24H2, Windows Server 2025, Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2023-05-09T17:03:07.282Z", "cvss_score": 6.7, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "c255f153-e549-4a6c-9506-c0cbdee7e9e8", "vulnerability": {"vulnId": "CVE-2023-29336", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-09T00:00:00+00:00"}, "gcve": {"object_uuid": "c255f153-e549-4a6c-9506-c0cbdee7e9e8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-09T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-05-09T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Win32k Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.8 (HIGH) | EPSS: 0.40919 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-29336", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29336"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-29336"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Win32k Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2023-05-09T00:00:00.000Z", "cvss_score": 7.8, "epss_score": 0.40919, "cvss_severity": "HIGH", "epss_percentile": 0.98477, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "700d7ac3-9733-4a53-b2d0-ed5880bb72e0", "vulnerability": {"vulnId": "CVE-2021-45046", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-01T00:00:00+00:00"}, "gcve": {"object_uuid": "700d7ac3-9733-4a53-b2d0-ed5880bb72e0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-01T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-05-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack | Affected: Apache Software Foundation / Apache Log4j | CVSS: 9.0 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-45046", "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-45046"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack", "vendor": "Apache Software Foundation", "product": "Apache Log4j", "added_date": "2023-05-01T00:00:00.000Z", "cvss_score": 9.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2cc37120-5215-4bf3-bc4b-0139c5c32fbf", "vulnerability": {"vulnId": "CVE-2023-1389", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-01T00:00:00+00:00"}, "gcve": {"object_uuid": "2cc37120-5215-4bf3-bc4b-0139c5c32fbf", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-01T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-05-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the... | Affected: TP-Link / TP-Link Archer AX21 (AX1800) | CVSS: 8.8 (HIGH) | EPSS: 0.99999 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-1389", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1389"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-1389"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the...", "vendor": "TP-Link", "product": "TP-Link Archer AX21 (AX1800)", "added_date": "2023-05-01T00:00:00.000Z", "cvss_score": 8.8, "epss_score": 0.99999, "cvss_severity": "HIGH", "epss_percentile": 0.99991, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c2fd763f-45e3-4030-8054-e427d772bea7", "vulnerability": {"vulnId": "CVE-2023-21839", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-01T00:00:00+00:00"}, "gcve": {"object_uuid": "c2fd763f-45e3-4030-8054-e427d772bea7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-01T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-05-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).  Supported versions that are affected are... | Affected: Oracle Corporation / WebLogic Server | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-21839", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21839"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-21839"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).  Supported versions that are affected are...", "vendor": "Oracle Corporation", "product": "WebLogic Server", "added_date": "2023-05-01T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "16dbebaa-25e2-4425-8189-062cc6a7468a", "vulnerability": {"vulnId": "CVE-2023-2136", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-04-21T00:00:00+00:00"}, "gcve": {"object_uuid": "16dbebaa-25e2-4425-8189-062cc6a7468a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-04-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-04-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially... | Affected: Google / Chrome | CVSS: 9.6 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-2136", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2136"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-2136"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially...", "vendor": "Google", "product": "Chrome", "added_date": "2023-04-21T00:00:00.000Z", "cvss_score": 9.6, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a8a2cc91-25fe-41ca-af38-fa8dc0069bcd", "vulnerability": {"vulnId": "CVE-2023-27350", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-04-21T00:00:00+00:00"}, "gcve": {"object_uuid": "a8a2cc91-25fe-41ca-af38-fa8dc0069bcd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-04-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-04-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication... | Affected: PaperCut / NG | CVSS: 9.8 (CRITICAL) | EPSS: 0.99999 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-27350", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27350"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-27350"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication...", "vendor": "PaperCut", "product": "NG", "added_date": "2023-04-21T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99999, "cvss_severity": "CRITICAL", "epss_percentile": 0.99991, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "04a10bb2-80d0-4275-9bf1-c8d778483613", "vulnerability": {"vulnId": "CVE-2023-28432", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-04-21T00:00:00+00:00"}, "gcve": {"object_uuid": "04a10bb2-80d0-4275-9bf1-c8d778483613", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-04-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-04-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Minio Information Disclosure in Cluster Deployment | Affected: minio / minio | CVSS: 7.5 (HIGH) | EPSS: 0.83957 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-28432", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28432"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-28432"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Minio Information Disclosure in Cluster Deployment", "vendor": "minio", "product": "minio", "added_date": "2023-04-21T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.83957, "cvss_severity": "HIGH", "epss_percentile": 0.99659, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "631815c4-5c73-426f-8cb3-70222df713ab", "vulnerability": {"vulnId": "CVE-2017-6742", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-04-19T00:00:00+00:00"}, "gcve": {"object_uuid": "631815c4-5c73-426f-8cb3-70222df713ab", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-04-19T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-04-19T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely... | Affected: Cisco, IntelliShield / Cisco IOS XE Software, Universal Product | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-6742", "url": "https://www.cve.org/CVERecord?id=CVE-2017-6742"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-6742"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely...", "vendor": "Cisco, IntelliShield", "product": "Cisco IOS XE Software, Universal Product", "added_date": "2023-04-19T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "11a7b8eb-eb11-4cce-b462-8846aa0d0130", "vulnerability": {"vulnId": "CVE-2019-8526", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-04-17T00:00:00+00:00"}, "gcve": {"object_uuid": "11a7b8eb-eb11-4cce-b462-8846aa0d0130", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-04-17T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-04-17T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to... | Affected: Apple / macOS | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-8526", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8526"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-8526"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to...", "vendor": "Apple", "product": "macOS", "added_date": "2023-04-17T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0ef8129a-4e71-4f19-b57c-eac8f8e77246", "vulnerability": {"vulnId": "CVE-2023-2033", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-04-17T00:00:00+00:00"}, "gcve": {"object_uuid": "0ef8129a-4e71-4f19-b57c-eac8f8e77246", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-04-17T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-04-17T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-2033", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2033"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-2033"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...", "vendor": "Google", "product": "Chrome", "added_date": "2023-04-17T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a778de99-9873-4302-8ab6-0ca12b23357d", "vulnerability": {"vulnId": "CVE-2023-20963", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-04-13T00:00:00+00:00"}, "gcve": {"object_uuid": "a778de99-9873-4302-8ab6-0ca12b23357d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-04-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-04-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges... | Affected: Google / Android | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-20963", "url": "https://www.cve.org/CVERecord?id=CVE-2023-20963"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-20963"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges...", "vendor": "Google", "product": "Android", "added_date": "2023-04-13T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "248acb90-25d5-4e87-851d-35292b7946b0", "vulnerability": {"vulnId": "CVE-2023-29492", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-04-13T00:00:00+00:00"}, "gcve": {"object_uuid": "248acb90-25d5-4e87-851d-35292b7946b0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-04-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-04-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not... | Affected: Novi Survey / Novi Survey | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-29492", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29492"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-29492"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not...", "vendor": "Novi Survey", "product": "Novi Survey", "added_date": "2023-04-13T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c3b8ed56-9da4-43c4-af66-3c1c83724976", "vulnerability": {"vulnId": "CVE-2023-28252", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-04-11T00:00:00+00:00"}, "gcve": {"object_uuid": "c3b8ed56-9da4-43c4-af66-3c1c83724976", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-04-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-04-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Common Log File System Driver Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.8 (HIGH) | EPSS: 0.48973 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-28252", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28252"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-28252"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2023-04-11T00:00:00.000Z", "cvss_score": 7.8, "epss_score": 0.48973, "cvss_severity": "HIGH", "epss_percentile": 0.98729, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5aa0dbf4-2b8b-4f1d-a33e-db86b24649ea", "vulnerability": {"vulnId": "CVE-2023-28205", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-04-10T00:00:00+00:00"}, "gcve": {"object_uuid": "5aa0dbf4-2b8b-4f1d-a33e-db86b24649ea", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-04-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-04-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS... | Affected: Apple / iOS and iPadOS, Safari, macOS | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-28205", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28205"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-28205"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS...", "vendor": "Apple", "product": "iOS and iPadOS, Safari, macOS", "added_date": "2023-04-10T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "085ef7db-3566-49db-88af-9ba35b8f7299", "vulnerability": {"vulnId": "CVE-2023-28206", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-04-10T00:00:00+00:00"}, "gcve": {"object_uuid": "085ef7db-3566-49db-88af-9ba35b8f7299", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-04-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-04-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.5, iOS 16.4.1 and iPadOS... | Affected: Apple / iOS and iPadOS, macOS | CVSS: 8.6 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-28206", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28206"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-28206"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.5, iOS 16.4.1 and iPadOS...", "vendor": "Apple", "product": "iOS and iPadOS, macOS", "added_date": "2023-04-10T00:00:00.000Z", "cvss_score": 8.6, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ae26d55a-bc51-4544-bcb0-0d24721e1e79", "vulnerability": {"vulnId": "CVE-2021-27877", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-04-07T00:00:00+00:00"}, "gcve": {"object_uuid": "ae26d55a-bc51-4544-bcb0-0d24721e1e79", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-04-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-04-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This... | Affected: Veritas / Backup Exec | CVSS: 8.2 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-27877", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27877"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-27877"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This...", "vendor": "Veritas", "product": "Backup Exec", "added_date": "2023-04-07T00:00:00.000Z", "cvss_score": 8.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e8a953b1-7c46-45c6-92d2-ba2109e42704", "vulnerability": {"vulnId": "CVE-2019-1388", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-04-07T00:00:00+00:00"}, "gcve": {"object_uuid": "e8a953b1-7c46-45c6-92d2-ba2109e42704", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-04-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-04-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows... | Affected: Microsoft / Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-1388", "url": "https://www.cve.org/CVERecord?id=CVE-2019-1388"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-1388"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows...", "vendor": "Microsoft", "product": "Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)", "added_date": "2023-04-07T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "711f8c9c-0111-420e-96a2-3a8e49247012", "vulnerability": {"vulnId": "CVE-2021-27876", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-04-07T00:00:00+00:00"}, "gcve": {"object_uuid": "711f8c9c-0111-420e-96a2-3a8e49247012", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-04-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-04-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication,... | Affected: Veritas / Backup Exec | CVSS: 8.1 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-27876", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27876"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-27876"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication,...", "vendor": "Veritas", "product": "Backup Exec", "added_date": "2023-04-07T00:00:00.000Z", "cvss_score": 8.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c54ff6e7-a403-42ac-b380-7731239d673a", "vulnerability": {"vulnId": "CVE-2023-26083", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-04-07T00:00:00+00:00"}, "gcve": {"object_uuid": "c54ff6e7-a403-42ac-b380-7731239d673a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-04-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-04-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all... | Affected: Arm / Mali GPU Kernel Driver | CVSS: 3.3 (LOW) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-26083", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26083"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-26083"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all...", "vendor": "Arm", "product": "Mali GPU Kernel Driver", "added_date": "2023-04-07T00:00:00.000Z", "cvss_score": 3.3, "epss_score": null, "cvss_severity": "LOW", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ccd8f0f4-5777-47c2-b050-fb0c5f1b177e", "vulnerability": {"vulnId": "CVE-2021-27878", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-04-07T00:00:00+00:00"}, "gcve": {"object_uuid": "ccd8f0f4-5777-47c2-b050-fb0c5f1b177e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-04-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-04-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication,... | Affected: Veritas / Backup Exec | CVSS: 8.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-27878", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27878"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-27878"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication,...", "vendor": "Veritas", "product": "Backup Exec", "added_date": "2023-04-07T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "10f79fee-cc99-498e-8fb7-7ede335cfc13", "vulnerability": {"vulnId": "CVE-2022-27926", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-04-03T00:00:00+00:00"}, "gcve": {"object_uuid": "10f79fee-cc99-498e-8fb7-7ede335cfc13", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-04-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-04-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows... | Affected: Zimbra / Collaboration | CVSS: 6.1 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-27926", "url": "https://www.cve.org/CVERecord?id=CVE-2022-27926"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-27926"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows...", "vendor": "Zimbra", "product": "Collaboration", "added_date": "2023-04-03T00:00:00.000Z", "cvss_score": 6.1, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "20f4e4a8-5398-4cdf-9994-cabcac0647a2", "vulnerability": {"vulnId": "CVE-2013-3163", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-30T00:00:00+00:00"}, "gcve": {"object_uuid": "20f4e4a8-5398-4cdf-9994-cabcac0647a2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-30T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-03-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a... | Affected: Microsoft / Internet Explorer | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-3163", "url": "https://www.cve.org/CVERecord?id=CVE-2013-3163"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-3163"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a...", "vendor": "Microsoft", "product": "Internet Explorer", "added_date": "2023-03-30T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "bef683e2-cb13-4c4c-9e3b-9df5b50b5856", "vulnerability": {"vulnId": "CVE-2022-42948", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-30T00:00:00+00:00"}, "gcve": {"object_uuid": "bef683e2-cb13-4c4c-9e3b-9df5b50b5856", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-30T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-03-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible... | Affected: HelpSystems / Cobalt Strike | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-42948", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42948"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-42948"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible...", "vendor": "HelpSystems", "product": "Cobalt Strike", "added_date": "2023-03-30T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4da6f1ea-d159-429f-a6e2-50c257e338c2", "vulnerability": {"vulnId": "CVE-2022-39197", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-30T00:00:00+00:00"}, "gcve": {"object_uuid": "4da6f1ea-d159-429f-a6e2-50c257e338c2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-30T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-03-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on... | Affected: HelpSystems / Cobalt Strike | CVSS: 6.1 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-39197", "url": "https://www.cve.org/CVERecord?id=CVE-2022-39197"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-39197"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on...", "vendor": "HelpSystems", "product": "Cobalt Strike", "added_date": "2023-03-30T00:00:00.000Z", "cvss_score": 6.1, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "36c9a966-854f-495e-8b29-075a0b685a96", "vulnerability": {"vulnId": "CVE-2021-30900", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-30T00:00:00+00:00"}, "gcve": {"object_uuid": "36c9a966-854f-495e-8b29-075a0b685a96", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-30T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-03-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.1 and iPadOS... | Affected: Apple / iOS and iPadOS | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-30900", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30900"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-30900"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.1 and iPadOS...", "vendor": "Apple", "product": "iOS and iPadOS", "added_date": "2023-03-30T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "eb21cb73-0c68-4603-8cc7-e2d30a1a941a", "vulnerability": {"vulnId": "CVE-2022-3038", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-30T00:00:00+00:00"}, "gcve": {"object_uuid": "eb21cb73-0c68-4603-8cc7-e2d30a1a941a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-30T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-03-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-3038", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3038"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-3038"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a...", "vendor": "Google", "product": "Chrome", "added_date": "2023-03-30T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "80528798-c36c-4546-88fe-5637c66dc40d", "vulnerability": {"vulnId": "CVE-2017-7494", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-30T00:00:00+00:00"}, "gcve": {"object_uuid": "80528798-c36c-4546-88fe-5637c66dc40d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-30T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-03-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to... | Affected: Samba / samba | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-7494", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7494"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-7494"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to...", "vendor": "Samba", "product": "samba", "added_date": "2023-03-30T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f851df7a-bf76-46d7-a454-3f1fd6884c6d", "vulnerability": {"vulnId": "CVE-2022-38181", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f851df7a-bf76-46d7-a454-3f1fd6884c6d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-30T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-03-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This affects Bifrost... | Affected: Arm / Mali GPU kernel driver | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-38181", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38181"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-38181"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This affects Bifrost...", "vendor": "Arm", "product": "Mali GPU kernel driver", "added_date": "2023-03-30T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5b078d3a-90c7-4c0d-b031-8b88eff244ce", "vulnerability": {"vulnId": "CVE-2023-0266", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-30T00:00:00+00:00"}, "gcve": {"object_uuid": "5b078d3a-90c7-4c0d-b031-8b88eff244ce", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-30T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-03-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Use after free in SNDRV_CTL_IOCTL_ELEM in Linux Kernel | Affected: Linux / Linux Kernel | CVSS: 7.9 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-0266", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0266"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-0266"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use after free in SNDRV_CTL_IOCTL_ELEM in Linux Kernel", "vendor": "Linux", "product": "Linux Kernel", "added_date": "2023-03-30T00:00:00.000Z", "cvss_score": 7.9, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "05beb996-c8f4-4a49-9e86-c9e05f97e51c", "vulnerability": {"vulnId": "CVE-2022-22706", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-30T00:00:00+00:00"}, "gcve": {"object_uuid": "05beb996-c8f4-4a49-9e86-c9e05f97e51c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-30T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-03-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through... | Affected: Arm / Mali GPU Kernel Driver | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-22706", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22706"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-22706"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through...", "vendor": "Arm", "product": "Mali GPU Kernel Driver", "added_date": "2023-03-30T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "787178f4-47f9-4638-a5df-2dd298a973de", "vulnerability": {"vulnId": "CVE-2023-27637", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-22T00:00:00+00:00"}, "gcve": {"object_uuid": "787178f4-47f9-4638-a5df-2dd298a973de", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-22T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-03-22T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a... | Affected: tshirtecommerce / Custom Product Designer for PrestaShop | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2023-27637", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27637"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-27637"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a...", "vendor": "tshirtecommerce", "product": "Custom Product Designer for PrestaShop", "added_date": "2023-03-22T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "70bbe4a5-d308-4274-a127-5aec67163269", "vulnerability": {"vulnId": "CVE-2023-26360", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-15T00:00:00+00:00"}, "gcve": {"object_uuid": "70bbe4a5-d308-4274-a127-5aec67163269", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-03-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe ColdFusion Improper Access Control Arbitrary code execution | Affected: Adobe / ColdFusion | CVSS: 8.6 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-26360", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26360"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-26360"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe ColdFusion Improper Access Control Arbitrary code execution", "vendor": "Adobe", "product": "ColdFusion", "added_date": "2023-03-15T00:00:00.000Z", "cvss_score": 8.6, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "984e44eb-a95b-455f-92e7-58e7e489d053", "vulnerability": {"vulnId": "CVE-2022-41328", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-14T00:00:00+00:00"}, "gcve": {"object_uuid": "984e44eb-a95b-455f-92e7-58e7e489d053", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-14T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-03-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through... | Affected: Fortinet / FortiOS | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-41328", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41328"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-41328"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through...", "vendor": "Fortinet", "product": "FortiOS", "added_date": "2023-03-14T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f9044162-a9e9-4735-9576-6cf741d9f126", "vulnerability": {"vulnId": "CVE-2023-24880", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-14T00:00:00+00:00"}, "gcve": {"object_uuid": "f9044162-a9e9-4735-9576-6cf741d9f126", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-14T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-03-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows SmartScreen Security Feature Bypass Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation) | CVSS: 4.4 (MEDIUM) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-24880", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24880"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-24880"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows SmartScreen Security Feature Bypass Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation)", "added_date": "2023-03-14T00:00:00.000Z", "cvss_score": 4.4, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "bcc58cae-7aae-484d-bd08-133d5bd4fd29", "vulnerability": {"vulnId": "CVE-2023-23397", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-14T00:00:00+00:00"}, "gcve": {"object_uuid": "bcc58cae-7aae-484d-bd08-133d5bd4fd29", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-14T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-03-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Outlook Elevation of Privilege Vulnerability | Affected: Microsoft / Microsoft Office LTSC 2021, Microsoft Outlook 2016, Microsoft 365 Apps for Enterprise, Microsoft Office 2019, Microsoft Outlook 2013 Service Pack 1 | CVSS: 9.8 (CRITICAL) | EPSS: 0.97408 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-23397", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23397"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-23397"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Outlook Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Microsoft Office LTSC 2021, Microsoft Outlook 2016, Microsoft 365 Apps for Enterprise, Microsoft Office 2019, Microsoft Outlook 2013 Service Pack 1", "added_date": "2023-03-14T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.97408, "cvss_severity": "CRITICAL", "epss_percentile": 0.9989, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "bdb9db03-9caf-408e-9629-3c78348b20be", "vulnerability": {"vulnId": "CVE-2020-5741", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-10T00:00:00+00:00"}, "gcve": {"object_uuid": "bdb9db03-9caf-408e-9629-3c78348b20be", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-03-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code. | Affected: Plex / Plex Media Server (Windows) | CVSS: 7.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-5741", "url": "https://www.cve.org/CVERecord?id=CVE-2020-5741"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-5741"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code.", "vendor": "Plex", "product": "Plex Media Server (Windows)", "added_date": "2023-03-10T00:00:00.000Z", "cvss_score": 7.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "71c5f0a4-2be7-405c-a788-73f187292628", "vulnerability": {"vulnId": "CVE-2021-39144", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-10T00:00:00+00:00"}, "gcve": {"object_uuid": "71c5f0a4-2be7-405c-a788-73f187292628", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-03-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: XStream is vulnerable to a Remote Command Execution attack | Affected: x-stream / xstream | CVSS: 8.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-39144", "url": "https://www.cve.org/CVERecord?id=CVE-2021-39144"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-39144"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "XStream is vulnerable to a Remote Command Execution attack", "vendor": "x-stream", "product": "xstream", "added_date": "2023-03-10T00:00:00.000Z", "cvss_score": 8.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "309a44b9-20c7-44fa-8cb3-3d84ccc7ee32", "vulnerability": {"vulnId": "CVE-2022-28810", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-07T00:00:00+00:00"}, "gcve": {"object_uuid": "309a44b9-20c7-44fa-8cb3-3d84ccc7ee32", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-03-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as... | Affected: Zoho / ManageEngine ADSelfService Plus | CVSS: 6.8 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-28810", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28810"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-28810"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as...", "vendor": "Zoho", "product": "ManageEngine ADSelfService Plus", "added_date": "2023-03-07T00:00:00.000Z", "cvss_score": 6.8, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7d97ab37-131d-4a3e-b581-ecd2918981b9", "vulnerability": {"vulnId": "CVE-2022-33891", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-07T00:00:00+00:00"}, "gcve": {"object_uuid": "7d97ab37-131d-4a3e-b581-ecd2918981b9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-03-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Apache Spark shell command injection vulnerability via Spark UI | Affected: Apache Software Foundation / Apache Spark | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-33891", "url": "https://www.cve.org/CVERecord?id=CVE-2022-33891"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-33891"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Apache Spark shell command injection vulnerability via Spark UI", "vendor": "Apache Software Foundation", "product": "Apache Spark", "added_date": "2023-03-07T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "43ebd6ae-d1b2-4baa-a087-166bd358bd46", "vulnerability": {"vulnId": "CVE-2022-35914", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-07T00:00:00+00:00"}, "gcve": {"object_uuid": "43ebd6ae-d1b2-4baa-a087-166bd358bd46", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-03-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection. | Affected: GLPI / GLPI | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-35914", "url": "https://www.cve.org/CVERecord?id=CVE-2022-35914"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-35914"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.", "vendor": "GLPI", "product": "GLPI", "added_date": "2023-03-07T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9b5c1eda-abcc-48ac-abcc-1954647bcf18", "vulnerability": {"vulnId": "CVE-2022-36537", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-02-27T00:00:00+00:00"}, "gcve": {"object_uuid": "9b5c1eda-abcc-48ac-abcc-1954647bcf18", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-02-27T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-02-27T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the... | Affected: Potix Corporation / ZK Framework | CVSS: 7.5 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-36537", "url": "https://www.cve.org/CVERecord?id=CVE-2022-36537"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-36537"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the...", "vendor": "Potix Corporation", "product": "ZK Framework", "added_date": "2023-02-27T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6347f2d4-ccbf-4958-a99d-7ca3c0db47f9", "vulnerability": {"vulnId": "CVE-2022-40765", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-02-21T00:00:00+00:00"}, "gcve": {"object_uuid": "6347f2d4-ccbf-4958-a99d-7ca3c0db47f9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-02-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-02-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with... | Affected: Mitel / MiVoice Connect | CVSS: 6.8 (MEDIUM) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-40765", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40765"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-40765"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with...", "vendor": "Mitel", "product": "MiVoice Connect", "added_date": "2023-02-21T00:00:00.000Z", "cvss_score": 6.8, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d6c9f864-06cc-4ab9-84b5-acc86d50de0c", "vulnerability": {"vulnId": "CVE-2022-41223", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-02-21T00:00:00+00:00"}, "gcve": {"object_uuid": "d6c9f864-06cc-4ab9-84b5-acc86d50de0c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-02-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-02-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection... | Affected: Mitel / MiVoice Connect | CVSS: 6.8 (MEDIUM) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-41223", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41223"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-41223"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection...", "vendor": "Mitel", "product": "MiVoice Connect", "added_date": "2023-02-21T00:00:00.000Z", "cvss_score": 6.8, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "db3c3676-eca0-435b-a063-c595a88e3788", "vulnerability": {"vulnId": "CVE-2022-47986", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-02-21T00:00:00+00:00"}, "gcve": {"object_uuid": "db3c3676-eca0-435b-a063-c595a88e3788", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-02-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-02-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: IBM Aspera Faspex code execution | Affected: IBM / Aspera Faspex | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-47986", "url": "https://www.cve.org/CVERecord?id=CVE-2022-47986"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-47986"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "IBM Aspera Faspex code execution", "vendor": "IBM", "product": "Aspera Faspex", "added_date": "2023-02-21T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "089a1bc5-a542-4ff0-83f0-2b3be67bf516", "vulnerability": {"vulnId": "CVE-2022-46169", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-02-16T00:00:00+00:00"}, "gcve": {"object_uuid": "089a1bc5-a542-4ff0-83f0-2b3be67bf516", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-02-16T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-02-16T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unauthenticated Command Injection | Affected: Cacti / cacti | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-46169", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46169"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-46169"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unauthenticated Command Injection", "vendor": "Cacti", "product": "cacti", "added_date": "2023-02-16T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "bf1770b9-505e-4c79-a513-f8237cbea019", "vulnerability": {"vulnId": "CVE-2023-23376", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-02-14T00:00:00+00:00"}, "gcve": {"object_uuid": "bf1770b9-505e-4c79-a513-f8237cbea019", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-02-14T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-02-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Common Log File System Driver Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-23376", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23376"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-23376"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2023-02-14T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4d5ab34c-a544-45f9-8633-1273194016ab", "vulnerability": {"vulnId": "CVE-2023-21715", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-02-14T00:00:00+00:00"}, "gcve": {"object_uuid": "4d5ab34c-a544-45f9-8633-1273194016ab", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-02-14T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-02-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Publisher Security Feature Bypass Vulnerability | Affected: Microsoft / Microsoft 365 Apps for Enterprise | CVSS: 7.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-21715", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21715"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-21715"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Publisher Security Feature Bypass Vulnerability", "vendor": "Microsoft", "product": "Microsoft 365 Apps for Enterprise", "added_date": "2023-02-14T00:00:00.000Z", "cvss_score": 7.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a62c2f55-9dba-46fd-9a60-6d6bc8d89dc9", "vulnerability": {"vulnId": "CVE-2023-21823", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-02-14T00:00:00+00:00"}, "gcve": {"object_uuid": "a62c2f55-9dba-46fd-9a60-6d6bc8d89dc9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-02-14T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-02-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Graphics Component Remote Code Execution Vulnerability | Affected: Microsoft / Microsoft Office for Android, Microsoft Office for Universal, Microsoft Office for iOS, Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-21823", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21823"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-21823"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Graphics Component Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Microsoft Office for Android, Microsoft Office for Universal, Microsoft Office for iOS, Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2023-02-14T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d82432a9-e3c6-4eae-84c2-def076476013", "vulnerability": {"vulnId": "CVE-2023-23529", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-02-14T00:00:00+00:00"}, "gcve": {"object_uuid": "d82432a9-e3c6-4eae-84c2-def076476013", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-02-14T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-02-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS... | Affected: Apple / iOS and iPadOS, Safari, macOS | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-23529", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23529"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-23529"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS...", "vendor": "Apple", "product": "iOS and iPadOS, Safari, macOS", "added_date": "2023-02-14T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "dcc6fd23-a0aa-4f65-b9b9-2183abfd8379", "vulnerability": {"vulnId": "CVE-2023-0669", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "dcc6fd23-a0aa-4f65-b9b9-2183abfd8379", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-02-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-02-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Fortra GoAnywhere MFT License Response Servlet Command Injection | Affected: Fortra / Goanywhere MFT | CVSS: 7.2 (HIGH) | EPSS: 0.99999 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-0669", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0669"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-0669"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Fortra GoAnywhere MFT License Response Servlet Command Injection", "vendor": "Fortra", "product": "Goanywhere MFT", "added_date": "2023-02-10T00:00:00.000Z", "cvss_score": 7.2, "epss_score": 0.99999, "cvss_severity": "HIGH", "epss_percentile": 0.99996, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "dc3eb1e5-4338-444e-b597-556ec8cabb24", "vulnerability": {"vulnId": "CVE-2022-24990", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "dc3eb1e5-4338-444e-b597-556ec8cabb24", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-02-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-02-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending \"User-Agent: TNAS\" to... | Affected: TerraMaster / NAS | CVSS: 7.5 (HIGH) | EPSS: 0.8405 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-24990", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24990"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-24990"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending \"User-Agent: TNAS\" to...", "vendor": "TerraMaster", "product": "NAS", "added_date": "2023-02-10T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.8405, "cvss_severity": "HIGH", "epss_percentile": 0.99661, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c3fb585a-3e79-4e13-94ec-8d6141d2554c", "vulnerability": {"vulnId": "CVE-2015-2291", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "c3fb585a-3e79-4e13-94ec-8d6141d2554c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-02-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-02-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: (1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a... | Affected: Intel / Ethernet diagnostics driver for Windows | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-2291", "url": "https://www.cve.org/CVERecord?id=CVE-2015-2291"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-2291"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a...", "vendor": "Intel", "product": "Ethernet diagnostics driver for Windows", "added_date": "2023-02-10T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ee022d4b-fa63-497a-bc0c-9093c688d3d8", "vulnerability": {"vulnId": "CVE-2023-22952", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-02-02T00:00:00+00:00"}, "gcve": {"object_uuid": "ee022d4b-fa63-497a-bc0c-9093c688d3d8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-02-02T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-02-02T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation. | Affected: SugarCRM / SugarCRM | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-22952", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22952"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-22952"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation.", "vendor": "SugarCRM", "product": "SugarCRM", "added_date": "2023-02-02T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5292eb96-553d-448e-9709-a2205ff57335", "vulnerability": {"vulnId": "CVE-2022-21587", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-02-02T00:00:00+00:00"}, "gcve": {"object_uuid": "5292eb96-553d-448e-9709-a2205ff57335", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-02-02T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-02-02T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are... | Affected: Oracle Corporation / Web Applications Desktop Integrator | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-21587", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21587"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-21587"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are...", "vendor": "Oracle Corporation", "product": "Web Applications Desktop Integrator", "added_date": "2023-02-02T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b25958f1-c88b-452d-8482-f83bfe9f95e7", "vulnerability": {"vulnId": "CVE-2017-11357", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-01-26T00:00:00+00:00"}, "gcve": {"object_uuid": "b25958f1-c88b-452d-8482-f83bfe9f95e7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-01-26T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-01-26T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to... | Affected: Progress / Telerik UI for ASP.NET AJAX | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-11357", "url": "https://www.cve.org/CVERecord?id=CVE-2017-11357"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-11357"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to...", "vendor": "Progress", "product": "Telerik UI for ASP.NET AJAX", "added_date": "2023-01-26T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "61589b93-f34b-495c-9a0b-01e7715f02f7", "vulnerability": {"vulnId": "CVE-2022-47966", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-01-23T00:00:00+00:00"}, "gcve": {"object_uuid": "61589b93-f34b-495c-9a0b-01e7715f02f7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-01-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-01-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario... | Affected: Zoho / ManageEngine | CVSS: 9.8 (CRITICAL) | EPSS: 0.99753 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-47966", "url": "https://www.cve.org/CVERecord?id=CVE-2022-47966"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-47966"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario...", "vendor": "Zoho", "product": "ManageEngine", "added_date": "2023-01-23T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99753, "cvss_severity": "CRITICAL", "epss_percentile": 0.99954, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5d35092d-50e7-456c-b1d9-6ebf73d62b4a", "vulnerability": {"vulnId": "CVE-2022-44877", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-01-17T00:00:00+00:00"}, "gcve": {"object_uuid": "5d35092d-50e7-456c-b1d9-6ebf73d62b4a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-01-17T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-01-17T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via... | Affected: CWP (Control Web Panel) / Control Web Panel | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-44877", "url": "https://www.cve.org/CVERecord?id=CVE-2022-44877"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-44877"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via...", "vendor": "CWP (Control Web Panel)", "product": "Control Web Panel", "added_date": "2023-01-17T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6dad1659-8c87-456b-aafb-f9ee0155c43a", "vulnerability": {"vulnId": "CVE-2022-41080", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "6dad1659-8c87-456b-aafb-f9ee0155c43a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-01-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-01-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Exchange Server Elevation of Privilege Vulnerability | Affected: Microsoft / Microsoft Exchange Server 2016 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 12, Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 11, Microsoft Exchange Server 2016 Cumulative Update 22 | CVSS: 8.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-41080", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41080"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-41080"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Exchange Server Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Microsoft Exchange Server 2016 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 12, Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 11, Microsoft Exchange Server 2016 Cumulative Update 22", "added_date": "2023-01-10T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f644a668-733c-4fa3-b92e-84bc6b7d3ec5", "vulnerability": {"vulnId": "CVE-2023-21674", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "f644a668-733c-4fa3-b92e-84bc6b7d3ec5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-01-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2023-01-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 8.1, Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2023-21674", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21674"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-21674"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 8.1, Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2023-01-10T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "571d7909-3988-47a2-a2d8-6e9e8aa00920", "vulnerability": {"vulnId": "CVE-2018-18809", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-12-29T00:00:00+00:00"}, "gcve": {"object_uuid": "571d7909-3988-47a2-a2d8-6e9e8aa00920", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-12-29T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-12-29T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: TIBCO JasperReports Library Directory Traversal Vulnerability | Affected: TIBCO Software Inc. / TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS | CVSS: 9.9 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-18809", "url": "https://www.cve.org/CVERecord?id=CVE-2018-18809"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-18809"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "TIBCO JasperReports Library Directory Traversal Vulnerability", "vendor": "TIBCO Software Inc.", "product": "TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS", "added_date": "2022-12-29T00:00:00.000Z", "cvss_score": 9.9, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5b13a073-630a-4fe7-bbe3-127159d3e24c", "vulnerability": {"vulnId": "CVE-2018-5430", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-12-29T00:00:00+00:00"}, "gcve": {"object_uuid": "5b13a073-630a-4fe7-bbe3-127159d3e24c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-12-29T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-12-29T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: TIBCO JasperReports Server Information Disclosure Vulnerability | Affected: TIBCO Software Inc. / TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS | CVSS: 7.7 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-5430", "url": "https://www.cve.org/CVERecord?id=CVE-2018-5430"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-5430"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "TIBCO JasperReports Server Information Disclosure Vulnerability", "vendor": "TIBCO Software Inc.", "product": "TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS", "added_date": "2022-12-29T00:00:00.000Z", "cvss_score": 7.7, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8799e8fb-f897-43e7-a0d6-5cd1b42f775e", "vulnerability": {"vulnId": "CVE-2022-45359", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-12-22T09:23:55+00:00"}, "gcve": {"object_uuid": "8799e8fb-f897-43e7-a0d6-5cd1b42f775e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-12-22T09:23:55+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-12-22T09:23:55+00:00"}, "scope": {"notes": "KEVIntel entry: WordPress YITH WooCommerce Gift Cards Premium Plugin <= 3.19.0 is vulnerable to Arbitrary File Upload | Affected: YITH / YITH WooCommerce Gift Cards | CVSS: 9.8 (CRITICAL) | EPSS: 0.17432 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-45359", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45359"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-45359"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WordPress YITH WooCommerce Gift Cards Premium Plugin <= 3.19.0 is vulnerable to Arbitrary File Upload", "vendor": "YITH", "product": "YITH WooCommerce Gift Cards", "added_date": "2022-12-22T09:23:55.000Z", "cvss_score": 9.8, "epss_score": 0.17432, "cvss_severity": "CRITICAL", "epss_percentile": 0.94679, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "828d0d42-428e-4ee7-b1c0-9cfa8d5e45ef", "vulnerability": {"vulnId": "CVE-2022-42856", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-12-14T00:00:00+00:00"}, "gcve": {"object_uuid": "828d0d42-428e-4ee7-b1c0-9cfa8d5e45ef", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-12-14T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-12-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2... | Affected: Apple / tvOS | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-42856", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42856"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-42856"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2...", "vendor": "Apple", "product": "tvOS", "added_date": "2022-12-14T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "73dcb603-42e5-4afe-bf3a-25f57ce3cc88", "vulnerability": {"vulnId": "CVE-2022-26501", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-12-13T00:00:00+00:00"}, "gcve": {"object_uuid": "73dcb603-42e5-4afe-bf3a-25f57ce3cc88", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-12-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-12-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2). | Affected: Veeam / Backup & Replication | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-26501", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26501"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-26501"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2).", "vendor": "Veeam", "product": "Backup & Replication", "added_date": "2022-12-13T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cc428950-b649-4c90-9a2b-0f26f913cba6", "vulnerability": {"vulnId": "CVE-2022-26500", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-12-13T00:00:00+00:00"}, "gcve": {"object_uuid": "cc428950-b649-4c90-9a2b-0f26f913cba6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-12-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-12-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to... | Affected: Veeam / Backup & Replication | CVSS: 8.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-26500", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26500"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-26500"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to...", "vendor": "Veeam", "product": "Backup & Replication", "added_date": "2022-12-13T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9e983556-9bb1-4666-a63b-c6c5b38aea3b", "vulnerability": {"vulnId": "CVE-2022-27518", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-12-13T00:00:00+00:00"}, "gcve": {"object_uuid": "9e983556-9bb1-4666-a63b-c6c5b38aea3b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-12-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-12-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unauthenticated remote arbitrary code execution | Affected: Citrix / Citrix Gateway, Citrix ADC | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-27518", "url": "https://www.cve.org/CVERecord?id=CVE-2022-27518"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-27518"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unauthenticated remote arbitrary code execution", "vendor": "Citrix", "product": "Citrix Gateway, Citrix ADC", "added_date": "2022-12-13T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e5dc9432-abd4-4d5d-a278-e189b1a10ec2", "vulnerability": {"vulnId": "CVE-2022-42475", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-12-13T00:00:00+00:00"}, "gcve": {"object_uuid": "e5dc9432-abd4-4d5d-a278-e189b1a10ec2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-12-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-12-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A heap-based buffer overflow vulnerability [CWE-122]\u00a0in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0... | Affected: Fortinet / FortiProxy, FortiOS | CVSS: 9.3 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-42475", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42475"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-42475"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A heap-based buffer overflow vulnerability [CWE-122]\u00a0in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0...", "vendor": "Fortinet", "product": "FortiProxy, FortiOS", "added_date": "2022-12-13T00:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c0a1c764-7382-443e-acc2-a8bb023c50fa", "vulnerability": {"vulnId": "CVE-2022-44698", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-12-13T00:00:00+00:00"}, "gcve": {"object_uuid": "c0a1c764-7382-443e-acc2-a8bb023c50fa", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-12-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-12-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows SmartScreen Security Feature Bypass Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 10 Version 1607, Windows Server 2016 | CVSS: 5.4 (MEDIUM) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-44698", "url": "https://www.cve.org/CVERecord?id=CVE-2022-44698"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-44698"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows SmartScreen Security Feature Bypass Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 10 Version 1607, Windows Server 2016", "added_date": "2022-12-13T00:00:00.000Z", "cvss_score": 5.4, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d99f675b-388a-4993-8bf8-35be58f1c1a6", "vulnerability": {"vulnId": "CVE-2022-4262", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-12-05T00:00:00+00:00"}, "gcve": {"object_uuid": "d99f675b-388a-4993-8bf8-35be58f1c1a6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-12-05T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-12-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-4262", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4262"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-4262"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...", "vendor": "Google", "product": "Chrome", "added_date": "2022-12-05T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2783729e-add5-4629-a09b-8c605ee90ced", "vulnerability": {"vulnId": "CVE-2021-35587", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-11-28T00:00:00+00:00"}, "gcve": {"object_uuid": "2783729e-add5-4629-a09b-8c605ee90ced", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-11-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-11-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are... | Affected: Oracle Corporation / Access Manager | CVSS: 9.8 (CRITICAL) | EPSS: 0.96284 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-35587", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35587"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-35587"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are...", "vendor": "Oracle Corporation", "product": "Access Manager", "added_date": "2022-11-28T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.96284, "cvss_severity": "CRITICAL", "epss_percentile": 0.99872, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "dd3fdd42-c971-4c2e-ac17-d31067acae46", "vulnerability": {"vulnId": "CVE-2022-4135", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-11-28T00:00:00+00:00"}, "gcve": {"object_uuid": "dd3fdd42-c971-4c2e-ac17-d31067acae46", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-11-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-11-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to... | Affected: Google / Chrome | CVSS: 9.6 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-4135", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4135"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-4135"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to...", "vendor": "Google", "product": "Chrome", "added_date": "2022-11-28T00:00:00.000Z", "cvss_score": 9.6, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7ba71709-dd1f-4575-b6cc-43f9e1ff1ab1", "vulnerability": {"vulnId": "CVE-2022-41049", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-11-14T00:00:00+00:00"}, "gcve": {"object_uuid": "7ba71709-dd1f-4575-b6cc-43f9e1ff1ab1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-11-14T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-11-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Mark of the Web Security Feature Bypass Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 11 version 22H2, Windows 10 Version 22H2 | CVSS: 5.4 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-41049", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41049"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-41049"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Mark of the Web Security Feature Bypass Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 11 version 22H2, Windows 10 Version 22H2", "added_date": "2022-11-14T00:00:00.000Z", "cvss_score": 5.4, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "62456624-ca86-4e5d-b4fe-fbcb9d30813a", "vulnerability": {"vulnId": "CVE-2022-41125", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-11-08T00:00:00+00:00"}, "gcve": {"object_uuid": "62456624-ca86-4e5d-b4fe-fbcb9d30813a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-11-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-11-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 8.1, Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-41125", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41125"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-41125"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows CNG Key Isolation Service Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 8.1, Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2022-11-08T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "66c1fe1f-f0e7-44f3-b411-0e70c909c2c6", "vulnerability": {"vulnId": "CVE-2022-41073", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-11-08T00:00:00+00:00"}, "gcve": {"object_uuid": "66c1fe1f-f0e7-44f3-b411-0e70c909c2c6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-11-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-11-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Print Spooler Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-41073", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41073"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-41073"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Print Spooler Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2022-11-08T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b0dce965-5e15-440d-b5b4-d963c963fa59", "vulnerability": {"vulnId": "CVE-2021-25337", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-11-08T00:00:00+00:00"}, "gcve": {"object_uuid": "b0dce965-5e15-440d-b5b4-d963c963fa59", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-11-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-11-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or... | Affected: Samsung Mobile / Samsung Mobile Devices | CVSS: 4.4 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-25337", "url": "https://www.cve.org/CVERecord?id=CVE-2021-25337"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-25337"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or...", "vendor": "Samsung Mobile", "product": "Samsung Mobile Devices", "added_date": "2022-11-08T00:00:00.000Z", "cvss_score": 4.4, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "aa9b756b-7c10-4fe3-aaf1-d6aac96a3554", "vulnerability": {"vulnId": "CVE-2022-41091", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-11-08T00:00:00+00:00"}, "gcve": {"object_uuid": "aa9b756b-7c10-4fe3-aaf1-d6aac96a3554", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-11-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-11-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Mark of the Web Security Feature Bypass Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 11 version 22H2, Windows 10 Version 22H2 | CVSS: 5.4 (MEDIUM) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-41091", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41091"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-41091"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Mark of the Web Security Feature Bypass Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 11 version 22H2, Windows 10 Version 22H2", "added_date": "2022-11-08T00:00:00.000Z", "cvss_score": 5.4, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4be7225d-71a1-4db6-87e4-b2b93f218d91", "vulnerability": {"vulnId": "CVE-2021-25370", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-11-08T00:00:00+00:00"}, "gcve": {"object_uuid": "4be7225d-71a1-4db6-87e4-b2b93f218d91", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-11-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-11-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel... | Affected: Samsung Mobile / Samsung Mobile Devices | CVSS: 6.1 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-25370", "url": "https://www.cve.org/CVERecord?id=CVE-2021-25370"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-25370"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel...", "vendor": "Samsung Mobile", "product": "Samsung Mobile Devices", "added_date": "2022-11-08T00:00:00.000Z", "cvss_score": 6.1, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4ab8d1f7-84c2-4013-b48c-c4c5b4562aab", "vulnerability": {"vulnId": "CVE-2021-25369", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-11-08T00:00:00+00:00"}, "gcve": {"object_uuid": "4ab8d1f7-84c2-4013-b48c-c4c5b4562aab", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-11-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-11-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace. | Affected: Samsung Mobile / Samsung Mobile Devices | CVSS: 6.2 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-25369", "url": "https://www.cve.org/CVERecord?id=CVE-2021-25369"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-25369"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace.", "vendor": "Samsung Mobile", "product": "Samsung Mobile Devices", "added_date": "2022-11-08T00:00:00.000Z", "cvss_score": 6.2, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f1d9c180-6e5b-4e25-b4ff-51d5fd19fa73", "vulnerability": {"vulnId": "CVE-2022-41128", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-11-08T00:00:00+00:00"}, "gcve": {"object_uuid": "f1d9c180-6e5b-4e25-b4ff-51d5fd19fa73", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-11-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-11-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Scripting Languages Remote Code Execution Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 R2 Service Pack 1, Windows Server 2012, Windows Server 2012 R2 | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-41128", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41128"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-41128"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Scripting Languages Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 R2 Service Pack 1, Windows Server 2012, Windows Server 2012 R2", "added_date": "2022-11-08T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "54486f57-ca65-40d6-abfd-441fc373324a", "vulnerability": {"vulnId": "CVE-2022-3723", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-10-28T00:00:00+00:00"}, "gcve": {"object_uuid": "54486f57-ca65-40d6-abfd-441fc373324a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-10-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-10-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-3723", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3723"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-3723"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...", "vendor": "Google", "product": "Chrome", "added_date": "2022-10-28T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d660cfef-8dc5-48ca-b2e6-4c0a6853d86c", "vulnerability": {"vulnId": "CVE-2022-42827", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-10-25T00:00:00+00:00"}, "gcve": {"object_uuid": "d660cfef-8dc5-48ca-b2e6-4c0a6853d86c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-10-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-10-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS... | Affected: Apple / iOS and iPadOS | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-42827", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42827"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-42827"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS...", "vendor": "Apple", "product": "iOS and iPadOS", "added_date": "2022-10-25T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "eaecd40e-8d87-485f-be8a-d94a9946020e", "vulnerability": {"vulnId": "CVE-2018-19322", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-10-24T00:00:00+00:00"}, "gcve": {"object_uuid": "eaecd40e-8d87-485f-be8a-d94a9946020e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-10-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-10-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before... | Affected: GIGABYTE / APP Center, AORUS GRAPHICS ENGINE, XTREME GAMING ENGINE, OC GURU II | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-19322", "url": "https://www.cve.org/CVERecord?id=CVE-2018-19322"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-19322"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before...", "vendor": "GIGABYTE", "product": "APP Center, AORUS GRAPHICS ENGINE, XTREME GAMING ENGINE, OC GURU II", "added_date": "2022-10-24T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "af0081f2-23be-448a-bdf1-30a142de6c09", "vulnerability": {"vulnId": "CVE-2018-19321", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-10-24T00:00:00+00:00"}, "gcve": {"object_uuid": "af0081f2-23be-448a-bdf1-30a142de6c09", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-10-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-10-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before... | Affected: GIGABYTE / APP Center, AORUS GRAPHICS ENGINE, XTREME GAMING ENGINE, OC GURU II | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-19321", "url": "https://www.cve.org/CVERecord?id=CVE-2018-19321"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-19321"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before...", "vendor": "GIGABYTE", "product": "APP Center, AORUS GRAPHICS ENGINE, XTREME GAMING ENGINE, OC GURU II", "added_date": "2022-10-24T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "89c3d912-92de-40d4-bf8d-993bd6be5842", "vulnerability": {"vulnId": "CVE-2018-19320", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-10-24T00:00:00+00:00"}, "gcve": {"object_uuid": "89c3d912-92de-40d4-bf8d-993bd6be5842", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-10-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-10-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC... | Affected: GIGABYTE / APP Center, AORUS GRAPHICS ENGINE, XTREME GAMING ENGINE, OC GURU II | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-19320", "url": "https://www.cve.org/CVERecord?id=CVE-2018-19320"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-19320"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC...", "vendor": "GIGABYTE", "product": "APP Center, AORUS GRAPHICS ENGINE, XTREME GAMING ENGINE, OC GURU II", "added_date": "2022-10-24T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7a546435-66e4-4e3d-a26b-a735d76f3917", "vulnerability": {"vulnId": "CVE-2020-3153", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-10-24T00:00:00+00:00"}, "gcve": {"object_uuid": "7a546435-66e4-4e3d-a26b-a735d76f3917", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-10-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-10-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability | Affected: Cisco / Cisco AnyConnect Secure Mobility Client | CVSS: 6.5 (MEDIUM) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-3153", "url": "https://www.cve.org/CVERecord?id=CVE-2020-3153"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-3153"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability", "vendor": "Cisco", "product": "Cisco AnyConnect Secure Mobility Client", "added_date": "2022-10-24T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c4ca16d9-6cdc-4ad3-85a3-2442401c03dd", "vulnerability": {"vulnId": "CVE-2018-19323", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-10-24T00:00:00+00:00"}, "gcve": {"object_uuid": "c4ca16d9-6cdc-4ad3-85a3-2442401c03dd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-10-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-10-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC... | Affected: GIGABYTE / APP Center, AORUS GRAPHICS ENGINE, XTREME GAMING ENGINE, OC GURU II | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-19323", "url": "https://www.cve.org/CVERecord?id=CVE-2018-19323"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-19323"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC...", "vendor": "GIGABYTE", "product": "APP Center, AORUS GRAPHICS ENGINE, XTREME GAMING ENGINE, OC GURU II", "added_date": "2022-10-24T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "dbdf4bb6-dee4-4f75-9456-e36c22438cec", "vulnerability": {"vulnId": "CVE-2020-3433", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-10-24T00:00:00+00:00"}, "gcve": {"object_uuid": "dbdf4bb6-dee4-4f75-9456-e36c22438cec", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-10-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-10-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability | Affected: Cisco / Cisco AnyConnect Secure Mobility Client | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-3433", "url": "https://www.cve.org/CVERecord?id=CVE-2020-3433"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-3433"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability", "vendor": "Cisco", "product": "Cisco AnyConnect Secure Mobility Client", "added_date": "2022-10-24T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e145175f-02e7-4cb6-a5a2-ef6dc7303a52", "vulnerability": {"vulnId": "CVE-2022-42889", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-10-20T11:40:50+00:00"}, "gcve": {"object_uuid": "e145175f-02e7-4cb6-a5a2-ef6dc7303a52", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-10-20T11:40:50+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-10-20T11:40:50+00:00"}, "scope": {"notes": "KEVIntel entry: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults | Affected: Apache Software Foundation / Apache Commons Text | CVSS: 9.8 (CRITICAL) | EPSS: 0.94161 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-42889", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-42889"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults", "vendor": "Apache Software Foundation", "product": "Apache Commons Text", "added_date": "2022-10-20T11:40:50.000Z", "cvss_score": 9.8, "epss_score": 0.94161, "cvss_severity": "CRITICAL", "epss_percentile": 0.999, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "5c5dd127-e116-44bf-a84d-0336f6e5d4eb", "vulnerability": {"vulnId": "CVE-2022-41352", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-10-20T00:00:00+00:00"}, "gcve": {"object_uuid": "5c5dd127-e116-44bf-a84d-0336f6e5d4eb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-10-20T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-10-20T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole... | Affected: Zimbra / Collaboration | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-41352", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41352"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-41352"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole...", "vendor": "Zimbra", "product": "Collaboration", "added_date": "2022-10-20T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ea54b633-29cb-4291-802a-3a3d3631d6e3", "vulnerability": {"vulnId": "CVE-2021-3493", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-10-20T00:00:00+00:00"}, "gcve": {"object_uuid": "ea54b633-29cb-4291-802a-3a3d3631d6e3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-10-20T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-10-20T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on... | Affected: Ubuntu / linux kernel | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-3493", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3493"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-3493"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on...", "vendor": "Ubuntu", "product": "linux kernel", "added_date": "2022-10-20T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3cb5c03f-a2ea-4274-8a16-d1aa1dbfe2c7", "vulnerability": {"vulnId": "CVE-2017-20149", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-10-15T00:00:00+00:00"}, "gcve": {"object_uuid": "3cb5c03f-a2ea-4274-8a16-d1aa1dbfe2c7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-10-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-10-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and... | Affected: Mikrotik / RouterOS | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2017-20149", "url": "https://www.cve.org/CVERecord?id=CVE-2017-20149"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-20149"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and...", "vendor": "Mikrotik", "product": "RouterOS", "added_date": "2022-10-15T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "b032d2e7-a521-4633-8e0b-4980d77fefad", "vulnerability": {"vulnId": "CVE-2022-40684", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-10-11T00:00:00+00:00"}, "gcve": {"object_uuid": "b032d2e7-a521-4633-8e0b-4980d77fefad", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-10-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-10-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6,... | Affected: Fortinet / Fortinet FortiOS, FortiProxy, FortiSwitchManager | CVSS: 9.8 (CRITICAL) | EPSS: 0.99984 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-40684", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40684"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-40684"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6,...", "vendor": "Fortinet", "product": "Fortinet FortiOS, FortiProxy, FortiSwitchManager", "added_date": "2022-10-11T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99984, "cvss_severity": "CRITICAL", "epss_percentile": 0.99982, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4419ce69-b39d-4775-9ce7-20cf36c8bd22", "vulnerability": {"vulnId": "CVE-2022-41033", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-10-11T00:00:00+00:00"}, "gcve": {"object_uuid": "4419ce69-b39d-4775-9ce7-20cf36c8bd22", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-10-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-10-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows COM+ Event System Service Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-41033", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41033"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-41033"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows COM+ Event System Service Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2022-10-11T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "61a3e027-8764-47d1-8cfb-a893e9c2df88", "vulnerability": {"vulnId": "CVE-2022-36804", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-30T00:00:00+00:00"}, "gcve": {"object_uuid": "61a3e027-8764-47d1-8cfb-a893e9c2df88", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-30T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-09-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from... | Affected: Atlassian / Bitbucket Server, Bitbucket Data Center | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-36804", "url": "https://www.cve.org/CVERecord?id=CVE-2022-36804"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-36804"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from...", "vendor": "Atlassian", "product": "Bitbucket Server, Bitbucket Data Center", "added_date": "2022-09-30T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7c9166ab-6a44-479d-b78c-cbe517ec26ae", "vulnerability": {"vulnId": "CVE-2022-41082", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-30T00:00:00+00:00"}, "gcve": {"object_uuid": "7c9166ab-6a44-479d-b78c-cbe517ec26ae", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-30T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-09-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Exchange Server Remote Code Execution Vulnerability | Affected: Microsoft / Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2016 Cumulative Update 22, Microsoft Exchange Server 2019 Cumulative Update 11, Microsoft Exchange Server 2019 Cumulative Update 12, Microsoft Exchange Server 2016 Cumulative Update 23 | CVSS: 8.0 (HIGH) | EPSS: 0.99964 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-41082", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41082"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-41082"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Exchange Server Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2016 Cumulative Update 22, Microsoft Exchange Server 2019 Cumulative Update 11, Microsoft Exchange Server 2019 Cumulative Update 12, Microsoft Exchange Server 2016 Cumulative Update 23", "added_date": "2022-09-30T00:00:00.000Z", "cvss_score": 8.0, "epss_score": 0.99964, "cvss_severity": "HIGH", "epss_percentile": 0.99976, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6ee2bc0c-b675-412a-8174-44dbe23f196c", "vulnerability": {"vulnId": "CVE-2022-41040", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-30T00:00:00+00:00"}, "gcve": {"object_uuid": "6ee2bc0c-b675-412a-8174-44dbe23f196c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-30T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-09-30T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Exchange Server Elevation of Privilege Vulnerability | Affected: Microsoft / Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2016 Cumulative Update 22, Microsoft Exchange Server 2019 Cumulative Update 11, Microsoft Exchange Server 2019 Cumulative Update 12, Microsoft Exchange Server 2016 Cumulative Update 23 | CVSS: 8.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-41040", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41040"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-41040"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Exchange Server Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2016 Cumulative Update 22, Microsoft Exchange Server 2019 Cumulative Update 11, Microsoft Exchange Server 2019 Cumulative Update 12, Microsoft Exchange Server 2016 Cumulative Update 23", "added_date": "2022-09-30T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "24b42453-18df-4ed2-86e1-37287fc7c0f3", "vulnerability": {"vulnId": "CVE-2022-3236", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-23T00:00:00+00:00"}, "gcve": {"object_uuid": "24b42453-18df-4ed2-86e1-37287fc7c0f3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-09-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and... | Affected: Sophos / Sophos Firewall | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-3236", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3236"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-3236"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and...", "vendor": "Sophos", "product": "Sophos Firewall", "added_date": "2022-09-23T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "66a86962-5f7a-4025-87cf-bcf4762534e0", "vulnerability": {"vulnId": "CVE-2022-35405", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-22T00:00:00+00:00"}, "gcve": {"object_uuid": "66a86962-5f7a-4025-87cf-bcf4762534e0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-22T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-09-22T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also... | Affected: Zoho / ManageEngine Password Manager Pro, PAM360, Access Manager Plus | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-35405", "url": "https://www.cve.org/CVERecord?id=CVE-2022-35405"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-35405"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also...", "vendor": "Zoho", "product": "ManageEngine Password Manager Pro, PAM360, Access Manager Plus", "added_date": "2022-09-22T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4a69635d-85f1-4d41-b99e-29c8bb4bb16e", "vulnerability": {"vulnId": "CVE-2022-40139", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-15T00:00:00+00:00"}, "gcve": {"object_uuid": "4a69635d-85f1-4d41-b99e-29c8bb4bb16e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-09-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could... | Affected: Trend Micro / Trend Micro Apex One | CVSS: 7.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-40139", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40139"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-40139"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could...", "vendor": "Trend Micro", "product": "Trend Micro Apex One", "added_date": "2022-09-15T00:00:00.000Z", "cvss_score": 7.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e4e09257-14ea-437c-911c-17cab88f3405", "vulnerability": {"vulnId": "CVE-2010-2568", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-15T00:00:00+00:00"}, "gcve": {"object_uuid": "e4e09257-14ea-437c-911c-17cab88f3405", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-09-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote... | Affected: Microsoft / Windows | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2010-2568", "url": "https://www.cve.org/CVERecord?id=CVE-2010-2568"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2010-2568"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote...", "vendor": "Microsoft", "product": "Windows", "added_date": "2022-09-15T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "bada888c-d4f6-486f-bef0-ce966dd9d3c0", "vulnerability": {"vulnId": "CVE-2013-2094", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-15T00:00:00+00:00"}, "gcve": {"object_uuid": "bada888c-d4f6-486f-bef0-ce966dd9d3c0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-09-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local... | Affected: Linux / Linux Kernel | CVSS: 8.4 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-2094", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2094"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-2094"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local...", "vendor": "Linux", "product": "Linux Kernel", "added_date": "2022-09-15T00:00:00.000Z", "cvss_score": 8.4, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e1faf899-69e7-427c-b494-fa171a9777b4", "vulnerability": {"vulnId": "CVE-2013-2596", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-15T00:00:00+00:00"}, "gcve": {"object_uuid": "e1faf899-69e7-427c-b494-fa171a9777b4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-09-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android... | Affected: Linux / Linux Kernel | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-2596", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2596"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-2596"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android...", "vendor": "Linux", "product": "Linux Kernel", "added_date": "2022-09-15T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ff681035-9133-4e3a-ae77-d62052625667", "vulnerability": {"vulnId": "CVE-2013-2597", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-15T00:00:00+00:00"}, "gcve": {"object_uuid": "ff681035-9133-4e3a-ae77-d62052625667", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-09-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in... | Affected: Qualcomm / Linux Kernel | CVSS: 8.4 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-2597", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2597"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-2597"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in...", "vendor": "Qualcomm", "product": "Linux Kernel", "added_date": "2022-09-15T00:00:00.000Z", "cvss_score": 8.4, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b1648f31-af53-43f4-b4cc-3b6e9dcdf142", "vulnerability": {"vulnId": "CVE-2013-6282", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-15T00:00:00+00:00"}, "gcve": {"object_uuid": "b1648f31-af53-43f4-b4cc-3b6e9dcdf142", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-09-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses,... | Affected: Linux / Linux Kernel | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-6282", "url": "https://www.cve.org/CVERecord?id=CVE-2013-6282"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-6282"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses,...", "vendor": "Linux", "product": "Linux Kernel", "added_date": "2022-09-15T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e2733e5a-a441-405c-9469-3d825d223484", "vulnerability": {"vulnId": "CVE-2022-32917", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-14T00:00:00+00:00"}, "gcve": {"object_uuid": "e2733e5a-a441-405c-9469-3d825d223484", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-14T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-09-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur... | Affected: Apple / iOS, macOS | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-32917", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32917"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-32917"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur...", "vendor": "Apple", "product": "iOS, macOS", "added_date": "2022-09-14T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3f174b52-6b38-49c5-8f81-157bd270016a", "vulnerability": {"vulnId": "CVE-2022-40734", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-14T00:00:00+00:00"}, "gcve": {"object_uuid": "3f174b52-6b38-49c5-8f81-157bd270016a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-14T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-09-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: UniSharp laravel-filemanager (aka Laravel Filemanager) before 2.6.4 allows download?working_dir=%2F.. directory traversal to read arbitrary files,... | Affected: UniSharp / laravel-filemanager | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-40734", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40734"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-40734"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "UniSharp laravel-filemanager (aka Laravel Filemanager) before 2.6.4 allows download?working_dir=%2F.. directory traversal to read arbitrary files,...", "vendor": "UniSharp", "product": "laravel-filemanager", "added_date": "2022-09-14T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "14e5e023-e536-42b5-8384-eb576a0914f7", "vulnerability": {"vulnId": "CVE-2022-37969", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-14T00:00:00+00:00"}, "gcve": {"object_uuid": "14e5e023-e536-42b5-8384-eb576a0914f7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-14T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-09-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Common Log File System Driver Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-37969", "url": "https://www.cve.org/CVERecord?id=CVE-2022-37969"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-37969"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2022-09-14T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0a10aaea-053f-4fb6-98ad-309d73a0567c", "vulnerability": {"vulnId": "CVE-2022-3180", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-13T08:50:53+00:00"}, "gcve": {"object_uuid": "0a10aaea-053f-4fb6-98ad-309d73a0567c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-13T08:50:53+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-09-13T08:50:53+00:00"}, "scope": {"notes": "KEVIntel entry: WPGateway <= 3.5 - Unauthenticated Privilege Escalation | Affected: Jack Hopman / WPGateway | CVSS: 9.8 (CRITICAL) | EPSS: 0.27791 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-3180", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3180"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-3180"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WPGateway <= 3.5 - Unauthenticated Privilege Escalation", "vendor": "Jack Hopman", "product": "WPGateway", "added_date": "2022-09-13T08:50:53.000Z", "cvss_score": 9.8, "epss_score": 0.27791, "cvss_severity": "CRITICAL", "epss_percentile": 0.96148, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "eb3f130a-80f1-42c1-a017-2fc42f04a2c7", "vulnerability": {"vulnId": "CVE-2022-26258", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-08T00:00:00+00:00"}, "gcve": {"object_uuid": "eb3f130a-80f1-42c1-a017-2fc42f04a2c7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-09-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp. | Affected: D-Link / DIR-820L | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-26258", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26258"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-26258"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp.", "vendor": "D-Link", "product": "DIR-820L", "added_date": "2022-09-08T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3f914f72-161f-4239-9a99-0cd9fa8ea102", "vulnerability": {"vulnId": "CVE-2018-2628", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-08T00:00:00+00:00"}, "gcve": {"object_uuid": "3f914f72-161f-4239-9a99-0cd9fa8ea102", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-09-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are... | Affected: Oracle Corporation / WebLogic Server | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-2628", "url": "https://www.cve.org/CVERecord?id=CVE-2018-2628"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-2628"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are...", "vendor": "Oracle Corporation", "product": "WebLogic Server", "added_date": "2022-09-08T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "fbc96c0f-d242-47e8-8830-983bb955773c", "vulnerability": {"vulnId": "CVE-2022-3075", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-08T00:00:00+00:00"}, "gcve": {"object_uuid": "fbc96c0f-d242-47e8-8830-983bb955773c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-09-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to... | Affected: Google / Chrome | CVSS: 9.6 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-3075", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3075"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-3075"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to...", "vendor": "Google", "product": "Chrome", "added_date": "2022-09-08T00:00:00.000Z", "cvss_score": 9.6, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "938a224c-d884-4c0a-90ab-50f1acf9e797", "vulnerability": {"vulnId": "CVE-2011-1823", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-08T00:00:00+00:00"}, "gcve": {"object_uuid": "938a224c-d884-4c0a-90ab-50f1acf9e797", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-09-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local... | Affected: Google / Android | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2011-1823", "url": "https://www.cve.org/CVERecord?id=CVE-2011-1823"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2011-1823"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local...", "vendor": "Google", "product": "Android", "added_date": "2022-09-08T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3654431b-dda1-4571-a788-973925c54a0e", "vulnerability": {"vulnId": "CVE-2020-9934", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-08T00:00:00+00:00"}, "gcve": {"object_uuid": "3654431b-dda1-4571-a788-973925c54a0e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-09-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and... | Affected: Apple / iOS, macOS | CVSS: 5.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-9934", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9934"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-9934"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and...", "vendor": "Apple", "product": "iOS, macOS", "added_date": "2022-09-08T00:00:00.000Z", "cvss_score": 5.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4e709fd2-2a05-4dae-8046-458813c09f9c", "vulnerability": {"vulnId": "CVE-2022-27593", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-08T00:00:00+00:00"}, "gcve": {"object_uuid": "4e709fd2-2a05-4dae-8046-458813c09f9c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-09-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: DeadBolt Ransomware | Affected: QNAP Systems Inc. / Photo Station | CVSS: 10.0 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-27593", "url": "https://www.cve.org/CVERecord?id=CVE-2022-27593"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-27593"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "DeadBolt Ransomware", "vendor": "QNAP Systems Inc.", "product": "Photo Station", "added_date": "2022-09-08T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "1cd8d5f2-ffb8-4c38-b6c4-ea9e1618e9dd", "vulnerability": {"vulnId": "CVE-2018-6530", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-08T00:00:00+00:00"}, "gcve": {"object_uuid": "1cd8d5f2-ffb8-4c38-b6c4-ea9e1618e9dd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-09-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous... | Affected: D-Link / DIR-880L, DIR-868L, DIR-865L, DIR-860L | CVSS: 9.8 (CRITICAL) | EPSS: 0.96626 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-6530", "url": "https://www.cve.org/CVERecord?id=CVE-2018-6530"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-6530"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous...", "vendor": "D-Link", "product": "DIR-880L, DIR-868L, DIR-865L, DIR-860L", "added_date": "2022-09-08T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.96626, "cvss_severity": "CRITICAL", "epss_percentile": 0.99876, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6ca648b8-75d1-472d-8062-728654ff2771", "vulnerability": {"vulnId": "CVE-2018-7445", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-08T00:00:00+00:00"}, "gcve": {"object_uuid": "6ca648b8-75d1-472d-8062-728654ff2771", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-09-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to... | Affected: MikroTik / RouterOS | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-7445", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7445"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-7445"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to...", "vendor": "MikroTik", "product": "RouterOS", "added_date": "2022-09-08T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "806c7166-2e24-4e58-a100-0cc7c9b4fb49", "vulnerability": {"vulnId": "CVE-2018-13374", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-08T00:00:00+00:00"}, "gcve": {"object_uuid": "806c7166-2e24-4e58-a100-0cc7c9b4fb49", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-09-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the... | Affected: Fortinet / Fortinet FortiOS, fortiADC | CVSS: 4.3 (MEDIUM) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-13374", "url": "https://www.cve.org/CVERecord?id=CVE-2018-13374"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-13374"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the...", "vendor": "Fortinet", "product": "Fortinet FortiOS, fortiADC", "added_date": "2022-09-08T00:00:00.000Z", "cvss_score": 4.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "418c2791-4257-4e67-8047-344df712df71", "vulnerability": {"vulnId": "CVE-2011-4723", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-08T00:00:00+00:00"}, "gcve": {"object_uuid": "418c2791-4257-4e67-8047-344df712df71", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-09-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified... | Affected: D-Link / DIR-300 | CVSS: 5.7 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2011-4723", "url": "https://www.cve.org/CVERecord?id=CVE-2011-4723"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2011-4723"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified...", "vendor": "D-Link", "product": "DIR-300", "added_date": "2022-09-08T00:00:00.000Z", "cvss_score": 5.7, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9ab32cf8-2d20-4562-9f2c-0a189a8efdc5", "vulnerability": {"vulnId": "CVE-2017-5521", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-08T00:00:00+00:00"}, "gcve": {"object_uuid": "9ab32cf8-2d20-4562-9f2c-0a189a8efdc5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-09-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000... | Affected: NETGEAR / Routers | CVSS: 8.1 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-5521", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5521"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-5521"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000...", "vendor": "NETGEAR", "product": "Routers", "added_date": "2022-09-08T00:00:00.000Z", "cvss_score": 8.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5aa14b30-9d90-4ab4-b4d9-7c3ee92940df", "vulnerability": {"vulnId": "CVE-2022-31474", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-07T07:56:11+00:00"}, "gcve": {"object_uuid": "5aa14b30-9d90-4ab4-b4d9-7c3ee92940df", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-07T07:56:11+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-09-07T07:56:11+00:00"}, "scope": {"notes": "KEVIntel entry: WordPress BackupBuddy Plugin 8.5.8.0-8.7.4.1 is vulnerable to Directory Traversal | Affected: iThemes / BackupBuddy | CVSS: 7.5 (HIGH) | EPSS: 0.92656 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-31474", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31474"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-31474"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WordPress BackupBuddy Plugin 8.5.8.0-8.7.4.1 is vulnerable to Directory Traversal", "vendor": "iThemes", "product": "BackupBuddy", "added_date": "2022-09-07T07:56:11.000Z", "cvss_score": 7.5, "epss_score": 0.92656, "cvss_severity": "HIGH", "epss_percentile": 0.9973, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "abb747de-b1e4-4c0a-a36f-b3bf761dcfe7", "vulnerability": {"vulnId": "CVE-2020-36193", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-25T00:00:00+00:00"}, "gcve": {"object_uuid": "abb747de-b1e4-4c0a-a36f-b3bf761dcfe7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-08-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related... | Affected: pear / Archive_Tar | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-36193", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36193"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-36193"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related...", "vendor": "pear", "product": "Archive_Tar", "added_date": "2022-08-25T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "67e07e20-99b8-4cec-9da3-72adda520d27", "vulnerability": {"vulnId": "CVE-2021-31010", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-25T00:00:00+00:00"}, "gcve": {"object_uuid": "67e07e20-99b8-4cec-9da3-72adda520d27", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-08-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8... | Affected: Apple / macOS, watchOS | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-31010", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31010"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-31010"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8...", "vendor": "Apple", "product": "macOS, watchOS", "added_date": "2022-08-25T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f7c0a864-98de-4335-9091-98515c4f6554", "vulnerability": {"vulnId": "CVE-2022-24112", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-25T00:00:00+00:00"}, "gcve": {"object_uuid": "f7c0a864-98de-4335-9091-98515c4f6554", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-08-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: apisix/batch-requests plugin allows overwriting the X-REAL-IP header | Affected: Apache Software Foundation / Apache APISIX | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-24112", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24112"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-24112"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "apisix/batch-requests plugin allows overwriting the X-REAL-IP header", "vendor": "Apache Software Foundation", "product": "Apache APISIX", "added_date": "2022-08-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e5622667-4260-49c0-b760-7c030178efae", "vulnerability": {"vulnId": "CVE-2022-2294", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-25T00:00:00+00:00"}, "gcve": {"object_uuid": "e5622667-4260-49c0-b760-7c030178efae", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-08-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-2294", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2294"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-2294"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a...", "vendor": "Google", "product": "Chrome", "added_date": "2022-08-25T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e4eb1124-14bf-4878-bc91-6bbddb5a59a7", "vulnerability": {"vulnId": "CVE-2022-24706", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-25T00:00:00+00:00"}, "gcve": {"object_uuid": "e4eb1124-14bf-4878-bc91-6bbddb5a59a7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-08-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Remote Code Execution Vulnerability in Packaging | Affected: Apache Software Foundation / Apache CouchDB | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-24706", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24706"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-24706"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Remote Code Execution Vulnerability in Packaging", "vendor": "Apache Software Foundation", "product": "Apache CouchDB", "added_date": "2022-08-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8a199667-d424-4478-ae52-b9201113168c", "vulnerability": {"vulnId": "CVE-2021-38406", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-25T00:00:00+00:00"}, "gcve": {"object_uuid": "8a199667-d424-4478-ae52-b9201113168c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-08-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Delta Electronics DOPSoft 2 Out-of-Bounds Write | Affected: Delta Electronics / DOPSoft 2 | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-38406", "url": "https://www.cve.org/CVERecord?id=CVE-2021-38406"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-38406"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Delta Electronics DOPSoft 2 Out-of-Bounds Write", "vendor": "Delta Electronics", "product": "DOPSoft 2", "added_date": "2022-08-25T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b4d4279c-6502-4e16-9dc4-b3d6d9f58c26", "vulnerability": {"vulnId": "CVE-2022-26352", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-25T00:00:00+00:00"}, "gcve": {"object_uuid": "b4d4279c-6502-4e16-9dc4-b3d6d9f58c26", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-08-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose... | Affected: dotCMS / dotCMS | CVSS: 9.8 (CRITICAL) | EPSS: 0.91501 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-26352", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26352"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-26352"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose...", "vendor": "dotCMS", "product": "dotCMS", "added_date": "2022-08-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.91501, "cvss_severity": "CRITICAL", "epss_percentile": 0.99799, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "834f2b95-d1b9-465b-9433-c2be4e12ae45", "vulnerability": {"vulnId": "CVE-2021-39226", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-25T00:00:00+00:00"}, "gcve": {"object_uuid": "834f2b95-d1b9-465b-9433-c2be4e12ae45", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-08-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Snapshot authentication bypass in grafana | Affected: grafana / grafana | CVSS: 9.8 (CRITICAL) | EPSS: 0.99951 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-39226", "url": "https://www.cve.org/CVERecord?id=CVE-2021-39226"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-39226"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Snapshot authentication bypass in grafana", "vendor": "grafana", "product": "grafana", "added_date": "2022-08-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99951, "cvss_severity": "CRITICAL", "epss_percentile": 0.99973, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3cadb84a-1bf6-4fed-8a88-0fd2038e7a76", "vulnerability": {"vulnId": "CVE-2020-28949", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-25T00:00:00+00:00"}, "gcve": {"object_uuid": "3cadb84a-1bf6-4fed-8a88-0fd2038e7a76", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-08-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to... | Affected: pear / Archive_Tar | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-28949", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28949"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-28949"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to...", "vendor": "pear", "product": "Archive_Tar", "added_date": "2022-08-25T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8c254f71-1979-40f2-855e-4804cc051a60", "vulnerability": {"vulnId": "CVE-2022-22963", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-25T00:00:00+00:00"}, "gcve": {"object_uuid": "8c254f71-1979-40f2-855e-4804cc051a60", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-08-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to... | Affected: VMware / Spring Cloud Function | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-22963", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22963"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-22963"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to...", "vendor": "VMware", "product": "Spring Cloud Function", "added_date": "2022-08-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2ac726d6-ab1d-4064-807a-6c64e421744d", "vulnerability": {"vulnId": "CVE-2022-0028", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-22T00:00:00+00:00"}, "gcve": {"object_uuid": "2ac726d6-ab1d-4064-807a-6c64e421744d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-22T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-08-22T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: PAN-OS: Reflected Amplification Denial-of-Service (DoS) Vulnerability in URL Filtering | Affected: Palo Alto Networks / Cloud NGFW, PAN-OS, Prisma Access | CVSS: 8.6 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-0028", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0028"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-0028"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "PAN-OS: Reflected Amplification Denial-of-Service (DoS) Vulnerability in URL Filtering", "vendor": "Palo Alto Networks", "product": "Cloud NGFW, PAN-OS, Prisma Access", "added_date": "2022-08-22T00:00:00.000Z", "cvss_score": 8.6, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "af62192e-5220-4fb4-bc54-9631ec6f2ad5", "vulnerability": {"vulnId": "CVE-2022-21971", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-18T00:00:00+00:00"}, "gcve": {"object_uuid": "af62192e-5220-4fb4-bc54-9631ec6f2ad5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-08-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Runtime Remote Code Execution Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2 | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-21971", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21971"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-21971"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Runtime Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2", "added_date": "2022-08-18T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "95966980-7a53-49f4-b88b-ada14ff1459e", "vulnerability": {"vulnId": "CVE-2022-22536", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-18T00:00:00+00:00"}, "gcve": {"object_uuid": "95966980-7a53-49f4-b88b-ada14ff1459e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-08-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are... | Affected: SAP SE / SAP NetWeaver and ABAP Platform, SAP Web Dispatcher, SAP Content Server | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-22536", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22536"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-22536"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are...", "vendor": "SAP SE", "product": "SAP NetWeaver and ABAP Platform, SAP Web Dispatcher, SAP Content Server", "added_date": "2022-08-18T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c23b7f46-6afd-4e53-899a-c65b6f4c6fdb", "vulnerability": {"vulnId": "CVE-2022-32894", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-18T00:00:00+00:00"}, "gcve": {"object_uuid": "c23b7f46-6afd-4e53-899a-c65b6f4c6fdb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-08-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey... | Affected: Apple / iOS and iPadOS, macOS | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-32894", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32894"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-32894"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey...", "vendor": "Apple", "product": "iOS and iPadOS, macOS", "added_date": "2022-08-18T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0fa86128-b657-4e87-b1b3-1f21fd130060", "vulnerability": {"vulnId": "CVE-2022-2856", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-18T00:00:00+00:00"}, "gcve": {"object_uuid": "0fa86128-b657-4e87-b1b3-1f21fd130060", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-08-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily... | Affected: Google / Chrome | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-2856", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2856"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-2856"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily...", "vendor": "Google", "product": "Chrome", "added_date": "2022-08-18T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7f03a38a-7649-43ed-8666-dba3243a1f30", "vulnerability": {"vulnId": "CVE-2022-26923", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-18T00:00:00+00:00"}, "gcve": {"object_uuid": "7f03a38a-7649-43ed-8666-dba3243a1f30", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-08-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Active Directory Domain Services Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 8.1, Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-26923", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26923"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-26923"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Active Directory Domain Services Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 8.1, Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2022-08-18T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "dec66510-3188-44c4-8d97-fd9c85ff01a7", "vulnerability": {"vulnId": "CVE-2017-15944", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-18T00:00:00+00:00"}, "gcve": {"object_uuid": "dec66510-3188-44c4-8d97-fd9c85ff01a7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-08-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute... | Affected: Palo Alto Networks / PAN-OS | CVSS: 9.8 (CRITICAL) | EPSS: 0.9834 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-15944", "url": "https://www.cve.org/CVERecord?id=CVE-2017-15944"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-15944"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute...", "vendor": "Palo Alto Networks", "product": "PAN-OS", "added_date": "2022-08-18T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.9834, "cvss_severity": "CRITICAL", "epss_percentile": 0.9991, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f4673d81-d3a6-439f-acb2-8094e99bcf9a", "vulnerability": {"vulnId": "CVE-2022-32893", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-18T00:00:00+00:00"}, "gcve": {"object_uuid": "f4673d81-d3a6-439f-acb2-8094e99bcf9a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-08-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey... | Affected: Apple / Safari, iOS and iPadOS, macOS | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-32893", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32893"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-32893"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey...", "vendor": "Apple", "product": "Safari, iOS and iPadOS, macOS", "added_date": "2022-08-18T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9b8c40f1-97dc-4aaa-9027-62fe59b2f4f3", "vulnerability": {"vulnId": "CVE-2022-37042", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-11T00:00:00+00:00"}, "gcve": {"object_uuid": "9b8c40f1-97dc-4aaa-9027-62fe59b2f4f3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-08-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing... | Affected: Zimbra / Collaboration Suite | CVSS: 9.8 (CRITICAL) | EPSS: 0.88256 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-37042", "url": "https://www.cve.org/CVERecord?id=CVE-2022-37042"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-37042"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing...", "vendor": "Zimbra", "product": "Collaboration Suite", "added_date": "2022-08-11T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.88256, "cvss_severity": "CRITICAL", "epss_percentile": 0.99748, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "37008053-2e6b-4e23-a1a5-b66252f00051", "vulnerability": {"vulnId": "CVE-2022-27925", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-11T00:00:00+00:00"}, "gcve": {"object_uuid": "37008053-2e6b-4e23-a1a5-b66252f00051", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-08-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated... | Affected: Zimbra / Collaboration | CVSS: 7.2 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-27925", "url": "https://www.cve.org/CVERecord?id=CVE-2022-27925"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-27925"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated...", "vendor": "Zimbra", "product": "Collaboration", "added_date": "2022-08-11T00:00:00.000Z", "cvss_score": 7.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2c6cb162-fea5-4ba9-a4a3-b5b366204d72", "vulnerability": {"vulnId": "CVE-2022-34713", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-09T00:00:00+00:00"}, "gcve": {"object_uuid": "2c6cb162-fea5-4ba9-a4a3-b5b366204d72", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-09T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-08-09T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-34713", "url": "https://www.cve.org/CVERecord?id=CVE-2022-34713"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-34713"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2022-08-09T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ca0a854b-d1cb-49b2-a5ed-f145128d622c", "vulnerability": {"vulnId": "CVE-2022-30333", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-09T00:00:00+00:00"}, "gcve": {"object_uuid": "ca0a854b-d1cb-49b2-a5ed-f145128d622c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-09T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-08-09T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated... | Affected: RARLAB / UnRAR | CVSS: 7.5 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-30333", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30333"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-30333"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated...", "vendor": "RARLAB", "product": "UnRAR", "added_date": "2022-08-09T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5adaffe0-fd57-4578-8c35-6737ac489195", "vulnerability": {"vulnId": "CVE-2022-27924", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-04T00:00:00+00:00"}, "gcve": {"object_uuid": "5adaffe0-fd57-4578-8c35-6737ac489195", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-04T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-08-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance.... | Affected: Zimbra / Zimbra Collaboration | CVSS: 7.5 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-27924", "url": "https://www.cve.org/CVERecord?id=CVE-2022-27924"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-27924"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance....", "vendor": "Zimbra", "product": "Zimbra Collaboration", "added_date": "2022-08-04T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7991a9ba-0cc2-405b-b5af-28f917cad46d", "vulnerability": {"vulnId": "CVE-2022-26138", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-07-29T00:00:00+00:00"}, "gcve": {"object_uuid": "7991a9ba-0cc2-405b-b5af-28f917cad46d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-07-29T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-07-29T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group... | Affected: Atlassian / Questions For Confluence | CVSS: 9.8 (CRITICAL) | EPSS: 0.9817 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-26138", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26138"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-26138"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group...", "vendor": "Atlassian", "product": "Questions For Confluence", "added_date": "2022-07-29T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.9817, "cvss_severity": "CRITICAL", "epss_percentile": 0.99906, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "23dd7c83-e3bd-40f1-b2f7-17b0ef9bf81d", "vulnerability": {"vulnId": "CVE-2021-24284", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-07-13T10:52:06+00:00"}, "gcve": {"object_uuid": "23dd7c83-e3bd-40f1-b2f7-17b0ef9bf81d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-07-13T10:52:06+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-07-13T10:52:06+00:00"}, "scope": {"notes": "KEVIntel entry: Kaswara Modern VC Addons <= 3.0.1 - Unauthenticated Arbitrary File Upload | Affected: SayenThemes / Kaswara Modern VC Addons | CVSS: 9.8 (CRITICAL) | EPSS: 0.91328 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-24284", "url": "https://www.cve.org/CVERecord?id=CVE-2021-24284"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-24284"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Kaswara Modern VC Addons <= 3.0.1 - Unauthenticated Arbitrary File Upload", "vendor": "SayenThemes", "product": "Kaswara Modern VC Addons", "added_date": "2022-07-13T10:52:06.000Z", "cvss_score": 9.8, "epss_score": 0.91328, "cvss_severity": "CRITICAL", "epss_percentile": 0.99622, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "c2d5e831-8453-451b-9b06-a163ce0c2a37", "vulnerability": {"vulnId": "CVE-2022-22047", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-07-12T00:00:00+00:00"}, "gcve": {"object_uuid": "c2d5e831-8453-451b-9b06-a163ce0c2a37", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-07-12T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-07-12T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-22047", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22047"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-22047"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2022-07-12T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c518a2d3-e68a-4fb3-b3b8-3c329cf1fd61", "vulnerability": {"vulnId": "CVE-2022-26925", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-07-01T00:00:00+00:00"}, "gcve": {"object_uuid": "c518a2d3-e68a-4fb3-b3b8-3c329cf1fd61", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-07-01T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-07-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows LSA Spoofing Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 8.1 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-26925", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26925"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-26925"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows LSA Spoofing Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2022-07-01T00:00:00.000Z", "cvss_score": 8.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "69f38af6-35d1-465e-b88a-f06777cde15e", "vulnerability": {"vulnId": "CVE-2022-29499", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-27T00:00:00+00:00"}, "gcve": {"object_uuid": "69f38af6-35d1-465e-b88a-f06777cde15e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-27T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-27T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The... | Affected: Mitel / MiVoice Connect | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-29499", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29499"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-29499"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The...", "vendor": "Mitel", "product": "MiVoice Connect", "added_date": "2022-06-27T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cb2e3adc-a2f5-4ee6-a32b-efa4038b652f", "vulnerability": {"vulnId": "CVE-2020-9907", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-27T00:00:00+00:00"}, "gcve": {"object_uuid": "cb2e3adc-a2f5-4ee6-a32b-efa4038b652f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-27T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-27T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An... | Affected: Apple / iOS, tvOS | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-9907", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9907"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-9907"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An...", "vendor": "Apple", "product": "iOS, tvOS", "added_date": "2022-06-27T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c7b605ce-d967-4e13-b03c-c359aacadabf", "vulnerability": {"vulnId": "CVE-2021-4034", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-27T00:00:00+00:00"}, "gcve": {"object_uuid": "c7b605ce-d967-4e13-b03c-c359aacadabf", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-27T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-27T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow... | Affected: freedesktop.org / polkit | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-4034", "url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-4034"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow...", "vendor": "freedesktop.org", "product": "polkit", "added_date": "2022-06-27T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9c1ef1bc-1c9d-42ae-8e0e-317fe91bb03e", "vulnerability": {"vulnId": "CVE-2020-3837", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-27T00:00:00+00:00"}, "gcve": {"object_uuid": "9c1ef1bc-1c9d-42ae-8e0e-317fe91bb03e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-27T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-27T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3,... | Affected: Apple / iOS, macOS, tvOS, watchOS | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-3837", "url": "https://www.cve.org/CVERecord?id=CVE-2020-3837"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-3837"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3,...", "vendor": "Apple", "product": "iOS, macOS, tvOS, watchOS", "added_date": "2022-06-27T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "86731f05-5523-427a-b0e8-6e5659d04287", "vulnerability": {"vulnId": "CVE-2021-30533", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-27T00:00:00+00:00"}, "gcve": {"object_uuid": "86731f05-5523-427a-b0e8-6e5659d04287", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-27T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-27T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions... | Affected: Google / Chrome | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-30533", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30533"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-30533"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions...", "vendor": "Google", "product": "Chrome", "added_date": "2022-06-27T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "438bd359-3d2f-4404-b6f0-4c472d0ecda9", "vulnerability": {"vulnId": "CVE-2019-8605", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-27T00:00:00+00:00"}, "gcve": {"object_uuid": "438bd359-3d2f-4404-b6f0-4c472d0ecda9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-27T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-27T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS... | Affected: Apple / iOS, macOS, tvOS, watchOS | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-8605", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8605"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-8605"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS...", "vendor": "Apple", "product": "iOS, macOS, tvOS, watchOS", "added_date": "2022-06-27T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "35229a73-6781-464f-a7ba-cadb27cff47d", "vulnerability": {"vulnId": "CVE-2018-4344", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-27T00:00:00+00:00"}, "gcve": {"object_uuid": "35229a73-6781-464f-a7ba-cadb27cff47d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-27T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-27T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12,... | Affected: Apple / iOS, macOS, tvOS, watchOS | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-4344", "url": "https://www.cve.org/CVERecord?id=CVE-2018-4344"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-4344"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12,...", "vendor": "Apple", "product": "iOS, macOS, tvOS, watchOS", "added_date": "2022-06-27T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "fa91482a-cdef-4d86-b267-6e6dbc1bc0d6", "vulnerability": {"vulnId": "CVE-2021-30983", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-27T00:00:00+00:00"}, "gcve": {"object_uuid": "fa91482a-cdef-4d86-b267-6e6dbc1bc0d6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-27T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-27T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.2 and iPadOS 15.2. An application may be able to... | Affected: Apple / iOS and iPadOS | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-30983", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30983"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-30983"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.2 and iPadOS 15.2. An application may be able to...", "vendor": "Apple", "product": "iOS and iPadOS", "added_date": "2022-06-27T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6b90bcc7-4a1b-426a-a3a2-7dea7f08982b", "vulnerability": {"vulnId": "CVE-2022-30190", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-14T00:00:00+00:00"}, "gcve": {"object_uuid": "6b90bcc7-4a1b-426a-a3a2-7dea7f08982b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-14T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.8 (HIGH) | EPSS: 0.99374 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-30190", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30190"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-30190"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2022-06-14T00:00:00.000Z", "cvss_score": 7.8, "epss_score": 0.99374, "cvss_severity": "HIGH", "epss_percentile": 0.99935, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9be5f60e-d39e-4100-9d56-f605f692e563", "vulnerability": {"vulnId": "CVE-2016-2386", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-09T00:00:00+00:00"}, "gcve": {"object_uuid": "9be5f60e-d39e-4100-9d56-f605f692e563", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-09T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-09T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via... | Affected: SAP / NetWeaver J2EE Engine | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-2386", "url": "https://www.cve.org/CVERecord?id=CVE-2016-2386"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-2386"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via...", "vendor": "SAP", "product": "NetWeaver J2EE Engine", "added_date": "2022-06-09T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "eecf1644-2e29-4983-8012-1d33380d707a", "vulnerability": {"vulnId": "CVE-2021-38163", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-09T00:00:00+00:00"}, "gcve": {"object_uuid": "eecf1644-2e29-4983-8012-1d33380d707a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-09T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-09T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative... | Affected: SAP SE / SAP NetWeaver (Visual Composer 7.0 RT) | CVSS: 9.9 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-38163", "url": "https://www.cve.org/CVERecord?id=CVE-2021-38163"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-38163"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative...", "vendor": "SAP SE", "product": "SAP NetWeaver (Visual Composer 7.0 RT)", "added_date": "2022-06-09T00:00:00.000Z", "cvss_score": 9.9, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b3db9ec9-f3ea-4b2e-acd6-94de65dc57fb", "vulnerability": {"vulnId": "CVE-2016-2388", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-09T00:00:00+00:00"}, "gcve": {"object_uuid": "b3db9ec9-f3ea-4b2e-acd6-94de65dc57fb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-09T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-09T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP... | Affected: SAP / NetWeaver AS JAVA | CVSS: 5.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-2388", "url": "https://www.cve.org/CVERecord?id=CVE-2016-2388"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-2388"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP...", "vendor": "SAP", "product": "NetWeaver AS JAVA", "added_date": "2022-06-09T00:00:00.000Z", "cvss_score": 5.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3c410a73-30fc-44fe-9b59-c7a511503adb", "vulnerability": {"vulnId": "CVE-2018-4990", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "3c410a73-30fc-44fe-9b59-c7a511503adb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Double Free... | Affected: Adobe / Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-4990", "url": "https://www.cve.org/CVERecord?id=CVE-2018-4990"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-4990"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Double Free...", "vendor": "Adobe", "product": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions", "added_date": "2022-06-08T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ed7ac9f4-f69b-4236-90b1-00e612a82d8c", "vulnerability": {"vulnId": "CVE-2017-6862", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "ed7ac9f4-f69b-4236-90b1-00e612a82d8c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and... | Affected: NETGEAR / NETGEAR All versions prior to WNR2000v3 1.1.2.14, WNR2000v4 1.0.0.66, WNR2000v5 1.0.0.42 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-6862", "url": "https://www.cve.org/CVERecord?id=CVE-2017-6862"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-6862"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and...", "vendor": "NETGEAR", "product": "NETGEAR All versions prior to WNR2000v3 1.1.2.14, WNR2000v4 1.0.0.66, WNR2000v5 1.0.0.42", "added_date": "2022-06-08T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f7dd55f6-40bc-4d45-9e75-606a5d1d9642", "vulnerability": {"vulnId": "CVE-2010-1297", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "f7dd55f6-40bc-4d45-9e75-606a5d1d9642", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and... | Affected: Adobe / Flash Player, AIR, Reader, Acrobat | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2010-1297", "url": "https://www.cve.org/CVERecord?id=CVE-2010-1297"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2010-1297"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and...", "vendor": "Adobe", "product": "Flash Player, AIR, Reader, Acrobat", "added_date": "2022-06-08T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7e73854c-91b5-4c3e-83e2-aa1fd7c2c47b", "vulnerability": {"vulnId": "CVE-2016-1646", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "7e73854c-91b5-4c3e-83e2-aa1fd7c2c47b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-1646", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1646"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-1646"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider...", "vendor": "Google", "product": "Chrome", "added_date": "2022-06-08T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "148800f6-31e7-4ac9-a4b0-5a0e511a0a36", "vulnerability": {"vulnId": "CVE-2012-0754", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "148800f6-31e7-4ac9-a4b0-5a0e511a0a36", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and... | Affected: Adobe / Flash Player | CVSS: 8.1 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2012-0754", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0754"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2012-0754"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2022-06-08T00:00:00.000Z", "cvss_score": 8.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a008653a-ceb7-4299-a1e8-aae804a836a2", "vulnerability": {"vulnId": "CVE-2019-7195", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "a008653a-ceb7-4299-a1e8-aae804a836a2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP... | Affected: QNAP / QNAP NAS devices running Photo Station | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-7195", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7195"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-7195"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP...", "vendor": "QNAP", "product": "QNAP NAS devices running Photo Station", "added_date": "2022-06-08T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "1db90db2-c437-4386-a864-8df4d55fc947", "vulnerability": {"vulnId": "CVE-2010-2883", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "1db90db2-c437-4386-a864-8df4d55fc947", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote... | Affected: Adobe / Reader and Acrobat | CVSS: 7.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2010-2883", "url": "https://www.cve.org/CVERecord?id=CVE-2010-2883"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2010-2883"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote...", "vendor": "Adobe", "product": "Reader and Acrobat", "added_date": "2022-06-08T00:00:00.000Z", "cvss_score": 7.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "63063469-6623-44be-996a-10b27b7ea04c", "vulnerability": {"vulnId": "CVE-2009-0557", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "63063469-6623-44be-996a-10b27b7ea04c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and... | Affected: Microsoft / Office | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2009-0557", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0557"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2009-0557"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and...", "vendor": "Microsoft", "product": "Office", "added_date": "2022-06-08T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9461adbd-c261-4356-9dbc-e204573c9ef9", "vulnerability": {"vulnId": "CVE-2007-5659", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "9461adbd-c261-4356-9dbc-e204573c9ef9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long... | Affected: Adobe / Reader and Acrobat | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2007-5659", "url": "https://www.cve.org/CVERecord?id=CVE-2007-5659"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2007-5659"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long...", "vendor": "Adobe", "product": "Reader and Acrobat", "added_date": "2022-06-08T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "bbfe3cba-9c24-4967-a794-b29984388f20", "vulnerability": {"vulnId": "CVE-2006-2492", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "bbfe3cba-9c24-4967-a794-b29984388f20", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows... | Affected: Microsoft / Word | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2006-2492", "url": "https://www.cve.org/CVERecord?id=CVE-2006-2492"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2006-2492"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows...", "vendor": "Microsoft", "product": "Word", "added_date": "2022-06-08T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "36f08c41-496c-49e9-9cb0-999e884aabf0", "vulnerability": {"vulnId": "CVE-2013-1331", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "36f08c41-496c-49e9-9cb0-999e884aabf0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an... | Affected: Microsoft / Office | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-1331", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1331"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-1331"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an...", "vendor": "Microsoft", "product": "Office", "added_date": "2022-06-08T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f0b80944-854e-4856-8b76-dcadebbbafa8", "vulnerability": {"vulnId": "CVE-2012-0151", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "f0b80944-854e-4856-8b76-dcadebbbafa8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server... | Affected: Microsoft / Windows | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2012-0151", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0151"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2012-0151"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server...", "vendor": "Microsoft", "product": "Windows", "added_date": "2022-06-08T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2b650441-ffab-4893-b0e8-21910ad2ea66", "vulnerability": {"vulnId": "CVE-2018-17480", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "2b650441-ffab-4893-b0e8-21910ad2ea66", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-17480", "url": "https://www.cve.org/CVERecord?id=CVE-2018-17480"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-17480"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80...", "vendor": "Google", "product": "Chrome", "added_date": "2022-06-08T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9a6b2929-8a10-43c3-9d33-e529a1ff8443", "vulnerability": {"vulnId": "CVE-2019-5825", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "9a6b2929-8a10-43c3-9d33-e529a1ff8443", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a... | Affected: Google / Chrome | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-5825", "url": "https://www.cve.org/CVERecord?id=CVE-2019-5825"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-5825"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a...", "vendor": "Google", "product": "Chrome", "added_date": "2022-06-08T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c48262df-b3bd-49b4-a618-2394912ab800", "vulnerability": {"vulnId": "CVE-2010-2572", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "c48262df-b3bd-49b4-a618-2394912ab800", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95... | Affected: Microsoft / PowerPoint | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2010-2572", "url": "https://www.cve.org/CVERecord?id=CVE-2010-2572"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2010-2572"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95...", "vendor": "Microsoft", "product": "PowerPoint", "added_date": "2022-06-08T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d2fa11c6-a587-4b54-8265-a1936e7c3327", "vulnerability": {"vulnId": "CVE-2009-1862", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "d2fa11c6-a587-4b54-8265-a1936e7c3327", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87,... | Affected: Adobe / [\"Reader\", \"Acrobat\", \"Flash Player\"] | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2009-1862", "url": "https://www.cve.org/CVERecord?id=CVE-2009-1862"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2009-1862"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87,...", "vendor": "Adobe", "product": "[\"Reader\", \"Acrobat\", \"Flash Player\"]", "added_date": "2022-06-08T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e06912df-3beb-4928-8b22-05cff36fcd5d", "vulnerability": {"vulnId": "CVE-2009-0563", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "e06912df-3beb-4928-8b22-05cff36fcd5d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML... | Affected: Microsoft / Office | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2009-0563", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0563"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2009-0563"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML...", "vendor": "Microsoft", "product": "Office", "added_date": "2022-06-08T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3830f6d8-1d0f-4674-8f33-1c10bfab53fa", "vulnerability": {"vulnId": "CVE-2008-0655", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "3830f6d8-1d0f-4674-8f33-1c10bfab53fa", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors. | Affected: Adobe / Reader and Acrobat | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2008-0655", "url": "https://www.cve.org/CVERecord?id=CVE-2008-0655"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2008-0655"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors.", "vendor": "Adobe", "product": "Reader and Acrobat", "added_date": "2022-06-08T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7f0b4783-bd9d-4c71-ae52-2736974974a7", "vulnerability": {"vulnId": "CVE-2012-5054", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "7f0b4783-bd9d-4c71-ae52-2736974974a7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute... | Affected: Adobe / Flash Player | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2012-5054", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5054"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2012-5054"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2022-06-08T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f965237e-1eda-4ddc-80be-09f698d6cfee", "vulnerability": {"vulnId": "CVE-2019-7194", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "f965237e-1eda-4ddc-80be-09f698d6cfee", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP... | Affected: QNAP / QNAP NAS devices running Photo Station | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-7194", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7194"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-7194"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP...", "vendor": "QNAP", "product": "QNAP NAS devices running Photo Station", "added_date": "2022-06-08T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f1fd1179-3427-47a9-90e9-a9a5536faada", "vulnerability": {"vulnId": "CVE-2017-5070", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "f1fd1179-3427-47a9-90e9-a9a5536faada", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to... | Affected: Google / Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-5070", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5070"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-5070"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to...", "vendor": "Google", "product": "Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android", "added_date": "2022-06-08T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4a1e09a6-ba81-41cb-b589-f22324ba3fa8", "vulnerability": {"vulnId": "CVE-2017-5030", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "4a1e09a6-ba81-41cb-b589-f22324ba3fa8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android... | Affected: Google / Google Chrome prior to 57.0.2987.98 for Linux, Windows and Mac, and 57.0.2987.108 for Android | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-5030", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5030"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-5030"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android...", "vendor": "Google", "product": "Google Chrome prior to 57.0.2987.98 for Linux, Windows and Mac, and 57.0.2987.108 for Android", "added_date": "2022-06-08T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8ce97f89-40fd-43c2-8116-b0cde711ec31", "vulnerability": {"vulnId": "CVE-2011-0609", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "8ce97f89-40fd-43c2-8116-b0cde711ec31", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on... | Affected: Adobe / Flash Player | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2011-0609", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0609"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2011-0609"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2022-06-08T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cb11cbfd-2ba8-4965-bc22-d4c56a2a3e29", "vulnerability": {"vulnId": "CVE-2012-0767", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "cb11cbfd-2ba8-4965-bc22-d4c56a2a3e29", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and... | Affected: Adobe / Flash Player | CVSS: 6.1 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2012-0767", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0767"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2012-0767"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2022-06-08T00:00:00.000Z", "cvss_score": 6.1, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "23c8a686-69a9-4350-99d0-b99ee9065eba", "vulnerability": {"vulnId": "CVE-2009-4324", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "23c8a686-69a9-4350-99d0-b99ee9065eba", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on... | Affected: Adobe / Reader and Acrobat | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2009-4324", "url": "https://www.cve.org/CVERecord?id=CVE-2009-4324"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2009-4324"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on...", "vendor": "Adobe", "product": "Reader and Acrobat", "added_date": "2022-06-08T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "290139d2-0084-40ba-a67a-71163147bb18", "vulnerability": {"vulnId": "CVE-2019-7193", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "290139d2-0084-40ba-a67a-71163147bb18", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP... | Affected: QNAP / QNAP NAS devices | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-7193", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7193"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-7193"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP...", "vendor": "QNAP", "product": "QNAP NAS devices", "added_date": "2022-06-08T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d1fe428a-2407-4d90-bbe2-cf999fac6d5b", "vulnerability": {"vulnId": "CVE-2009-3953", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "d1fe428a-2407-4d90-bbe2-cf999fac6d5b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote... | Affected: Adobe / Reader and Acrobat | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2009-3953", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3953"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2009-3953"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote...", "vendor": "Adobe", "product": "Reader and Acrobat", "added_date": "2022-06-08T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f4c64e1f-691d-48ce-ab00-00ae722d4b10", "vulnerability": {"vulnId": "CVE-2018-17463", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "f4c64e1f-691d-48ce-ab00-00ae722d4b10", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-17463", "url": "https://www.cve.org/CVERecord?id=CVE-2018-17463"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-17463"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox...", "vendor": "Google", "product": "Chrome", "added_date": "2022-06-08T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "52e21cca-e811-484e-bb58-bed0d84f0b88", "vulnerability": {"vulnId": "CVE-2016-5198", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "52e21cca-e811-484e-bb58-bed0d84f0b88", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect... | Affected: Google / Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-5198", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5198"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-5198"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect...", "vendor": "Google", "product": "Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac", "added_date": "2022-06-08T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "1af8d919-2434-4493-a898-f13f9d08e203", "vulnerability": {"vulnId": "CVE-2019-7192", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "1af8d919-2434-4493-a898-f13f9d08e203", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP... | Affected: QNAP / QNAP NAS devices running Photo Station | CVSS: 9.8 (CRITICAL) | EPSS: 0.88213 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-7192", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7192"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-7192"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP...", "vendor": "QNAP", "product": "QNAP NAS devices running Photo Station", "added_date": "2022-06-08T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.88213, "cvss_severity": "CRITICAL", "epss_percentile": 0.99747, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "db90e170-1f4d-443e-896f-308ed16a7303", "vulnerability": {"vulnId": "CVE-2019-15271", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "db90e170-1f4d-443e-896f-308ed16a7303", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Arbitrary Command Execution Vulnerability | Affected: Cisco / Cisco Small Business RV Series Router Firmware | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-15271", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15271"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-15271"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Arbitrary Command Execution Vulnerability", "vendor": "Cisco", "product": "Cisco Small Business RV Series Router Firmware", "added_date": "2022-06-08T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "1138cdc7-f05c-4e6b-81c6-67121ffa2061", "vulnerability": {"vulnId": "CVE-2018-6065", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "1138cdc7-f05c-4e6b-81c6-67121ffa2061", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-6065", "url": "https://www.cve.org/CVERecord?id=CVE-2018-6065"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-6065"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146...", "vendor": "Google", "product": "Chrome", "added_date": "2022-06-08T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "392629e5-9cae-4de5-94b4-789f487850d7", "vulnerability": {"vulnId": "CVE-2011-2462", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "392629e5-9cae-4de5-94b4-789f487850d7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through... | Affected: Adobe / Reader and Acrobat | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2011-2462", "url": "https://www.cve.org/CVERecord?id=CVE-2011-2462"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2011-2462"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through...", "vendor": "Adobe", "product": "Reader and Acrobat", "added_date": "2022-06-08T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "85dd3324-7145-44ef-9f67-9175fce31292", "vulnerability": {"vulnId": "CVE-2012-4969", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "85dd3324-7145-44ef-9f67-9175fce31292", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to... | Affected: Microsoft / Internet Explorer | CVSS: 8.1 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2012-4969", "url": "https://www.cve.org/CVERecord?id=CVE-2012-4969"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2012-4969"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to...", "vendor": "Microsoft", "product": "Internet Explorer", "added_date": "2022-06-08T00:00:00.000Z", "cvss_score": 8.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "82465345-40e7-48bb-90d4-4ae9689941d1", "vulnerability": {"vulnId": "CVE-2012-1889", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "82465345-40e7-48bb-90d4-4ae9689941d1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code... | Affected: Microsoft / XML Core Services | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2012-1889", "url": "https://www.cve.org/CVERecord?id=CVE-2012-1889"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2012-1889"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code...", "vendor": "Microsoft", "product": "XML Core Services", "added_date": "2022-06-08T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "36315fdd-2b4d-469a-af2a-ecba906ee769", "vulnerability": {"vulnId": "CVE-2022-26134", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-02T00:00:00+00:00"}, "gcve": {"object_uuid": "36315fdd-2b4d-469a-af2a-ecba906ee769", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-02T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-06-02T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to... | Affected: Atlassian / Confluence Data Center, Confluence Server | CVSS: 9.8 (CRITICAL) | EPSS: 0.99999 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-26134", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26134"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-26134"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to...", "vendor": "Atlassian", "product": "Confluence Data Center, Confluence Server", "added_date": "2022-06-02T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99999, "cvss_severity": "CRITICAL", "epss_percentile": 0.99993, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f2eb3e52-6756-417c-9f6c-5c948b892072", "vulnerability": {"vulnId": "CVE-2016-7256", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "f2eb3e52-6756-417c-9f6c-5c948b892072", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: atmfd.dll in the Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows... | Affected: Microsoft / Windows | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-7256", "url": "https://www.cve.org/CVERecord?id=CVE-2016-7256"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-7256"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "atmfd.dll in the Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows...", "vendor": "Microsoft", "product": "Windows", "added_date": "2022-05-25T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6c6fcb12-9284-4a77-9c7c-8025b5d8c4f8", "vulnerability": {"vulnId": "CVE-2014-4148", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "6c6fcb12-9284-4a77-9c7c-8025b5d8c4f8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1,... | Affected: Microsoft / Windows | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2014-4148", "url": "https://www.cve.org/CVERecord?id=CVE-2014-4148"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-4148"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1,...", "vendor": "Microsoft", "product": "Windows", "added_date": "2022-05-25T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "87f812c4-0473-43d9-9945-e43db03d151d", "vulnerability": {"vulnId": "CVE-2014-8439", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "87f812c4-0473-43d9-9945-e43db03d151d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before... | Affected: Adobe / Flash Player | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2014-8439", "url": "https://www.cve.org/CVERecord?id=CVE-2014-8439"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-8439"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2022-05-25T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a43456b5-6666-4c32-b057-d7a7b6b9761e", "vulnerability": {"vulnId": "CVE-2013-3896", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "a43456b5-6666-4c32-b057-d7a7b6b9761e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers... | Affected: Microsoft / Silverlight | CVSS: 5.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-3896", "url": "https://www.cve.org/CVERecord?id=CVE-2013-3896"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-3896"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers...", "vendor": "Microsoft", "product": "Silverlight", "added_date": "2022-05-25T00:00:00.000Z", "cvss_score": 5.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4444ddb8-4a09-42a8-af27-04f8091efdbf", "vulnerability": {"vulnId": "CVE-2013-2423", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "4444ddb8-4a09-42a8-af27-04f8091efdbf", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote... | Affected: Oracle / Java SE | CVSS: 3.7 (LOW) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-2423", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2423"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-2423"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote...", "vendor": "Oracle", "product": "Java SE", "added_date": "2022-05-25T00:00:00.000Z", "cvss_score": 3.7, "epss_score": null, "cvss_severity": "LOW", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "84d5feb7-2957-4be0-9be6-c2e8f786b29a", "vulnerability": {"vulnId": "CVE-2013-0431", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "84d5feb7-2957-4be0-9be6-c2e8f786b29a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows... | Affected: Oracle / Java SE | CVSS: 5.3 (MEDIUM) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-0431", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0431"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-0431"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows...", "vendor": "Oracle", "product": "Java SE", "added_date": "2022-05-25T00:00:00.000Z", "cvss_score": 5.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "743c193d-cf3c-4e67-a733-8da41d29a3fd", "vulnerability": {"vulnId": "CVE-2013-0422", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "743c193d-cf3c-4e67-a733-8da41d29a3fd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public... | Affected: Oracle / Java | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-0422", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0422"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-0422"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public...", "vendor": "Oracle", "product": "Java", "added_date": "2022-05-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cc825e07-0066-470f-8f3a-673c68e27278", "vulnerability": {"vulnId": "CVE-2013-0074", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "cc825e07-0066-470f-8f3a-673c68e27278", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows... | Affected: Microsoft / Silverlight | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-0074", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0074"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-0074"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows...", "vendor": "Microsoft", "product": "Silverlight", "added_date": "2022-05-25T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c69b7509-18b2-440c-a5aa-4b20c782cc82", "vulnerability": {"vulnId": "CVE-2012-1710", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "c69b7509-18b2-440c-a5aa-4b20c782cc82", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to... | Affected: Oracle / Fusion Middleware | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2012-1710", "url": "https://www.cve.org/CVERecord?id=CVE-2012-1710"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2012-1710"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to...", "vendor": "Oracle", "product": "Fusion Middleware", "added_date": "2022-05-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "eedda516-408a-4e33-9388-7f5aab251d8f", "vulnerability": {"vulnId": "CVE-2010-1428", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "eedda516-408a-4e33-9388-7f5aab251d8f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and... | Affected: Red Hat / JBoss Enterprise Application Platform | CVSS: 7.5 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2010-1428", "url": "https://www.cve.org/CVERecord?id=CVE-2010-1428"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2010-1428"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and...", "vendor": "Red Hat", "product": "JBoss Enterprise Application Platform", "added_date": "2022-05-25T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0d05c1bd-1728-4e8d-afac-03c7fad2fdca", "vulnerability": {"vulnId": "CVE-2014-4123", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "0d05c1bd-1728-4e8d-afac-03c7fad2fdca", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka \"Internet Explorer Elevation of... | Affected: Microsoft / Internet Explorer | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2014-4123", "url": "https://www.cve.org/CVERecord?id=CVE-2014-4123"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-4123"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka \"Internet Explorer Elevation of...", "vendor": "Microsoft", "product": "Internet Explorer", "added_date": "2022-05-25T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d962b066-5f2c-4340-b31b-61ce2db1908a", "vulnerability": {"vulnId": "CVE-2010-0840", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "d962b066-5f2c-4340-b31b-61ce2db1908a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and... | Affected: Oracle / Java SE | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2010-0840", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0840"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2010-0840"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and...", "vendor": "Oracle", "product": "Java SE", "added_date": "2022-05-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "11a055a2-9eba-431c-8625-c75d3c5fbed8", "vulnerability": {"vulnId": "CVE-2010-0738", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "11a055a2-9eba-431c-8625-c75d3c5fbed8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3... | Affected: Red Hat / JBoss Enterprise Application Platform | CVSS: 5.3 (MEDIUM) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2010-0738", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0738"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2010-0738"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3...", "vendor": "Red Hat", "product": "JBoss Enterprise Application Platform", "added_date": "2022-05-25T00:00:00.000Z", "cvss_score": 5.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a301607a-a48e-4977-8336-ccd8c387b253", "vulnerability": {"vulnId": "CVE-2019-3010", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "a301607a-a48e-4977-8336-ccd8c387b253", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily... | Affected: Oracle Corporation / Solaris Operating System | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-3010", "url": "https://www.cve.org/CVERecord?id=CVE-2019-3010"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-3010"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily...", "vendor": "Oracle Corporation", "product": "Solaris Operating System", "added_date": "2022-05-25T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e339d342-4f85-4d50-9c79-7cc9b0cd59dd", "vulnerability": {"vulnId": "CVE-2016-3393", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "e339d342-4f85-4d50-9c79-7cc9b0cd59dd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows... | Affected: Microsoft / Windows | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-3393", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3393"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-3393"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows...", "vendor": "Microsoft", "product": "Windows", "added_date": "2022-05-25T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d21b0757-7c38-45fe-9ecb-91ad3213e9f2", "vulnerability": {"vulnId": "CVE-2015-4495", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "d21b0757-7c38-45fe-9ecb-91ad3213e9f2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the... | Affected: Mozilla / Firefox | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-4495", "url": "https://www.cve.org/CVERecord?id=CVE-2015-4495"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-4495"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the...", "vendor": "Mozilla", "product": "Firefox", "added_date": "2022-05-25T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2510d231-a2b3-4167-9281-25d8261ff1d8", "vulnerability": {"vulnId": "CVE-2015-0071", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "2510d231-a2b3-4167-9281-25d8261ff1d8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka \"Internet... | Affected: Microsoft / Internet Explorer | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-0071", "url": "https://www.cve.org/CVERecord?id=CVE-2015-0071"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-0071"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka \"Internet...", "vendor": "Microsoft", "product": "Internet Explorer", "added_date": "2022-05-25T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a32bc6b9-ff5b-4dfa-8020-3f211bf518a0", "vulnerability": {"vulnId": "CVE-2015-0310", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "a32bc6b9-ff5b-4dfa-8020-3f211bf518a0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly... | Affected: Adobe / Flash Player | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-0310", "url": "https://www.cve.org/CVERecord?id=CVE-2015-0310"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-0310"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2022-05-25T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "59e2ca33-9489-4f8d-a3b8-af0ae8b2c58e", "vulnerability": {"vulnId": "CVE-2016-0034", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "59e2ca33-9489-4f8d-a3b8-af0ae8b2c58e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets during decoding, which allows remote attackers to execute arbitrary code or... | Affected: Microsoft / Silverlight | CVSS: 8.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-0034", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0034"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-0034"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets during decoding, which allows remote attackers to execute arbitrary code or...", "vendor": "Microsoft", "product": "Silverlight", "added_date": "2022-05-25T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "1097c2f8-3c7c-42a7-972c-7ac6c7e1fe93", "vulnerability": {"vulnId": "CVE-2015-6175", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "1097c2f8-3c7c-42a7-972c-7ac6c7e1fe93", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The kernel in Microsoft Windows 10 Gold allows local users to gain privileges via a crafted application, aka \"Windows Kernel Memory Elevation of... | Affected: Microsoft / Windows 10 | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-6175", "url": "https://www.cve.org/CVERecord?id=CVE-2015-6175"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-6175"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The kernel in Microsoft Windows 10 Gold allows local users to gain privileges via a crafted application, aka \"Windows Kernel Memory Elevation of...", "vendor": "Microsoft", "product": "Windows 10", "added_date": "2022-05-25T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "defb7b35-fe5e-4035-b7d7-4b09d0267682", "vulnerability": {"vulnId": "CVE-2015-2360", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "defb7b35-fe5e-4035-b7d7-4b09d0267682", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1,... | Affected: Microsoft / Windows | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-2360", "url": "https://www.cve.org/CVERecord?id=CVE-2015-2360"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-2360"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1,...", "vendor": "Microsoft", "product": "Windows", "added_date": "2022-05-25T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9d0da2df-2790-4555-b5df-49a8332a8ac1", "vulnerability": {"vulnId": "CVE-2015-8651", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "9d0da2df-2790-4555-b5df-49a8332a8ac1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux,... | Affected: Adobe / Flash Player | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-8651", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8651"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-8651"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux,...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2022-05-25T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "1ea9990f-e1e2-451f-8b8c-43dbc7bb0065", "vulnerability": {"vulnId": "CVE-2014-0546", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "1ea9990f-e1e2-451f-8b8c-43dbc7bb0065", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 on Windows allow attackers to bypass a sandbox protection mechanism, and... | Affected: Adobe / Reader and Acrobat | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2014-0546", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0546"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-0546"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 on Windows allow attackers to bypass a sandbox protection mechanism, and...", "vendor": "Adobe", "product": "Reader and Acrobat", "added_date": "2022-05-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3d460afd-ab3f-4801-be64-1a99735cc1b7", "vulnerability": {"vulnId": "CVE-2013-7331", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "3d460afd-ab3f-4801-be64-1a99735cc1b7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames,... | Affected: Microsoft / Windows | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-7331", "url": "https://www.cve.org/CVERecord?id=CVE-2013-7331"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-7331"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames,...", "vendor": "Microsoft", "product": "Windows", "added_date": "2022-05-25T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4deea3b2-5ecc-4a98-922c-5cc5485dda6f", "vulnerability": {"vulnId": "CVE-2015-0016", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "4deea3b2-5ecc-4a98-922c-5cc5485dda6f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2... | Affected: Microsoft / Windows | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-0016", "url": "https://www.cve.org/CVERecord?id=CVE-2015-0016"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-0016"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2...", "vendor": "Microsoft", "product": "Windows", "added_date": "2022-05-25T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7b2a1cb6-f1dd-4644-8cbe-52247cbe59e0", "vulnerability": {"vulnId": "CVE-2015-2425", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "7b2a1cb6-f1dd-4644-8cbe-52247cbe59e0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web... | Affected: Microsoft / Internet Explorer | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-2425", "url": "https://www.cve.org/CVERecord?id=CVE-2015-2425"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-2425"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web...", "vendor": "Microsoft", "product": "Internet Explorer", "added_date": "2022-05-25T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "be7ac6ff-4032-495e-a93e-2f11b1d7187d", "vulnerability": {"vulnId": "CVE-2015-1769", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "be7ac6ff-4032-495e-a93e-2f11b1d7187d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold... | Affected: Microsoft / Windows | CVSS: 6.6 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-1769", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1769"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-1769"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold...", "vendor": "Microsoft", "product": "Windows", "added_date": "2022-05-25T00:00:00.000Z", "cvss_score": 6.6, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "dbbaf723-3c53-4a4d-9f91-fcdd794db55e", "vulnerability": {"vulnId": "CVE-2015-1671", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "dbbaf723-3c53-4a4d-9f91-fcdd794db55e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2;... | Affected: Microsoft / Windows DirectWrite | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-1671", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1671"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-1671"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2;...", "vendor": "Microsoft", "product": "Windows DirectWrite", "added_date": "2022-05-25T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f18c5192-71de-44ab-8e52-ea30e85b746b", "vulnerability": {"vulnId": "CVE-2014-2817", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "f18c5192-71de-44ab-8e52-ea30e85b746b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka \"Internet Explorer Elevation of... | Affected: Microsoft / Internet Explorer | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2014-2817", "url": "https://www.cve.org/CVERecord?id=CVE-2014-2817"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-2817"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka \"Internet Explorer Elevation of...", "vendor": "Microsoft", "product": "Internet Explorer", "added_date": "2022-05-25T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5db2a514-2bf9-48e4-ba3f-19ec95d74a5d", "vulnerability": {"vulnId": "CVE-2014-4077", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "5db2a514-2bf9-48e4-ba3f-19ec95d74a5d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka... | Affected: Microsoft / Windows | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2014-4077", "url": "https://www.cve.org/CVERecord?id=CVE-2014-4077"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-4077"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka...", "vendor": "Microsoft", "product": "Windows", "added_date": "2022-05-25T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cd68dab6-f7e1-4bea-b1e4-7a1b80700e5d", "vulnerability": {"vulnId": "CVE-2014-3153", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "cd68dab6-f7e1-4bea-b1e4-7a1b80700e5d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses,... | Affected: Linux / Linux Kernel | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2014-3153", "url": "https://www.cve.org/CVERecord?id=CVE-2014-3153"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-3153"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses,...", "vendor": "Linux", "product": "Linux Kernel", "added_date": "2022-05-25T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8106d9b9-b621-41e3-9581-8d540a339744", "vulnerability": {"vulnId": "CVE-2013-3993", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "8106d9b9-b621-41e3-9581-8d540a339744", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted... | Affected: IBM / InfoSphere BigInsights | CVSS: 6.5 (MEDIUM) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-3993", "url": "https://www.cve.org/CVERecord?id=CVE-2013-3993"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-3993"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted...", "vendor": "IBM", "product": "InfoSphere BigInsights", "added_date": "2022-05-25T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e9b7c88e-bb24-444c-9e29-e4bb92177628", "vulnerability": {"vulnId": "CVE-2016-0984", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "e9b7c88e-bb24-444c-9e29-e4bb92177628", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before... | Affected: Adobe / Flash Player | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-0984", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0984"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-0984"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2022-05-25T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "392861eb-a337-4dd4-b8fb-534fb225ba04", "vulnerability": {"vulnId": "CVE-2016-1010", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "392861eb-a337-4dd4-b8fb-534fb225ba04", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on... | Affected: Adobe / Flash Player | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-1010", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1010"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-1010"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2022-05-25T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2d200641-26fd-4233-b860-72f118022f23", "vulnerability": {"vulnId": "CVE-2018-19953", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "2d200641-26fd-4233-b860-72f118022f23", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed the issue in... | Affected: QNAP Systems Inc. / QTS | CVSS: 6.1 (MEDIUM) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-19953", "url": "https://www.cve.org/CVERecord?id=CVE-2018-19953"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-19953"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed the issue in...", "vendor": "QNAP Systems Inc.", "product": "QTS", "added_date": "2022-05-24T00:00:00.000Z", "cvss_score": 6.1, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b64c595b-3811-463c-97ac-9df80e744cb7", "vulnerability": {"vulnId": "CVE-2018-19949", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "b64c595b-3811-463c-97ac-9df80e744cb7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the... | Affected: QNAP Systems Inc. / QTS | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-19949", "url": "https://www.cve.org/CVERecord?id=CVE-2018-19949"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-19949"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the...", "vendor": "QNAP Systems Inc.", "product": "QTS", "added_date": "2022-05-24T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "66396aee-2d3f-483f-97ac-28b7205804b6", "vulnerability": {"vulnId": "CVE-2016-4657", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "66396aee-2d3f-483f-97ac-28b7205804b6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted... | Affected: Apple / iOS | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-4657", "url": "https://www.cve.org/CVERecord?id=CVE-2016-4657"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-4657"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted...", "vendor": "Apple", "product": "iOS", "added_date": "2022-05-24T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0e3fbf88-cdf5-4648-911b-e890a863f2bb", "vulnerability": {"vulnId": "CVE-2016-4656", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "0e3fbf88-cdf5-4648-911b-e890a863f2bb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory... | Affected: Apple / iOS | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-4656", "url": "https://www.cve.org/CVERecord?id=CVE-2016-4656"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-4656"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory...", "vendor": "Apple", "product": "iOS", "added_date": "2022-05-24T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0462dc21-c5ac-4756-94e4-2f30f989de89", "vulnerability": {"vulnId": "CVE-2016-4655", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "0462dc21-c5ac-4756-94e4-2f30f989de89", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app. | Affected: Apple / iOS | CVSS: 5.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-4655", "url": "https://www.cve.org/CVERecord?id=CVE-2016-4655"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-4655"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.", "vendor": "Apple", "product": "iOS", "added_date": "2022-05-24T00:00:00.000Z", "cvss_score": 5.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5030b311-bfeb-4ad2-b155-e08ccf179bba", "vulnerability": {"vulnId": "CVE-2016-3351", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "5030b311-bfeb-4ad2-b155-e08ccf179bba", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka... | Affected: Microsoft / Internet Explorer, Edge | CVSS: 6.5 (MEDIUM) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-3351", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3351"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-3351"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka...", "vendor": "Microsoft", "product": "Internet Explorer, Edge", "added_date": "2022-05-24T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8d48ea7e-8a18-4cd3-aa84-24744b210f66", "vulnerability": {"vulnId": "CVE-2016-0162", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "8d48ea7e-8a18-4cd3-aa84-24744b210f66", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files via crafted JavaScript code, aka \"Internet... | Affected: Microsoft / Internet Explorer | CVSS: 4.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-0162", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0162"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-0162"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files via crafted JavaScript code, aka \"Internet...", "vendor": "Microsoft", "product": "Internet Explorer", "added_date": "2022-05-24T00:00:00.000Z", "cvss_score": 4.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3d844cbb-d187-4d50-b4e6-2b468b4cbf2a", "vulnerability": {"vulnId": "CVE-2018-19943", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "3d844cbb-d187-4d50-b4e6-2b468b4cbf2a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in... | Affected: QNAP Systems Inc. / QTS | CVSS: 8.0 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-19943", "url": "https://www.cve.org/CVERecord?id=CVE-2018-19943"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-19943"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in...", "vendor": "QNAP Systems Inc.", "product": "QTS", "added_date": "2022-05-24T00:00:00.000Z", "cvss_score": 8.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0ad07e2d-55f3-45e1-928d-207e88cf7a4b", "vulnerability": {"vulnId": "CVE-2017-18362", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "0ad07e2d-55f3-45e1-928d-207e88cf7a4b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to... | Affected: ConnectWise / ManagedITSync integration for Kaseya VSA | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-18362", "url": "https://www.cve.org/CVERecord?id=CVE-2017-18362"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-18362"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to...", "vendor": "ConnectWise", "product": "ManagedITSync integration for Kaseya VSA", "added_date": "2022-05-24T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9304caba-0a40-427b-a375-b5967c332a98", "vulnerability": {"vulnId": "CVE-2017-0210", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "9304caba-0a40-427b-a375-b5967c332a98", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an... | Affected: Microsoft Corporation / Internet Explorer | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-0210", "url": "https://www.cve.org/CVERecord?id=CVE-2017-0210"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-0210"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an...", "vendor": "Microsoft Corporation", "product": "Internet Explorer", "added_date": "2022-05-24T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9e4aa6e8-64f8-4956-8b9d-fa381169b4c4", "vulnerability": {"vulnId": "CVE-2017-8291", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "9e4aa6e8-64f8-4956-8b9d-fa381169b4c4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a \"/OutputFile... | Affected: Artifex / Ghostscript | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-8291", "url": "https://www.cve.org/CVERecord?id=CVE-2017-8291"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-8291"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a \"/OutputFile...", "vendor": "Artifex", "product": "Ghostscript", "added_date": "2022-05-24T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "19d460ee-3899-497b-99da-6c4c362fa9f4", "vulnerability": {"vulnId": "CVE-2016-3298", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "19d460ee-3899-497b-99da-6c4c362fa9f4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1... | Affected: Microsoft / Internet Explorer | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-3298", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3298"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-3298"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1...", "vendor": "Microsoft", "product": "Internet Explorer", "added_date": "2022-05-24T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "90d5f6bb-8c39-438b-ac5a-a8c381918eec", "vulnerability": {"vulnId": "CVE-2017-0149", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "90d5f6bb-8c39-438b-ac5a-a8c381918eec", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a... | Affected: Microsoft Corporation / Internet Explorer | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-0149", "url": "https://www.cve.org/CVERecord?id=CVE-2017-0149"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-0149"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a...", "vendor": "Microsoft Corporation", "product": "Internet Explorer", "added_date": "2022-05-24T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2922500c-9137-4c6e-a36b-529211fa1b85", "vulnerability": {"vulnId": "CVE-2017-0147", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "2922500c-9137-4c6e-a36b-529211fa1b85", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2;... | Affected: Microsoft Corporation / Windows SMB | CVSS: 7.5 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-0147", "url": "https://www.cve.org/CVERecord?id=CVE-2017-0147"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-0147"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2;...", "vendor": "Microsoft Corporation", "product": "Windows SMB", "added_date": "2022-05-24T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "be17952c-a3ef-4edf-862b-b3e0e47d0cb2", "vulnerability": {"vulnId": "CVE-2016-6367", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "be17952c-a3ef-4edf-862b-b3e0e47d0cb2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges... | Affected: Cisco / Adaptive Security Appliance (ASA) Software | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-6367", "url": "https://www.cve.org/CVERecord?id=CVE-2016-6367"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-6367"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges...", "vendor": "Cisco", "product": "Adaptive Security Appliance (ASA) Software", "added_date": "2022-05-24T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e5b21196-c02a-4155-b300-f9a2a83adced", "vulnerability": {"vulnId": "CVE-2018-8611", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "e5b21196-c02a-4155-b300-f9a2a83adced", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka \"Windows Kernel Elevation of... | Affected: Microsoft / Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-8611", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8611"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-8611"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka \"Windows Kernel Elevation of...", "vendor": "Microsoft", "product": "Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers", "added_date": "2022-05-24T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8bd100de-abe8-498d-9630-f6bff4355f28", "vulnerability": {"vulnId": "CVE-2017-8543", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "8bd100de-abe8-498d-9630-f6bff4355f28", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8,... | Affected: Microsoft Corporation / Microsoft Windows | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-8543", "url": "https://www.cve.org/CVERecord?id=CVE-2017-8543"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-8543"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8,...", "vendor": "Microsoft Corporation", "product": "Microsoft Windows", "added_date": "2022-05-24T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f65c9692-cc04-4648-9585-8b39fa32cd47", "vulnerability": {"vulnId": "CVE-2017-0022", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "f65c9692-cc04-4648-9585-8b39fa32cd47", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2... | Affected: Microsoft Corporation / XML Core Services | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-0022", "url": "https://www.cve.org/CVERecord?id=CVE-2017-0022"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-0022"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2...", "vendor": "Microsoft Corporation", "product": "XML Core Services", "added_date": "2022-05-24T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "35d11ea4-0bc3-4945-a9bb-63e9f52f83e2", "vulnerability": {"vulnId": "CVE-2017-0005", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "35d11ea4-0bc3-4945-a9bb-63e9f52f83e2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server... | Affected: Microsoft Corporation / Windows GDI | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-0005", "url": "https://www.cve.org/CVERecord?id=CVE-2017-0005"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-0005"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server...", "vendor": "Microsoft Corporation", "product": "Windows GDI", "added_date": "2022-05-24T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "57b2bf99-cec7-47f9-b1e9-38de009a7f47", "vulnerability": {"vulnId": "CVE-2016-6366", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "57b2bf99-cec7-47f9-b1e9-38de009a7f47", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-24T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv,... | Affected: Cisco / Adaptive Security Appliance (ASA) Software | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-6366", "url": "https://www.cve.org/CVERecord?id=CVE-2016-6366"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-6366"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv,...", "vendor": "Cisco", "product": "Adaptive Security Appliance (ASA) Software", "added_date": "2022-05-24T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "44f83593-54ed-4dad-aba4-0d0cf7e28a38", "vulnerability": {"vulnId": "CVE-2019-7287", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "44f83593-54ed-4dad-aba4-0d0cf7e28a38", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4. An application may be able to execute... | Affected: Apple / iOS | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-7287", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7287"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-7287"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4. An application may be able to execute...", "vendor": "Apple", "product": "iOS", "added_date": "2022-05-23T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3b1e1da7-6fcd-48ba-94b1-4c6ee05f50dc", "vulnerability": {"vulnId": "CVE-2019-1385", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "3b1e1da7-6fcd-48ba-94b1-4c6ee05f50dc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in... | Affected: Microsoft / Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-1385", "url": "https://www.cve.org/CVERecord?id=CVE-2019-1385"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-1385"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in...", "vendor": "Microsoft", "product": "Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)", "added_date": "2022-05-23T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b8e7333f-b6e4-4421-9c90-88bee5a87bd4", "vulnerability": {"vulnId": "CVE-2019-1130", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "b8e7333f-b6e4-4421-9c90-88bee5a87bd4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation... | Affected: Microsoft / Windows Server, Windows, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-1130", "url": "https://www.cve.org/CVERecord?id=CVE-2019-1130"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-1130"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation...", "vendor": "Microsoft", "product": "Windows Server, Windows, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)", "added_date": "2022-05-23T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "44f01b36-11c3-49af-912c-57afed355729", "vulnerability": {"vulnId": "CVE-2018-8589", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "44f01b36-11c3-49af-912c-57afed355729", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka \"Windows Win32k Elevation of Privilege... | Affected: Microsoft / Windows Server 2008, Windows 7, Windows Server 2008 R2 | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-8589", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8589"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-8589"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka \"Windows Win32k Elevation of Privilege...", "vendor": "Microsoft", "product": "Windows Server 2008, Windows 7, Windows Server 2008 R2", "added_date": "2022-05-23T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f9c3ff4b-937a-459c-bcb6-c3d42fbd2b6d", "vulnerability": {"vulnId": "CVE-2022-20821", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "f9c3ff4b-937a-459c-bcb6-c3d42fbd2b6d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco IOS XR Software Health Check Open Port Vulnerability | Affected: Cisco / Cisco IOS XR Software | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-20821", "url": "https://www.cve.org/CVERecord?id=CVE-2022-20821"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-20821"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco IOS XR Software Health Check Open Port Vulnerability", "vendor": "Cisco", "product": "Cisco IOS XR Software", "added_date": "2022-05-23T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d6321c50-f942-492f-8d86-925e2ea9b478", "vulnerability": {"vulnId": "CVE-2021-0920", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "d6321c50-f942-492f-8d86-925e2ea9b478", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege... | Affected: Google / Android | CVSS: 6.4 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-0920", "url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-0920"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege...", "vendor": "Google", "product": "Android", "added_date": "2022-05-23T00:00:00.000Z", "cvss_score": 6.4, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4f5b3bda-08d1-42a2-ba75-6aed6091b0bc", "vulnerability": {"vulnId": "CVE-2020-1027", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "4f5b3bda-08d1-42a2-ba75-6aed6091b0bc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of... | Affected: Microsoft / Windows, Windows Server, Windows 10 Version 1909 for 32-bit Systems, Windows 10 Version 1909 for x64-based Systems, Windows 10 Version 1909 for ARM64-based Systems, Windows Server, version 1909 (Server Core installation), Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-1027", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1027"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-1027"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of...", "vendor": "Microsoft", "product": "Windows, Windows Server, Windows 10 Version 1909 for 32-bit Systems, Windows 10 Version 1909 for x64-based Systems, Windows 10 Version 1909 for ARM64-based Systems, Windows Server, version 1909 (Server Core installation), Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)", "added_date": "2022-05-23T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7ed03a29-a0fe-4078-910f-df90c9ff3726", "vulnerability": {"vulnId": "CVE-2019-0676", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "7ed03a29-a0fe-4078-910f-df90c9ff3726", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited... | Affected: Microsoft / Internet Explorer 11, Internet Explorer 10 | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-0676", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0676"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-0676"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited...", "vendor": "Microsoft", "product": "Internet Explorer 11, Internet Explorer 10", "added_date": "2022-05-23T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d34f093c-dd3c-4316-a40c-68ba41e767e8", "vulnerability": {"vulnId": "CVE-2019-0703", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "d34f093c-dd3c-4316-a40c-68ba41e767e8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information... | Affected: Microsoft / Windows, Windows Server | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-0703", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0703"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-0703"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information...", "vendor": "Microsoft", "product": "Windows, Windows Server", "added_date": "2022-05-23T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "062cca69-6238-4459-93c4-bfcc346f7384", "vulnerability": {"vulnId": "CVE-2019-13720", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "062cca69-6238-4459-93c4-bfcc346f7384", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-13720", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13720"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-13720"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted...", "vendor": "Google", "product": "Chrome", "added_date": "2022-05-23T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "05fdf535-95f1-4575-8b24-e061595647e4", "vulnerability": {"vulnId": "CVE-2019-18426", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "05fdf535-95f1-4575-8b24-e061595647e4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site... | Affected: Facebook / WhatsApp Desktop | CVSS: 8.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-18426", "url": "https://www.cve.org/CVERecord?id=CVE-2019-18426"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-18426"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site...", "vendor": "Facebook", "product": "WhatsApp Desktop", "added_date": "2022-05-23T00:00:00.000Z", "cvss_score": 8.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d1b0373c-b6a7-4a98-b805-784184714389", "vulnerability": {"vulnId": "CVE-2019-5786", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "d1b0373c-b6a7-4a98-b805-784184714389", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access... | Affected: Google / Chrome | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-5786", "url": "https://www.cve.org/CVERecord?id=CVE-2019-5786"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-5786"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access...", "vendor": "Google", "product": "Chrome", "added_date": "2022-05-23T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9b7c0167-bc20-43ba-9f6f-5a6ac767d8c7", "vulnerability": {"vulnId": "CVE-2019-0880", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "9b7c0167-bc20-43ba-9f6f-5a6ac767d8c7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege... | Affected: Microsoft / Windows Server, Windows, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-0880", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0880"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-0880"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege...", "vendor": "Microsoft", "product": "Windows Server, Windows, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)", "added_date": "2022-05-23T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f3cdc180-43d8-482e-a7bd-1946faa85cda", "vulnerability": {"vulnId": "CVE-2019-11708", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "f3cdc180-43d8-482e-a7bd-1946faa85cda", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed... | Affected: Mozilla / Firefox ESR, Firefox, Thunderbird | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-11708", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11708"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-11708"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed...", "vendor": "Mozilla", "product": "Firefox ESR, Firefox, Thunderbird", "added_date": "2022-05-23T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "475ba36f-e49e-4748-ab3e-abf1bbaf2bf5", "vulnerability": {"vulnId": "CVE-2020-0638", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "475ba36f-e49e-4748-ab3e-abf1bbaf2bf5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker... | Affected: Microsoft / Windows, Windows 10 Version 1903 for ARM64-based Systems, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows Server, Windows Server, version 1903 (Server Core installation), Windows 10 Version 1909 for 32-bit Systems, Windows 10 Version 1909 for x64-based Systems, Windows Server, version 1909 (Server Core installation), Windows 10 Version 1909 for ARM64-based Systems | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-0638", "url": "https://www.cve.org/CVERecord?id=CVE-2020-0638"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-0638"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker...", "vendor": "Microsoft", "product": "Windows, Windows 10 Version 1903 for ARM64-based Systems, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows Server, Windows Server, version 1903 (Server Core installation), Windows 10 Version 1909 for 32-bit Systems, Windows 10 Version 1909 for x64-based Systems, Windows Server, version 1909 (Server Core installation), Windows 10 Version 1909 for ARM64-based Systems", "added_date": "2022-05-23T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0c16cd99-5d6b-41ce-bb22-2092b96555ca", "vulnerability": {"vulnId": "CVE-2021-1048", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "0c16cd99-5d6b-41ce-bb22-2092b96555ca", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of... | Affected: Google / Android | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-1048", "url": "https://www.cve.org/CVERecord?id=CVE-2021-1048"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-1048"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of...", "vendor": "Google", "product": "Android", "added_date": "2022-05-23T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7eea99f5-d59b-426c-99df-9e7d49e09303", "vulnerability": {"vulnId": "CVE-2019-7286", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "7eea99f5-d59b-426c-99df-9e7d49e09303", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental... | Affected: Apple / iOS, macOS | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-7286", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7286"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-7286"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental...", "vendor": "Apple", "product": "iOS, macOS", "added_date": "2022-05-23T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d3461af1-f65b-4705-97f2-4c88092c1fd8", "vulnerability": {"vulnId": "CVE-2019-11707", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "d3461af1-f65b-4705-97f2-4c88092c1fd8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash.... | Affected: Mozilla / Firefox ESR, Firefox, Thunderbird | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-11707", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11707"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-11707"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash....", "vendor": "Mozilla", "product": "Firefox ESR, Firefox, Thunderbird", "added_date": "2022-05-23T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ad6e2afd-059e-4978-8ef4-1ce1537d1e79", "vulnerability": {"vulnId": "CVE-2019-8720", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "ad6e2afd-059e-4978-8ef4-1ce1537d1e79", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code... | Affected: Apple / webkitgtk | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-8720", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8720"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-8720"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code...", "vendor": "Apple", "product": "webkitgtk", "added_date": "2022-05-23T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0e630b24-cf6f-4d3e-bdeb-fe9dcf24a0f0", "vulnerability": {"vulnId": "CVE-2018-5002", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "0e630b24-cf6f-4d3e-bdeb-fe9dcf24a0f0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based buffer overflow vulnerability. Successful exploitation could lead to... | Affected: Adobe / Adobe Flash Player 29.0.0.171 and earlier versions | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-5002", "url": "https://www.cve.org/CVERecord?id=CVE-2018-5002"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-5002"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based buffer overflow vulnerability. Successful exploitation could lead to...", "vendor": "Adobe", "product": "Adobe Flash Player 29.0.0.171 and earlier versions", "added_date": "2022-05-23T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "df229784-0d1f-466c-8d98-0f32f47237cf", "vulnerability": {"vulnId": "CVE-2021-30883", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "df229784-0d1f-466c-8d98-0f32f47237cf", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, macOS Monterey 12.0.1,... | Affected: Apple / iOS and iPadOS, macOS | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-30883", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30883"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-30883"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, macOS Monterey 12.0.1,...", "vendor": "Apple", "product": "iOS and iPadOS, macOS", "added_date": "2022-05-23T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f82f9764-ac88-4a21-9140-dc64342f2bac", "vulnerability": {"vulnId": "CVE-2022-30525", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-16T00:00:00+00:00"}, "gcve": {"object_uuid": "f82f9764-ac88-4a21-9140-dc64342f2bac", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-16T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-16T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware... | Affected: Zyxel / USG FLEX 100(W) firmware, USG FLEX 200 firmware, USG FLEX 500 firmware, USG FLEX 700 firmware, ATP series firmware, VPN series firmware, USG FLEX 50(W) firmware, USG 20(W)-VPN firmware | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-30525", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30525"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-30525"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware...", "vendor": "Zyxel", "product": "USG FLEX 100(W) firmware, USG FLEX 200 firmware, USG FLEX 500 firmware, USG FLEX 700 firmware, ATP series firmware, VPN series firmware, USG FLEX 50(W) firmware, USG 20(W)-VPN firmware", "added_date": "2022-05-16T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "38a9cf2a-e97a-4c5f-97fa-5ae389852240", "vulnerability": {"vulnId": "CVE-2022-22947", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-16T00:00:00+00:00"}, "gcve": {"object_uuid": "38a9cf2a-e97a-4c5f-97fa-5ae389852240", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-16T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-16T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator... | Affected: VMware / Spring Cloud Gateway | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-22947", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22947"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-22947"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator...", "vendor": "VMware", "product": "Spring Cloud Gateway", "added_date": "2022-05-16T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6bba823a-5346-4038-8567-e6170d5860e2", "vulnerability": {"vulnId": "CVE-2022-1388", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-10T00:00:00+00:00"}, "gcve": {"object_uuid": "6bba823a-5346-4038-8567-e6170d5860e2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to... | Affected: F5 / BIG-IP | CVSS: 9.8 (CRITICAL) | EPSS: 0.99956 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-1388", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1388"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-1388"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to...", "vendor": "F5", "product": "BIG-IP", "added_date": "2022-05-10T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99956, "cvss_severity": "CRITICAL", "epss_percentile": 0.99974, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0384750b-11b8-42e7-bd4e-7ebaf704b923", "vulnerability": {"vulnId": "CVE-2021-1789", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-04T00:00:00+00:00"}, "gcve": {"object_uuid": "0384750b-11b8-42e7-bd4e-7ebaf704b923", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-04T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina,... | Affected: Apple / iOS and iPadOS, macOS | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-1789", "url": "https://www.cve.org/CVERecord?id=CVE-2021-1789"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-1789"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina,...", "vendor": "Apple", "product": "iOS and iPadOS, macOS", "added_date": "2022-05-04T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "730a0739-e867-4693-8d35-58f533d2a300", "vulnerability": {"vulnId": "CVE-2014-4113", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-04T00:00:00+00:00"}, "gcve": {"object_uuid": "730a0739-e867-4693-8d35-58f533d2a300", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-04T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1,... | Affected: Microsoft / Windows | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2014-4113", "url": "https://www.cve.org/CVERecord?id=CVE-2014-4113"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-4113"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1,...", "vendor": "Microsoft", "product": "Windows", "added_date": "2022-05-04T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "786bddf1-f0da-4129-ba6b-351c0fcf346b", "vulnerability": {"vulnId": "CVE-2014-0322", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-04T00:00:00+00:00"}, "gcve": {"object_uuid": "786bddf1-f0da-4129-ba6b-351c0fcf346b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-04T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving... | Affected: Microsoft / Internet Explorer | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2014-0322", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0322"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-0322"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving...", "vendor": "Microsoft", "product": "Internet Explorer", "added_date": "2022-05-04T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b62c4090-1e77-47a4-8a8e-3c238372e492", "vulnerability": {"vulnId": "CVE-2019-8506", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-04T00:00:00+00:00"}, "gcve": {"object_uuid": "b62c4090-1e77-47a4-8a8e-3c238372e492", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-04T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes... | Affected: Apple / iOS, tvOS, watchOS, Safari, iTunes for Windows, iCloud for Windows | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-8506", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8506"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-8506"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes...", "vendor": "Apple", "product": "iOS, tvOS, watchOS, Safari, iTunes for Windows, iCloud for Windows", "added_date": "2022-05-04T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8d4d7a22-2339-4025-bee5-82d1fe979984", "vulnerability": {"vulnId": "CVE-2014-0160", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-04T00:00:00+00:00"}, "gcve": {"object_uuid": "8d4d7a22-2339-4025-bee5-82d1fe979984", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-04T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote... | Affected: OpenSSL / OpenSSL | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2014-0160", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0160"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-0160"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote...", "vendor": "OpenSSL", "product": "OpenSSL", "added_date": "2022-05-04T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c5ba3f2a-7de4-4184-ba02-633622f3b025", "vulnerability": {"vulnId": "CVE-2022-29464", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-25T00:00:00+00:00"}, "gcve": {"object_uuid": "c5ba3f2a-7de4-4184-ba02-633622f3b025", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a... | Affected: WSO2 / WSO2 API Manager, WSO2 Identity Server, WSO2 Identity Server Analytics, WSO2 Enterprise Integrator, WSO2 Open Banking AM, WSO2 Open Banking KM | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-29464", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29464"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-29464"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a...", "vendor": "WSO2", "product": "WSO2 API Manager, WSO2 Identity Server, WSO2 Identity Server Analytics, WSO2 Enterprise Integrator, WSO2 Open Banking AM, WSO2 Open Banking KM", "added_date": "2022-04-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7c289bb1-3906-4f77-bbbd-29b9abc83fbd", "vulnerability": {"vulnId": "CVE-2022-0847", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-25T00:00:00+00:00"}, "gcve": {"object_uuid": "7c289bb1-3906-4f77-bbbd-29b9abc83fbd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A flaw was found in the way the \"flags\" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and... | Affected: Linux / kernel | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-0847", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0847"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-0847"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A flaw was found in the way the \"flags\" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and...", "vendor": "Linux", "product": "kernel", "added_date": "2022-04-25T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0b67f795-35e0-4590-b18a-21f6f68bbc3c", "vulnerability": {"vulnId": "CVE-2021-41357", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-25T00:00:00+00:00"}, "gcve": {"object_uuid": "0b67f795-35e0-4590-b18a-21f6f68bbc3c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Win32k Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2 | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-41357", "url": "https://www.cve.org/CVERecord?id=CVE-2021-41357"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-41357"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Win32k Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2", "added_date": "2022-04-25T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "212e4bae-8905-46fe-8324-5677b66108b7", "vulnerability": {"vulnId": "CVE-2021-40450", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-25T00:00:00+00:00"}, "gcve": {"object_uuid": "212e4bae-8905-46fe-8324-5677b66108b7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Win32k Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2 | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-40450", "url": "https://www.cve.org/CVERecord?id=CVE-2021-40450"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-40450"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Win32k Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2", "added_date": "2022-04-25T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ef8b509d-b625-43c6-a780-4b10d3baba73", "vulnerability": {"vulnId": "CVE-2019-1003029", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-25T00:00:00+00:00"}, "gcve": {"object_uuid": "ef8b509d-b625-43c6-a780-4b10d3baba73", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in... | Affected: Jenkins project / Jenkins Script Security Plugin | CVSS: 9.9 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-1003029", "url": "https://www.cve.org/CVERecord?id=CVE-2019-1003029"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-1003029"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in...", "vendor": "Jenkins project", "product": "Jenkins Script Security Plugin", "added_date": "2022-04-25T00:00:00.000Z", "cvss_score": 9.9, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8461fec1-a96f-489d-bbec-efb5ccf05209", "vulnerability": {"vulnId": "CVE-2022-21919", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-25T00:00:00+00:00"}, "gcve": {"object_uuid": "8461fec1-a96f-489d-bbec-efb5ccf05209", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows User Profile Service Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-21919", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21919"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-21919"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows User Profile Service Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2022-04-25T00:00:00.000Z", "cvss_score": 7.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "bab43561-4494-49db-a72c-2e77d9fd0d68", "vulnerability": {"vulnId": "CVE-2022-26904", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-25T00:00:00+00:00"}, "gcve": {"object_uuid": "bab43561-4494-49db-a72c-2e77d9fd0d68", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows User Profile Service Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-26904", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26904"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-26904"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows User Profile Service Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2022-04-25T00:00:00.000Z", "cvss_score": 7.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2a178460-47ac-4383-9a45-16abeb0ea7a9", "vulnerability": {"vulnId": "CVE-2022-22718", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-19T00:00:00+00:00"}, "gcve": {"object_uuid": "2a178460-47ac-4383-9a45-16abeb0ea7a9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-19T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-19T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Print Spooler Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-22718", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22718"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-22718"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Print Spooler Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2022-04-19T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5755e7a7-6a4d-41ae-a106-21eeb1960079", "vulnerability": {"vulnId": "CVE-2018-6882", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-19T00:00:00+00:00"}, "gcve": {"object_uuid": "5755e7a7-6a4d-41ae-a106-21eeb1960079", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-19T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-19T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1... | Affected: Zimbra / Collaboration Suite | CVSS: 6.1 (MEDIUM) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-6882", "url": "https://www.cve.org/CVERecord?id=CVE-2018-6882"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-6882"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1...", "vendor": "Zimbra", "product": "Collaboration Suite", "added_date": "2022-04-19T00:00:00.000Z", "cvss_score": 6.1, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e0bbc21f-aebe-45c5-992c-7cdc9da957c1", "vulnerability": {"vulnId": "CVE-2019-3568", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-19T00:00:00+00:00"}, "gcve": {"object_uuid": "e0bbc21f-aebe-45c5-992c-7cdc9da957c1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-19T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-19T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target... | Affected: Facebook / WhatsApp for Android, WhatsApp Business for Android, WhatsApp for iOS, WhatsApp Business for iOS, WhatsApp for Windows Phone, WhatsApp for Tizen | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-3568", "url": "https://www.cve.org/CVERecord?id=CVE-2019-3568"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-3568"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target...", "vendor": "Facebook", "product": "WhatsApp for Android, WhatsApp Business for Android, WhatsApp for iOS, WhatsApp Business for iOS, WhatsApp for Windows Phone, WhatsApp for Tizen", "added_date": "2022-04-19T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0bd95983-0d7f-4209-b1c9-e35b78a41af8", "vulnerability": {"vulnId": "CVE-2022-1364", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-15T00:00:00+00:00"}, "gcve": {"object_uuid": "0bd95983-0d7f-4209-b1c9-e35b78a41af8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-1364", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1364"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-1364"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a...", "vendor": "Google", "product": "Chrome", "added_date": "2022-04-15T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "fac5a90f-d7bf-4592-9824-3bb09a6bcca9", "vulnerability": {"vulnId": "CVE-2010-5330", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-15T00:00:00+00:00"}, "gcve": {"object_uuid": "fac5a90f-d7bf-4592-9824-3bb09a6bcca9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not... | Affected: Ubiquiti / AirOS | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2010-5330", "url": "https://www.cve.org/CVERecord?id=CVE-2010-5330"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2010-5330"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not...", "vendor": "Ubiquiti", "product": "AirOS", "added_date": "2022-04-15T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f350d467-0a29-457a-8f56-de267fa6ef8b", "vulnerability": {"vulnId": "CVE-2016-4523", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-15T00:00:00+00:00"}, "gcve": {"object_uuid": "f350d467-0a29-457a-8f56-de267fa6ef8b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service... | Affected: Trihedral / VTScada | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-4523", "url": "https://www.cve.org/CVERecord?id=CVE-2016-4523"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-4523"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service...", "vendor": "Trihedral", "product": "VTScada", "added_date": "2022-04-15T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "910e2abf-a701-4cd0-bb96-f4677a102637", "vulnerability": {"vulnId": "CVE-2019-16057", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-15T00:00:00+00:00"}, "gcve": {"object_uuid": "910e2abf-a701-4cd0-bb96-f4677a102637", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection. | Affected: D-Link / DNS-320 | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-16057", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16057"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-16057"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.", "vendor": "D-Link", "product": "DNS-320", "added_date": "2022-04-15T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c600e8d1-9823-4bfc-812f-23c143964998", "vulnerability": {"vulnId": "CVE-2007-3010", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-15T00:00:00+00:00"}, "gcve": {"object_uuid": "c600e8d1-9823-4bfc-812f-23c143964998", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute... | Affected: Alcatel / OmniPCX Enterprise Communication Server | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2007-3010", "url": "https://www.cve.org/CVERecord?id=CVE-2007-3010"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2007-3010"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute...", "vendor": "Alcatel", "product": "OmniPCX Enterprise Communication Server", "added_date": "2022-04-15T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "803f8373-84b4-4d53-bd5e-9a3203be8df3", "vulnerability": {"vulnId": "CVE-2014-0780", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-15T00:00:00+00:00"}, "gcve": {"object_uuid": "803f8373-84b4-4d53-bd5e-9a3203be8df3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: InduSoft Web Studio Path Traversal | Affected: InduSoft / Web Studio | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2014-0780", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0780"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-0780"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "InduSoft Web Studio Path Traversal", "vendor": "InduSoft", "product": "Web Studio", "added_date": "2022-04-15T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c2c35eca-48fc-41eb-a72d-0d4826c7563e", "vulnerability": {"vulnId": "CVE-2018-7841", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-15T00:00:00+00:00"}, "gcve": {"object_uuid": "c2c35eca-48fc-41eb-a72d-0d4826c7563e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper... | Affected: U.motion / U.motion Builder software version 1.3.4 | CVSS: 9.8 (CRITICAL) | EPSS: 0.72486 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-7841", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7841"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-7841"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper...", "vendor": "U.motion", "product": "U.motion Builder software version 1.3.4", "added_date": "2022-04-15T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.72486, "cvss_severity": "CRITICAL", "epss_percentile": 0.99366, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "35f604da-a2d9-4b59-96f9-29cedacdba1f", "vulnerability": {"vulnId": "CVE-2019-3929", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-15T00:00:00+00:00"}, "gcve": {"object_uuid": "35f604da-a2d9-4b59-96f9-29cedacdba1f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W... | Affected: Crestron / Crestron AirMedia, Barco WePresent, Extron ShareLink, Teq AV IT WIPS710, SHARP PN-L703WA, Optoma WPS-Pro, Blackbox HD WPS, InFocus LiteShow3, and InFocus LiteShow4. | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-3929", "url": "https://www.cve.org/CVERecord?id=CVE-2019-3929"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-3929"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W...", "vendor": "Crestron", "product": "Crestron AirMedia, Barco WePresent, Extron ShareLink, Teq AV IT WIPS710, SHARP PN-L703WA, Optoma WPS-Pro, Blackbox HD WPS, InFocus LiteShow3, and InFocus LiteShow4.", "added_date": "2022-04-15T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2353a415-811f-44ac-95e4-ee18367df5a6", "vulnerability": {"vulnId": "CVE-2022-22960", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-15T00:00:00+00:00"}, "gcve": {"object_uuid": "2353a415-811f-44ac-95e4-ee18367df5a6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in... | Affected: VMware / VMware Workspace ONE Access, Identity Manager and vRealize Automation | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-22960", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22960"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-22960"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in...", "vendor": "VMware", "product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation", "added_date": "2022-04-15T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "08e12970-795d-4ced-a225-c0927266bb92", "vulnerability": {"vulnId": "CVE-2022-22954", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-14T00:00:00+00:00"}, "gcve": {"object_uuid": "08e12970-795d-4ced-a225-c0927266bb92", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-14T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious... | Affected: VMware / VMware Workspace ONE Access and Identity Manager | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-22954", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22954"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-22954"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious...", "vendor": "VMware", "product": "VMware Workspace ONE Access and Identity Manager", "added_date": "2022-04-14T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "338c1013-fd93-4c0e-801d-0435955f57fc", "vulnerability": {"vulnId": "CVE-2015-0311", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-13T00:00:00+00:00"}, "gcve": {"object_uuid": "338c1013-fd93-4c0e-801d-0435955f57fc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through... | Affected: Adobe / Flash Player | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-0311", "url": "https://www.cve.org/CVERecord?id=CVE-2015-0311"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-0311"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2022-04-13T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "faffda96-eac0-429c-9048-108a01e43629", "vulnerability": {"vulnId": "CVE-2015-5123", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-13T00:00:00+00:00"}, "gcve": {"object_uuid": "faffda96-eac0-429c-9048-108a01e43629", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on... | Affected: Adobe / Flash Player | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-5123", "url": "https://www.cve.org/CVERecord?id=CVE-2015-5123"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-5123"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2022-04-13T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "af134287-17f5-4b34-ba1d-b2867b199f11", "vulnerability": {"vulnId": "CVE-2014-9163", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-13T00:00:00+00:00"}, "gcve": {"object_uuid": "af134287-17f5-4b34-ba1d-b2867b199f11", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 on Windows and OS X and before 11.2.202.425... | Affected: Adobe / Flash Player | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2014-9163", "url": "https://www.cve.org/CVERecord?id=CVE-2014-9163"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-9163"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 on Windows and OS X and before 11.2.202.425...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2022-04-13T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f603d8e7-a4bb-47fd-b2a6-f067324ad64d", "vulnerability": {"vulnId": "CVE-2018-7602", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-13T00:00:00+00:00"}, "gcve": {"object_uuid": "f603d8e7-a4bb-47fd-b2a6-f067324ad64d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-004 | Affected: Drupal / core | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-7602", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7602"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-7602"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-004", "vendor": "Drupal", "product": "core", "added_date": "2022-04-13T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c490fade-ca29-4897-a5d9-04ca7b0c6f12", "vulnerability": {"vulnId": "CVE-2022-24521", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-13T00:00:00+00:00"}, "gcve": {"object_uuid": "c490fade-ca29-4897-a5d9-04ca7b0c6f12", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Common Log File System Driver Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-24521", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24521"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-24521"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2022-04-13T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "777bae4a-9903-40ea-b928-df427729dbd0", "vulnerability": {"vulnId": "CVE-2015-0313", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-13T00:00:00+00:00"}, "gcve": {"object_uuid": "777bae4a-9903-40ea-b928-df427729dbd0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before... | Affected: Adobe / Flash Player | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-0313", "url": "https://www.cve.org/CVERecord?id=CVE-2015-0313"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-0313"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2022-04-13T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2e07dcdb-a092-49a8-8156-635b3a66d9a6", "vulnerability": {"vulnId": "CVE-2015-5122", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-13T00:00:00+00:00"}, "gcve": {"object_uuid": "2e07dcdb-a092-49a8-8156-635b3a66d9a6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on... | Affected: Adobe / Flash Player | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-5122", "url": "https://www.cve.org/CVERecord?id=CVE-2015-5122"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-5122"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2022-04-13T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f377d4a8-3489-4529-a277-951fa20d3f20", "vulnerability": {"vulnId": "CVE-2018-20753", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-13T00:00:00+00:00"}, "gcve": {"object_uuid": "f377d4a8-3489-4529-a277-951fa20d3f20", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell... | Affected: Kaseya / VSA RMM | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-20753", "url": "https://www.cve.org/CVERecord?id=CVE-2018-20753"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-20753"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell...", "vendor": "Kaseya", "product": "VSA RMM", "added_date": "2022-04-13T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f7beba21-ce4b-4215-926e-c2f82c35e476", "vulnerability": {"vulnId": "CVE-2015-3113", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-13T00:00:00+00:00"}, "gcve": {"object_uuid": "f7beba21-ce4b-4215-926e-c2f82c35e476", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before... | Affected: Adobe / Flash Player | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-3113", "url": "https://www.cve.org/CVERecord?id=CVE-2015-3113"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-3113"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2022-04-13T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "07f5c8cd-d0a4-44f5-a2f4-716154e23ba4", "vulnerability": {"vulnId": "CVE-2015-2502", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-13T00:00:00+00:00"}, "gcve": {"object_uuid": "07f5c8cd-d0a4-44f5-a2f4-716154e23ba4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-13T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a... | Affected: Microsoft / Internet Explorer | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-2502", "url": "https://www.cve.org/CVERecord?id=CVE-2015-2502"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-2502"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a...", "vendor": "Microsoft", "product": "Internet Explorer", "added_date": "2022-04-13T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2c24eb13-b440-465b-8038-ead36782fa02", "vulnerability": {"vulnId": "CVE-2017-11317", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-11T00:00:00+00:00"}, "gcve": {"object_uuid": "2c24eb13-b440-465b-8038-ead36782fa02", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows... | Affected: Progress / Telerik UI for ASP.NET AJAX | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-11317", "url": "https://www.cve.org/CVERecord?id=CVE-2017-11317"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-11317"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows...", "vendor": "Progress", "product": "Telerik UI for ASP.NET AJAX", "added_date": "2022-04-11T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8ff22503-f89c-4092-a1ea-ccd05e3aff7f", "vulnerability": {"vulnId": "CVE-2021-42278", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-11T00:00:00+00:00"}, "gcve": {"object_uuid": "8ff22503-f89c-4092-a1ea-ccd05e3aff7f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Active Directory Domain Services Elevation of Privilege Vulnerability | Affected: Microsoft / Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server version 2004, Windows Server version 20H2, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.5 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-42278", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42278"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-42278"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Active Directory Domain Services Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server version 2004, Windows Server version 20H2, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2022-04-11T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b8438953-f753-488d-9ef7-a0b2c4784032", "vulnerability": {"vulnId": "CVE-2020-2509", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-11T00:00:00+00:00"}, "gcve": {"object_uuid": "b8438953-f753-488d-9ef7-a0b2c4784032", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Command Injection Vulnerability in QTS and QuTS hero | Affected: QNAP Systems Inc. / QTS, QuTS hero | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-2509", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2509"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-2509"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Command Injection Vulnerability in QTS and QuTS hero", "vendor": "QNAP Systems Inc.", "product": "QTS, QuTS hero", "added_date": "2022-04-11T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d57d19c5-e859-4117-a2cf-808939f64314", "vulnerability": {"vulnId": "CVE-2022-23176", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-11T00:00:00+00:00"}, "gcve": {"object_uuid": "d57d19c5-e859-4117-a2cf-808939f64314", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management... | Affected: WatchGuard / Firebox and XTM appliances | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-23176", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23176"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-23176"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management...", "vendor": "WatchGuard", "product": "Firebox and XTM appliances", "added_date": "2022-04-11T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "eb6567f5-2071-46ae-bb33-1fef37387ce0", "vulnerability": {"vulnId": "CVE-2021-22600", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-11T00:00:00+00:00"}, "gcve": {"object_uuid": "eb6567f5-2071-46ae-bb33-1fef37387ce0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Double Free in net/packet/af_packet.c leading to priviledge escalation | Affected: Linux Kernel / Kernel | CVSS: 6.6 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-22600", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22600"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-22600"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Double Free in net/packet/af_packet.c leading to priviledge escalation", "vendor": "Linux Kernel", "product": "Kernel", "added_date": "2022-04-11T00:00:00.000Z", "cvss_score": 6.6, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6d7ec46f-3560-49df-af4c-f0da221a0170", "vulnerability": {"vulnId": "CVE-2021-27852", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-11T00:00:00+00:00"}, "gcve": {"object_uuid": "6d7ec46f-3560-49df-af4c-f0da221a0170", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute... | Affected: Checkbox / Survey | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-27852", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27852"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-27852"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute...", "vendor": "Checkbox", "product": "Survey", "added_date": "2022-04-11T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b97e1cad-196e-43bb-830b-509458412f3e", "vulnerability": {"vulnId": "CVE-2021-39793", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-11T00:00:00+00:00"}, "gcve": {"object_uuid": "b97e1cad-196e-43bb-830b-509458412f3e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In kbase_jd_user_buf_pin_pages of mali_kbase_mem.c, there is a possible out of bounds write due to a logic error in the code. This could lead to... | Affected: Google / Android | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-39793", "url": "https://www.cve.org/CVERecord?id=CVE-2021-39793"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-39793"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In kbase_jd_user_buf_pin_pages of mali_kbase_mem.c, there is a possible out of bounds write due to a logic error in the code. This could lead to...", "vendor": "Google", "product": "Android", "added_date": "2022-04-11T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "33539184-a892-4684-92f1-c420001bbb25", "vulnerability": {"vulnId": "CVE-2021-42287", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-11T00:00:00+00:00"}, "gcve": {"object_uuid": "33539184-a892-4684-92f1-c420001bbb25", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Active Directory Domain Services Elevation of Privilege Vulnerability | Affected: Microsoft / Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server version 2004, Windows Server version 20H2, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.5 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-42287", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42287"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-42287"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Active Directory Domain Services Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server version 2004, Windows Server version 20H2, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2022-04-11T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5c5afafb-dd30-4fc9-9501-b210ede34ad7", "vulnerability": {"vulnId": "CVE-2021-3156", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-06T00:00:00+00:00"}, "gcve": {"object_uuid": "5c5afafb-dd30-4fc9-9501-b210ede34ad7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-06T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via... | Affected: Sudo Project / Sudo | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-3156", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-3156"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via...", "vendor": "Sudo Project", "product": "Sudo", "added_date": "2022-04-06T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "72876943-65b2-4bf5-9924-db1c28251737", "vulnerability": {"vulnId": "CVE-2017-0148", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-06T00:00:00+00:00"}, "gcve": {"object_uuid": "72876943-65b2-4bf5-9924-db1c28251737", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-06T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2;... | Affected: Microsoft Corporation / Windows SMB | CVSS: 8.1 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-0148", "url": "https://www.cve.org/CVERecord?id=CVE-2017-0148"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-0148"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2;...", "vendor": "Microsoft Corporation", "product": "Windows SMB", "added_date": "2022-04-06T00:00:00.000Z", "cvss_score": 8.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "1db585a2-2f69-4a3c-9c3a-80269e4fe9e7", "vulnerability": {"vulnId": "CVE-2021-31166", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-06T00:00:00+00:00"}, "gcve": {"object_uuid": "1db585a2-2f69-4a3c-9c3a-80269e4fe9e7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-06T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: HTTP Protocol Stack Remote Code Execution Vulnerability | Affected: Microsoft / Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-31166", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31166"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-31166"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "HTTP Protocol Stack Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2", "added_date": "2022-04-06T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "aa9949c8-690c-410b-968a-a64567d2fc5c", "vulnerability": {"vulnId": "CVE-2022-22675", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-04T00:00:00+00:00"}, "gcve": {"object_uuid": "aa9949c8-690c-410b-968a-a64567d2fc5c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-04T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6,... | Affected: Apple / iOS and iPadOS, macOS, watchOS | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-22675", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22675"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-22675"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6,...", "vendor": "Apple", "product": "iOS and iPadOS, macOS, watchOS", "added_date": "2022-04-04T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "15a16d96-79ef-42f7-b724-6bc3195d720f", "vulnerability": {"vulnId": "CVE-2021-45382", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-04T00:00:00+00:00"}, "gcve": {"object_uuid": "15a16d96-79ef-42f7-b724-6bc3195d720f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-04T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L... | Affected: D-link / DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, DIR-836L routers | CVSS: 9.8 (CRITICAL) | EPSS: 0.97836 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-45382", "url": "https://www.cve.org/CVERecord?id=CVE-2021-45382"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-45382"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L...", "vendor": "D-link", "product": "DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, DIR-836L routers", "added_date": "2022-04-04T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.97836, "cvss_severity": "CRITICAL", "epss_percentile": 0.99898, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "bb13a37a-87bc-41ed-9dc3-2765c533c3f9", "vulnerability": {"vulnId": "CVE-2022-22965", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-04T00:00:00+00:00"}, "gcve": {"object_uuid": "bb13a37a-87bc-41ed-9dc3-2765c533c3f9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-04T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific... | Affected: VMware / Spring Framework | CVSS: 9.8 (CRITICAL) | EPSS: 0.99677 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-22965", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22965"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-22965"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific...", "vendor": "VMware", "product": "Spring Framework", "added_date": "2022-04-04T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99677, "cvss_severity": "CRITICAL", "epss_percentile": 0.99948, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f345c022-a147-45bb-8dc5-2f3905d6e5a0", "vulnerability": {"vulnId": "CVE-2022-22674", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-04T00:00:00+00:00"}, "gcve": {"object_uuid": "f345c022-a147-45bb-8dc5-2f3905d6e5a0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-04T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-04-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is... | Affected: Apple / macOS | CVSS: 5.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-22674", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22674"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-22674"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is...", "vendor": "Apple", "product": "macOS", "added_date": "2022-04-04T00:00:00.000Z", "cvss_score": 5.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f3d7176e-c4ce-4d9a-8663-19d54ba791a0", "vulnerability": {"vulnId": "CVE-2018-10561", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-31T00:00:00+00:00"}, "gcve": {"object_uuid": "f3d7176e-c4ce-4d9a-8663-19d54ba791a0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-31T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-31T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending \"?images\" to any URL of the device... | Affected: Dasan / GPON home routers | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-10561", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10561"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-10561"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending \"?images\" to any URL of the device...", "vendor": "Dasan", "product": "GPON home routers", "added_date": "2022-03-31T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b6f3276b-aab2-437f-b950-269287da0bb6", "vulnerability": {"vulnId": "CVE-2021-21551", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-31T00:00:00+00:00"}, "gcve": {"object_uuid": "b6f3276b-aab2-437f-b950-269287da0bb6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-31T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-31T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or... | Affected: Dell / dbutil | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-21551", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21551"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-21551"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or...", "vendor": "Dell", "product": "dbutil", "added_date": "2022-03-31T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "263de915-a599-4ff7-8e68-73776491f9f3", "vulnerability": {"vulnId": "CVE-2018-10562", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-31T00:00:00+00:00"}, "gcve": {"object_uuid": "263de915-a599-4ff7-8e68-73776491f9f3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-31T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-31T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a... | Affected: Dasan / GPON home routers | CVSS: 9.8 (CRITICAL) | EPSS: 0.9995 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-10562", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10562"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-10562"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a...", "vendor": "Dasan", "product": "GPON home routers", "added_date": "2022-03-31T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.9995, "cvss_severity": "CRITICAL", "epss_percentile": 0.99973, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e2c4112e-21ca-495c-86cf-01831daa127c", "vulnerability": {"vulnId": "CVE-2022-26871", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-31T00:00:00+00:00"}, "gcve": {"object_uuid": "e2c4112e-21ca-495c-86cf-01831daa127c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-31T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-31T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which... | Affected: Trend Micro / Trend Micro Apex Central | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-26871", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26871"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-26871"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which...", "vendor": "Trend Micro", "product": "Trend Micro Apex Central", "added_date": "2022-03-31T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5a1d5dfd-706d-455f-9205-b8965d42bf7d", "vulnerability": {"vulnId": "CVE-2022-1040", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-31T00:00:00+00:00"}, "gcve": {"object_uuid": "5a1d5dfd-706d-455f-9205-b8965d42bf7d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-31T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-31T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5... | Affected: Sophos / Sophos Firewall | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-1040", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1040"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-1040"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5...", "vendor": "Sophos", "product": "Sophos Firewall", "added_date": "2022-03-31T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7e6648b4-a10e-44d4-94ec-cdf5d6874fe9", "vulnerability": {"vulnId": "CVE-2021-34484", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-31T00:00:00+00:00"}, "gcve": {"object_uuid": "7e6648b4-a10e-44d4-94ec-cdf5d6874fe9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-31T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-31T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows User Profile Service Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-34484", "url": "https://www.cve.org/CVERecord?id=CVE-2021-34484"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-34484"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows User Profile Service Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2022-03-31T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b6bf6b23-c149-46f0-988a-2577c076c610", "vulnerability": {"vulnId": "CVE-2021-28799", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-31T00:00:00+00:00"}, "gcve": {"object_uuid": "b6bf6b23-c149-46f0-988a-2577c076c610", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-31T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-31T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Improper Authorization Vulnerability in HBS 3 (Hybrid Backup Sync) | Affected: QNAP Systems Inc. / HBS 3, HBS 2, HBS 1.3 | CVSS: 10.0 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-28799", "url": "https://www.cve.org/CVERecord?id=CVE-2021-28799"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-28799"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Improper Authorization Vulnerability in HBS 3 (Hybrid Backup Sync)", "vendor": "QNAP Systems Inc.", "product": "HBS 3, HBS 2, HBS 1.3", "added_date": "2022-03-31T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "810a44cc-4afa-46b9-9c82-2aab7c2f6a7b", "vulnerability": {"vulnId": "CVE-2022-28221", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-30T06:11:19+00:00"}, "gcve": {"object_uuid": "810a44cc-4afa-46b9-9c82-2aab7c2f6a7b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-30T06:11:19+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-30T06:11:19+00:00"}, "scope": {"notes": "KEVIntel entry: CleanTalk AntiSpam <= 5.173 Reflected XSS | Affected: CleanTalk / CleanTalk AntiSpam | CVSS: 6.1 (MEDIUM) | EPSS: 0.01195 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-28221", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28221"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-28221"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "CleanTalk AntiSpam <= 5.173 Reflected XSS", "vendor": "CleanTalk", "product": "CleanTalk AntiSpam", "added_date": "2022-03-30T06:11:19.000Z", "cvss_score": 6.1, "epss_score": 0.01195, "cvss_severity": "MEDIUM", "epss_percentile": 0.77742, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "6c120aec-e0c8-40d8-a43b-c0ed9c559390", "vulnerability": {"vulnId": "CVE-2015-1770", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "6c120aec-e0c8-40d8-a43b-c0ed9c559390", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office... | Affected: Microsoft / Office 2013 | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-1770", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1770"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-1770"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office...", "vendor": "Microsoft", "product": "Office 2013", "added_date": "2022-03-28T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9fcd8c2b-68f3-4839-bb5b-7c95f1b44c00", "vulnerability": {"vulnId": "CVE-2022-0543", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "9fcd8c2b-68f3-4839-bb5b-7c95f1b44c00", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which... | Affected: Debian / redis | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-0543", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0543"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-0543"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which...", "vendor": "Debian", "product": "redis", "added_date": "2022-03-28T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "aa9dfa5f-434d-4857-a001-657ab0ce334a", "vulnerability": {"vulnId": "CVE-2021-20028", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "aa9dfa5f-434d-4857-a001-657ab0ce334a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products,... | Affected: SonicWall / SonicWall SRA/SMA100 | CVSS: 9.8 (CRITICAL) | EPSS: 0.30084 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-20028", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20028"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-20028"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products,...", "vendor": "SonicWall", "product": "SonicWall SRA/SMA100", "added_date": "2022-03-28T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.30084, "cvss_severity": "CRITICAL", "epss_percentile": 0.97974, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ef6cd18c-7abd-400a-a715-5734e17d10d4", "vulnerability": {"vulnId": "CVE-2012-5076", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "ef6cd18c-7abd-400a-a715-5734e17d10d4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to... | Affected: Oracle / Java SE | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2012-5076", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5076"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2012-5076"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to...", "vendor": "Oracle", "product": "Java SE", "added_date": "2022-03-28T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9637bf57-4e6b-45c2-8533-0f1250832941", "vulnerability": {"vulnId": "CVE-2013-1690", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "9637bf57-4e6b-45c2-8533-0f1250832941", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly... | Affected: Mozilla / Firefox, Firefox ESR, Thunderbird, Thunderbird ESR | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-1690", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1690"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-1690"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly...", "vendor": "Mozilla", "product": "Firefox, Firefox ESR, Thunderbird, Thunderbird ESR", "added_date": "2022-03-28T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7f6af0c8-7f7b-4c77-ae93-45c46ff28686", "vulnerability": {"vulnId": "CVE-2011-2005", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "7f6af0c8-7f7b-4c77-ae93-45c46ff28686", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed... | Affected: Microsoft / Windows | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2011-2005", "url": "https://www.cve.org/CVERecord?id=CVE-2011-2005"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2011-2005"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed...", "vendor": "Microsoft", "product": "Windows", "added_date": "2022-03-28T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f1216182-8295-4693-b565-f3e8ce027b33", "vulnerability": {"vulnId": "CVE-2012-0518", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "f1216182-8295-4693-b565-f3e8ce027b33", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers... | Affected: Oracle / Fusion Middleware | CVSS: 4.7 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2012-0518", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0518"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2012-0518"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers...", "vendor": "Oracle", "product": "Fusion Middleware", "added_date": "2022-03-28T00:00:00.000Z", "cvss_score": 4.7, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "31e2846f-dc36-4b82-bab6-9536e47ca9ea", "vulnerability": {"vulnId": "CVE-2012-2034", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "31e2846f-dc36-4b82-bab6-9536e47ca9ea", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on... | Affected: Adobe / Flash Player | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2012-2034", "url": "https://www.cve.org/CVERecord?id=CVE-2012-2034"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2012-2034"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2022-03-28T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9cc3a11c-ba91-4a8f-a2a2-92ac0504c920", "vulnerability": {"vulnId": "CVE-2021-26085", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "9cc3a11c-ba91-4a8f-a2a2-92ac0504c920", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read... | Affected: Atlassian / Confluence Server, Confluence Data Center | CVSS: 5.3 (MEDIUM) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-26085", "url": "https://www.cve.org/CVERecord?id=CVE-2021-26085"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-26085"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read...", "vendor": "Atlassian", "product": "Confluence Server, Confluence Data Center", "added_date": "2022-03-28T00:00:00.000Z", "cvss_score": 5.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d1c17b24-1b56-4e33-8b5a-ee9f71960002", "vulnerability": {"vulnId": "CVE-2010-4398", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "d1c17b24-1b56-4e33-8b5a-ee9f71960002", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,... | Affected: Microsoft / Windows | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2010-4398", "url": "https://www.cve.org/CVERecord?id=CVE-2010-4398"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2010-4398"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,...", "vendor": "Microsoft", "product": "Windows", "added_date": "2022-03-28T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d65bc79f-31c6-4c9d-a3c4-7f914a75e191", "vulnerability": {"vulnId": "CVE-2012-2539", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "d65bc79f-31c6-4c9d-a3c4-7f914a75e191", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow... | Affected: Microsoft / Word | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2012-2539", "url": "https://www.cve.org/CVERecord?id=CVE-2012-2539"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2012-2539"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow...", "vendor": "Microsoft", "product": "Word", "added_date": "2022-03-28T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e390a367-9efc-4798-8583-7dcb3b3e3fba", "vulnerability": {"vulnId": "CVE-2013-2465", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "e390a367-9efc-4798-8583-7dcb3b3e3fba", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and... | Affected: Oracle / Java SE | CVSS: 9.8 (CRITICAL) | EPSS: 0.98704 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-2465", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2465"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-2465"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and...", "vendor": "Oracle", "product": "Java SE", "added_date": "2022-03-28T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.98704, "cvss_severity": "CRITICAL", "epss_percentile": 0.99918, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "95f2e5f1-932b-4b7e-bc9e-45def1ed4a8e", "vulnerability": {"vulnId": "CVE-2013-2551", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "95f2e5f1-932b-4b7e-bc9e-45def1ed4a8e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site... | Affected: Microsoft / Internet Explorer | CVSS: 8.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-2551", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2551"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-2551"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site...", "vendor": "Microsoft", "product": "Internet Explorer", "added_date": "2022-03-28T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e4db98be-2a09-4479-87b8-f049a2056d78", "vulnerability": {"vulnId": "CVE-2013-2729", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "e4db98be-2a09-4479-87b8-f049a2056d78", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary... | Affected: Adobe / Reader and Acrobat | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-2729", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2729"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-2729"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary...", "vendor": "Adobe", "product": "Reader and Acrobat", "added_date": "2022-03-28T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7ee93511-d8bd-467a-934f-dadfd26f22eb", "vulnerability": {"vulnId": "CVE-2013-3660", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "7ee93511-d8bd-467a-934f-dadfd26f22eb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows... | Affected: Microsoft / Windows | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-3660", "url": "https://www.cve.org/CVERecord?id=CVE-2013-3660"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-3660"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows...", "vendor": "Microsoft", "product": "Windows", "added_date": "2022-03-28T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "90ac91e1-9f2d-4542-b7fb-b16b8bbd28f5", "vulnerability": {"vulnId": "CVE-2019-7483", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "90ac91e1-9f2d-4542-b7fb-b16b8bbd28f5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of... | Affected: SonicWall / SMA100 | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-7483", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7483"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-7483"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of...", "vendor": "SonicWall", "product": "SMA100", "added_date": "2022-03-28T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "083067b6-c2b2-4fba-9489-16a665692f2f", "vulnerability": {"vulnId": "CVE-2016-7200", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "083067b6-c2b2-4fba-9489-16a665692f2f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory... | Affected: Microsoft / Edge | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-7200", "url": "https://www.cve.org/CVERecord?id=CVE-2016-7200"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-7200"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory...", "vendor": "Microsoft", "product": "Edge", "added_date": "2022-03-28T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "47ca0254-07db-4415-a7f4-a40ae6c0610e", "vulnerability": {"vulnId": "CVE-2017-0213", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "47ca0254-07db-4415-a7f4-a40ae6c0610e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2,... | Affected: Microsoft Corporation / Windows COM | CVSS: 7.3 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-0213", "url": "https://www.cve.org/CVERecord?id=CVE-2017-0213"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-0213"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2,...", "vendor": "Microsoft Corporation", "product": "Windows COM", "added_date": "2022-03-28T00:00:00.000Z", "cvss_score": 7.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c7560413-4f14-4ca1-85b9-ff213a00e581", "vulnerability": {"vulnId": "CVE-2022-1096", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "c7560413-4f14-4ca1-85b9-ff213a00e581", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-1096", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1096"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-1096"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "vendor": "Google", "product": "Chrome", "added_date": "2022-03-28T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8344c915-282d-423a-976c-740c824e92ff", "vulnerability": {"vulnId": "CVE-2015-2419", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "8344c915-282d-423a-976c-740c824e92ff", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory... | Affected: Microsoft / Internet Explorer | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-2419", "url": "https://www.cve.org/CVERecord?id=CVE-2015-2419"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-2419"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory...", "vendor": "Microsoft", "product": "Internet Explorer", "added_date": "2022-03-28T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "30fdb4dd-e8ae-4d8d-a07b-a952c2a889ae", "vulnerability": {"vulnId": "CVE-2015-2426", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "30fdb4dd-e8ae-4d8d-a07b-a952c2a889ae", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows... | Affected: Microsoft / Windows | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-2426", "url": "https://www.cve.org/CVERecord?id=CVE-2015-2426"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-2426"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows...", "vendor": "Microsoft", "product": "Windows", "added_date": "2022-03-28T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e302e555-f281-41dc-ace4-a20199cf3c02", "vulnerability": {"vulnId": "CVE-2016-0040", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "e302e555-f281-41dc-ace4-a20199cf3c02", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a... | Affected: Microsoft / Windows | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-0040", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0040"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-0040"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a...", "vendor": "Microsoft", "product": "Windows", "added_date": "2022-03-28T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "488f85de-1aa6-4140-8956-aa08b4d2ffdb", "vulnerability": {"vulnId": "CVE-2016-0151", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "488f85de-1aa6-4140-8956-aa08b4d2ffdb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and... | Affected: Microsoft / Windows | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-0151", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0151"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-0151"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and...", "vendor": "Microsoft", "product": "Windows", "added_date": "2022-03-28T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "59c3472f-57f6-4edd-ab0a-4d54af031477", "vulnerability": {"vulnId": "CVE-2016-7201", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "59c3472f-57f6-4edd-ab0a-4d54af031477", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory... | Affected: Microsoft / Edge | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-7201", "url": "https://www.cve.org/CVERecord?id=CVE-2016-7201"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-7201"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory...", "vendor": "Microsoft", "product": "Edge", "added_date": "2022-03-28T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "77af80f2-1bfa-45f1-a3e8-6fdbb59d9aae", "vulnerability": {"vulnId": "CVE-2017-0037", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "77af80f2-1bfa-45f1-a3e8-6fdbb59d9aae", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the... | Affected: Microsoft Corporation / Internet Browser | CVSS: 8.1 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-0037", "url": "https://www.cve.org/CVERecord?id=CVE-2017-0037"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-0037"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the...", "vendor": "Microsoft Corporation", "product": "Internet Browser", "added_date": "2022-03-28T00:00:00.000Z", "cvss_score": 8.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5521629d-bfa5-4f88-a05a-bbac5258379c", "vulnerability": {"vulnId": "CVE-2017-0059", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "5521629d-bfa5-4f88-a05a-bbac5258379c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka... | Affected: Microsoft Corporation / Internet Explorer | CVSS: 4.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-0059", "url": "https://www.cve.org/CVERecord?id=CVE-2017-0059"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-0059"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka...", "vendor": "Microsoft Corporation", "product": "Internet Explorer", "added_date": "2022-03-28T00:00:00.000Z", "cvss_score": 4.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ef48b21c-7de2-4a74-a8fd-2bdab222b239", "vulnerability": {"vulnId": "CVE-2018-8406", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "ef48b21c-7de2-4a74-a8fd-2bdab222b239", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka \"DirectX... | Affected: Microsoft / Windows Server 2016, Windows 10, Windows 10 Servers | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-8406", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8406"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-8406"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka \"DirectX...", "vendor": "Microsoft", "product": "Windows Server 2016, Windows 10, Windows 10 Servers", "added_date": "2022-03-28T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5382f3be-526c-43f3-92f7-1648c2953319", "vulnerability": {"vulnId": "CVE-2018-8440", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "5382f3be-526c-43f3-92f7-1648c2953319", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka \"Windows ALPC... | Affected: Microsoft / Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-8440", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8440"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-8440"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka \"Windows ALPC...", "vendor": "Microsoft", "product": "Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers", "added_date": "2022-03-28T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "57af2f29-3bc8-4f30-aef7-b8bb4f8da113", "vulnerability": {"vulnId": "CVE-2021-34486", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "57af2f29-3bc8-4f30-aef7-b8bb4f8da113", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Event Tracing Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2 | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-34486", "url": "https://www.cve.org/CVERecord?id=CVE-2021-34486"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-34486"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Event Tracing Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2", "added_date": "2022-03-28T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f418c53a-29bd-4b37-8310-82bba384b690", "vulnerability": {"vulnId": "CVE-2018-8405", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "f418c53a-29bd-4b37-8310-82bba384b690", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka \"DirectX... | Affected: Microsoft / Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-8405", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8405"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-8405"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka \"DirectX...", "vendor": "Microsoft", "product": "Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers", "added_date": "2022-03-28T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b8806e6f-fb5f-4e03-ada2-4268aa7c242c", "vulnerability": {"vulnId": "CVE-2021-38646", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "b8806e6f-fb5f-4e03-ada2-4268aa7c242c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | Affected: Microsoft / Microsoft Office 2019, Microsoft 365 Apps for Enterprise, Microsoft Office 2016, Microsoft Office 2013 Service Pack 1 | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-38646", "url": "https://www.cve.org/CVERecord?id=CVE-2021-38646"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-38646"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Microsoft Office 2019, Microsoft 365 Apps for Enterprise, Microsoft Office 2016, Microsoft Office 2013 Service Pack 1", "added_date": "2022-03-28T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "70f3fc2b-1ed9-490b-add6-5b34f38e9550", "vulnerability": {"vulnId": "CVE-2016-0189", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "70f3fc2b-1ed9-490b-add6-5b34f38e9550", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote... | Affected: Microsoft / Internet Explorer | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-0189", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0189"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-0189"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote...", "vendor": "Microsoft", "product": "Internet Explorer", "added_date": "2022-03-28T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "089ea6bc-941c-4e86-8273-07721cdfe320", "vulnerability": {"vulnId": "CVE-2016-11021", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "089ea6bc-941c-4e86-8273-07721cdfe320", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter. | Affected: D-Link / DCS-930L | CVSS: 7.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-11021", "url": "https://www.cve.org/CVERecord?id=CVE-2016-11021"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-11021"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter.", "vendor": "D-Link", "product": "DCS-930L", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 7.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "94fbe24c-c1c4-4373-808c-cfc6ab269272", "vulnerability": {"vulnId": "CVE-2016-10174", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "94fbe24c-c1c4-4373-808c-cfc6ab269272", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This... | Affected: NETGEAR / WNR2000v5 router | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-10174", "url": "https://www.cve.org/CVERecord?id=CVE-2016-10174"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-10174"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This...", "vendor": "NETGEAR", "product": "WNR2000v5 router", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "669fe2ea-ee82-4f24-804d-cf28d2a4b3f0", "vulnerability": {"vulnId": "CVE-2016-0752", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "669fe2ea-ee82-4f24-804d-cf28d2a4b3f0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x... | Affected: Ruby on Rails / Action View | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-0752", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0752"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-0752"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x...", "vendor": "Ruby on Rails", "product": "Action View", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a0a54d5c-311a-47a1-b8b0-9866407ed06d", "vulnerability": {"vulnId": "CVE-2020-1956", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "a0a54d5c-311a-47a1-b8b0-9866407ed06d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user... | Affected: Apache / Kylin | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-1956", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1956"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-1956"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user...", "vendor": "Apache", "product": "Kylin", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2f472eb2-828d-418c-9daa-d6f31258b22e", "vulnerability": {"vulnId": "CVE-2020-2021", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "2f472eb2-828d-418c-9daa-d6f31258b22e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: PAN-OS: Authentication Bypass in SAML Authentication | Affected: Palo Alto Networks / PAN-OS | CVSS: 10.0 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-2021", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2021"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-2021"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "PAN-OS: Authentication Bypass in SAML Authentication", "vendor": "Palo Alto Networks", "product": "PAN-OS", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e5a5a7ed-edf6-409e-9912-9bdc9e1a1837", "vulnerability": {"vulnId": "CVE-2020-2506", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "e5a5a7ed-edf6-409e-9912-9bdc9e1a1837", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: improper access control vulnerability in Helpdesk | Affected: QNAP Systems Inc. / Helpdesk | CVSS: 7.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-2506", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2506"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-2506"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "improper access control vulnerability in Helpdesk", "vendor": "QNAP Systems Inc.", "product": "Helpdesk", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 7.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8079feea-3506-4239-858c-3d780d7ab4eb", "vulnerability": {"vulnId": "CVE-2020-25223", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "8079feea-3506-4239-858c-3d780d7ab4eb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11 | Affected: Sophos / SG UTM | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-25223", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25223"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-25223"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11", "vendor": "Sophos", "product": "SG UTM", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4b7da84d-e555-4699-99e6-b09004f10ee1", "vulnerability": {"vulnId": "CVE-2020-5410", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "4b7da84d-e555-4699-99e6-b09004f10ee1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Directory Traversal with spring-cloud-config-server | Affected: Spring by VMware / Spring Cloud Config | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-5410", "url": "https://www.cve.org/CVERecord?id=CVE-2020-5410"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-5410"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Directory Traversal with spring-cloud-config-server", "vendor": "Spring by VMware", "product": "Spring Cloud Config", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e79dd354-7f68-41de-9129-7ad5f1a4f11c", "vulnerability": {"vulnId": "CVE-2021-22941", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "e79dd354-7f68-41de-9129-7ad5f1a4f11c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise... | Affected: Citrix / Citrix ShareFile storage zones controller | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-22941", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22941"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-22941"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise...", "vendor": "Citrix", "product": "Citrix ShareFile storage zones controller", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9d268cc5-5eea-428f-a10e-f54e971e3ae0", "vulnerability": {"vulnId": "CVE-2022-21999", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "9d268cc5-5eea-428f-a10e-f54e971e3ae0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Print Spooler Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-21999", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21999"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-21999"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Print Spooler Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "113a021c-6113-4465-b2fd-c97afa803441", "vulnerability": {"vulnId": "CVE-2015-0666", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "113a021c-6113-4465-b2fd-c97afa803441", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers... | Affected: Cisco / Prime Data Center Network Manager | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-0666", "url": "https://www.cve.org/CVERecord?id=CVE-2015-0666"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-0666"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers...", "vendor": "Cisco", "product": "Prime Data Center Network Manager", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "38b47542-3876-4bd9-956b-281dc6917803", "vulnerability": {"vulnId": "CVE-2020-7247", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "38b47542-3876-4bd9-956b-281dc6917803", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands... | Affected: OpenBSD / OpenSMTPD | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-7247", "url": "https://www.cve.org/CVERecord?id=CVE-2020-7247"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-7247"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands...", "vendor": "OpenBSD", "product": "OpenSMTPD", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a0488401-2120-4775-a01e-e918cc7c048d", "vulnerability": {"vulnId": "CVE-2022-26318", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "a0488401-2120-4775-a01e-e918cc7c048d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS... | Affected: WatchGuard / Firebox and XTM appliances | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-26318", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26318"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-26318"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS...", "vendor": "WatchGuard", "product": "Firebox and XTM appliances", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a02266be-00ac-4aeb-90a0-54109292f3b2", "vulnerability": {"vulnId": "CVE-2018-8373", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "a02266be-00ac-4aeb-90a0-54109292f3b2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka \"Scripting... | Affected: Microsoft / Internet Explorer 9, Internet Explorer 11, Internet Explorer 10 | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-8373", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8373"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-8373"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka \"Scripting...", "vendor": "Microsoft", "product": "Internet Explorer 9, Internet Explorer 11, Internet Explorer 10", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7d82b704-9e5d-41db-92e7-4c430f7d0623", "vulnerability": {"vulnId": "CVE-2019-12989", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "7d82b704-9e5d-41db-92e7-4c430f7d0623", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection. | Affected: Citrix / SD-WAN | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-12989", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12989"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-12989"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection.", "vendor": "Citrix", "product": "SD-WAN", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "60a1d4cf-8c36-4b9d-aee1-eb75293c5a4a", "vulnerability": {"vulnId": "CVE-2009-0927", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "60a1d4cf-8c36-4b9d-aee1-eb75293c5a4a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute... | Affected: Adobe / Reader and Acrobat | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2009-0927", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0927"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2009-0927"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute...", "vendor": "Adobe", "product": "Reader and Acrobat", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "64050761-e0d6-4967-9a90-7182192644f0", "vulnerability": {"vulnId": "CVE-2010-3035", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "64050761-e0d6-4967-9a90-7182192644f0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers... | Affected: Cisco / IOS XR | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2010-3035", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3035"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2010-3035"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers...", "vendor": "Cisco", "product": "IOS XR", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4399ce39-dcc4-486e-8a58-2ef3b818b094", "vulnerability": {"vulnId": "CVE-2015-4068", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "4399ce39-dcc4-486e-8a58-2ef3b818b094", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of... | Affected: Arcserve / UDP | CVSS: 9.1 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-4068", "url": "https://www.cve.org/CVERecord?id=CVE-2015-4068"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-4068"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of...", "vendor": "Arcserve", "product": "UDP", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 9.1, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8183a547-f2a0-4e96-9523-5cd8815b546c", "vulnerability": {"vulnId": "CVE-2015-3035", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "8183a547-f2a0-4e96-9523-5cd8815b546c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with... | Affected: TP-LINK / Archer C5, Archer C7, Archer C8, Archer C9, TL-WDR3500, TL-WDR3600, TL-WDR4300, TL-WR740N, TL-WR741ND, TL-WR841N, TL-WR841ND | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-3035", "url": "https://www.cve.org/CVERecord?id=CVE-2015-3035"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-3035"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with...", "vendor": "TP-LINK", "product": "Archer C5, Archer C7, Archer C8, Archer C9, TL-WDR3500, TL-WDR3600, TL-WDR4300, TL-WR740N, TL-WR741ND, TL-WR841N, TL-WR841ND", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2e042509-5be4-461e-a2a1-ae4d8562cb30", "vulnerability": {"vulnId": "CVE-2015-1427", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "2e042509-5be4-461e-a2a1-ae4d8562cb30", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism... | Affected: Elastic / Elasticsearch | CVSS: 9.8 (CRITICAL) | EPSS: 0.99906 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-1427", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1427"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-1427"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism...", "vendor": "Elastic", "product": "Elasticsearch", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99906, "cvss_severity": "CRITICAL", "epss_percentile": 0.99964, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ecb89974-f2cc-46f5-9546-99e3c232a316", "vulnerability": {"vulnId": "CVE-2015-1187", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "ecb89974-f2cc-46f5-9546-99e3c232a316", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp. | Affected: D-Link / multiple devices | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-1187", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1187"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-1187"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.", "vendor": "D-Link", "product": "multiple devices", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "df32baa7-2090-4a0d-82f1-1b1df6ca816b", "vulnerability": {"vulnId": "CVE-2005-2773", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "df32baa7-2090-4a0d-82f1-1b1df6ca816b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node... | Affected: HP / OpenView Network Node Manager | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2005-2773", "url": "https://www.cve.org/CVERecord?id=CVE-2005-2773"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2005-2773"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node...", "vendor": "HP", "product": "OpenView Network Node Manager", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "569324bd-fafa-4533-8774-f4e05fb869d3", "vulnerability": {"vulnId": "CVE-2010-2861", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "569324bd-fafa-4533-8774-f4e05fb869d3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read... | Affected: Adobe / ColdFusion | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2010-2861", "url": "https://www.cve.org/CVERecord?id=CVE-2010-2861"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2010-2861"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read...", "vendor": "Adobe", "product": "ColdFusion", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2ca055a7-98e4-4356-8606-6aabef331b7d", "vulnerability": {"vulnId": "CVE-2012-1823", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "2ca055a7-98e4-4356-8606-6aabef331b7d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query... | Affected: PHP / PHP | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2012-1823", "url": "https://www.cve.org/CVERecord?id=CVE-2012-1823"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2012-1823"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query...", "vendor": "PHP", "product": "PHP", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b8072ef8-db47-4546-99c2-f70523c5d6fa", "vulnerability": {"vulnId": "CVE-2013-2251", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "b8072ef8-db47-4546-99c2-f70523c5d6fa", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2)... | Affected: Apache / Struts | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-2251", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2251"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-2251"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2)...", "vendor": "Apache", "product": "Struts", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "bb130bd9-1655-4b18-af51-a501c3fae394", "vulnerability": {"vulnId": "CVE-2014-6287", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "bb130bd9-1655-4b18-af51-a501c3fae394", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to... | Affected: Rejetto / HTTP File Server | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2014-6287", "url": "https://www.cve.org/CVERecord?id=CVE-2014-6287"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-6287"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to...", "vendor": "Rejetto", "product": "HTTP File Server", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4f982684-bed4-4659-8475-a129182d07a2", "vulnerability": {"vulnId": "CVE-2014-6324", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "4f982684-bed4-4659-8475-a129182d07a2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7... | Affected: Microsoft / Windows | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2014-6324", "url": "https://www.cve.org/CVERecord?id=CVE-2014-6324"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-6324"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7...", "vendor": "Microsoft", "product": "Windows", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a39c428c-738e-46c7-930a-b3016eada9a6", "vulnerability": {"vulnId": "CVE-2014-6332", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "a39c428c-738e-46c7-930a-b3016eada9a6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows... | Affected: Microsoft / Windows | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2014-6332", "url": "https://www.cve.org/CVERecord?id=CVE-2014-6332"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-6332"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows...", "vendor": "Microsoft", "product": "Windows", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "fb1ef921-1bb7-45d1-bff0-d626f05efe41", "vulnerability": {"vulnId": "CVE-2013-4810", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "fb1ef921-1bb7-45d1-bff0-d626f05efe41", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote... | Affected: HP / ProCurve Manager | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-4810", "url": "https://www.cve.org/CVERecord?id=CVE-2013-4810"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-4810"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote...", "vendor": "HP", "product": "ProCurve Manager", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4f6c79c6-912a-4e43-be30-f6fbbf1dfd0f", "vulnerability": {"vulnId": "CVE-2010-4345", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "4f6c79c6-912a-4e43-be30-f6fbbf1dfd0f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate... | Affected: Exim / Exim | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2010-4345", "url": "https://www.cve.org/CVERecord?id=CVE-2010-4345"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2010-4345"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate...", "vendor": "Exim", "product": "Exim", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "41765e35-edd1-4c11-81cc-28888a7ecb0e", "vulnerability": {"vulnId": "CVE-2014-0130", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "41765e35-edd1-4c11-81cc-28888a7ecb0e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before... | Affected: Ruby on Rails / Ruby on Rails | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2014-0130", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0130"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-0130"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before...", "vendor": "Ruby on Rails", "product": "Ruby on Rails", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ce7e29db-49f8-4f53-9e31-481feea75051", "vulnerability": {"vulnId": "CVE-2019-11043", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "ce7e29db-49f8-4f53-9e31-481feea75051", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Underflow in PHP-FPM can lead to RCE | Affected: PHP / PHP | CVSS: 8.7 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-11043", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11043"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-11043"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Underflow in PHP-FPM can lead to RCE", "vendor": "PHP", "product": "PHP", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 8.7, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "dd579a7e-4666-4af2-834e-42622bb7ba17", "vulnerability": {"vulnId": "CVE-2009-1151", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "dd579a7e-4666-4af2-834e-42622bb7ba17", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject... | Affected: phpMyAdmin / phpMyAdmin | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2009-1151", "url": "https://www.cve.org/CVERecord?id=CVE-2009-1151"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2009-1151"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject...", "vendor": "phpMyAdmin", "product": "phpMyAdmin", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "50c9be1d-3b27-475d-897c-2355132e234b", "vulnerability": {"vulnId": "CVE-2020-9054", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "50c9be1d-3b27-475d-897c-2355132e234b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: ZyXEL NAS products running firmware version 5.21 and earlier are vulnerable to pre-authentication command injection in weblogin.cgi | Affected: ZyXEL / NAS326, NAS520, NAS540, NAS542, NSA210, NSA220, NSA220+, NSA221, NSA310, NSA320, NSA320S, NSA325, NSA325v2 | CVSS: 9.8 (CRITICAL) | EPSS: 0.99988 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-9054", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9054"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-9054"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "ZyXEL NAS products running firmware version 5.21 and earlier are vulnerable to pre-authentication command injection in weblogin.cgi", "vendor": "ZyXEL", "product": "NAS326, NAS520, NAS540, NAS542, NSA210, NSA220, NSA220+, NSA221, NSA310, NSA320, NSA320S, NSA325, NSA325v2", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99988, "cvss_severity": "CRITICAL", "epss_percentile": 0.99984, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "740062cf-ecc4-46f6-bec1-182d58db6cbb", "vulnerability": {"vulnId": "CVE-2009-2055", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "740062cf-ecc4-46f6-bec1-182d58db6cbb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid... | Affected: Cisco / IOS XR | CVSS: 5.9 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2009-2055", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2055"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2009-2055"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid...", "vendor": "Cisco", "product": "IOS XR", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 5.9, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c9bd0ba3-c832-4265-b99f-4be65fdeb2d3", "vulnerability": {"vulnId": "CVE-2014-3120", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "c9bd0ba3-c832-4265-b99f-4be65fdeb2d3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL... | Affected: Elastic / Elasticsearch | CVSS: 8.1 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2014-3120", "url": "https://www.cve.org/CVERecord?id=CVE-2014-3120"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-3120"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL...", "vendor": "Elastic", "product": "Elasticsearch", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 8.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ca85d5d4-4023-4eb5-9336-a1ad3c0510fb", "vulnerability": {"vulnId": "CVE-2010-4344", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "ca85d5d4-4023-4eb5-9336-a1ad3c0510fb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an... | Affected: Exim / Exim | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2010-4344", "url": "https://www.cve.org/CVERecord?id=CVE-2010-4344"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2010-4344"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an...", "vendor": "Exim", "product": "Exim", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a5b18cf2-3bfd-49b8-bfb7-1341a29e2ef6", "vulnerability": {"vulnId": "CVE-2018-8414", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "a5b18cf2-3bfd-49b8-bfb7-1341a29e2ef6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka \"Windows Shell Remote Code Execution... | Affected: Microsoft / Windows 10 Servers, Windows 10 | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-8414", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8414"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-8414"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka \"Windows Shell Remote Code Execution...", "vendor": "Microsoft", "product": "Windows 10 Servers, Windows 10", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3dcba6ca-d7cd-45a7-9610-65fab9cdfaae", "vulnerability": {"vulnId": "CVE-2019-0903", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "3dcba6ca-d7cd-45a7-9610-65fab9cdfaae", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+... | Affected: Microsoft / Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation) | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-0903", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0903"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-0903"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+...", "vendor": "Microsoft", "product": "Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2b57a264-e7dc-498a-9d16-9f469a985853", "vulnerability": {"vulnId": "CVE-2019-1003030", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "2b57a264-e7dc-498a-9d16-9f469a985853", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml,... | Affected: Jenkins project / Jenkins Pipeline: Groovy Plugin | CVSS: 9.9 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-1003030", "url": "https://www.cve.org/CVERecord?id=CVE-2019-1003030"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-1003030"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml,...", "vendor": "Jenkins project", "product": "Jenkins Pipeline: Groovy Plugin", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 9.9, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "223e3b40-5245-4033-b7c7-4837e25cdf6e", "vulnerability": {"vulnId": "CVE-2021-42237", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "223e3b40-5245-4033-b7c7-4837e25cdf6e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve... | Affected: Sitecore / Sitecore XP | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-42237", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42237"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-42237"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve...", "vendor": "Sitecore", "product": "Sitecore XP", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5b01df1e-6386-4018-8d09-fb6f926495a2", "vulnerability": {"vulnId": "CVE-2022-26143", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "5b01df1e-6386-4018-8d09-fb6f926495a2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain... | Affected: Mitel / MiCollab, MiVoice Business Express | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-26143", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26143"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-26143"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain...", "vendor": "Mitel", "product": "MiCollab, MiVoice Business Express", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "96016b94-4471-4901-ab6a-407c03135cc8", "vulnerability": {"vulnId": "CVE-2016-7892", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "96016b94-4471-4901-ab6a-407c03135cc8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField... | Affected: Adobe / Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-7892", "url": "https://www.cve.org/CVERecord?id=CVE-2016-7892"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-7892"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField...", "vendor": "Adobe", "product": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8331678c-4f03-4b3d-bb66-535ec8e65111", "vulnerability": {"vulnId": "CVE-2017-3881", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "8331678c-4f03-4b3d-bb66-535ec8e65111", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an... | Affected: Cisco / Cisco IOS and IOS XE Software | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-3881", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3881"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-3881"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an...", "vendor": "Cisco", "product": "Cisco IOS and IOS XE Software", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9ffb6f3c-5923-42f3-84b8-668788884d38", "vulnerability": {"vulnId": "CVE-2017-6334", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "9ffb6f3c-5923-42f3-84b8-668788884d38", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via... | Affected: NETGEAR / DGN2200 | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-6334", "url": "https://www.cve.org/CVERecord?id=CVE-2017-6334"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-6334"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via...", "vendor": "NETGEAR", "product": "DGN2200", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "620b23e4-8395-4df0-ad81-dc9c90339dc5", "vulnerability": {"vulnId": "CVE-2018-0125", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "620b23e4-8395-4df0-ad81-dc9c90339dc5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an... | Affected: Cisco / Cisco RV132W and RV134W | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-0125", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0125"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-0125"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an...", "vendor": "Cisco", "product": "Cisco RV132W and RV134W", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "75303acf-177c-4419-a91b-85c122dbaa70", "vulnerability": {"vulnId": "CVE-2018-11138", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "75303acf-177c-4419-a91b-85c122dbaa70", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be... | Affected: Quest / KACE System Management Appliance | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-11138", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11138"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-11138"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be...", "vendor": "Quest", "product": "KACE System Management Appliance", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "59f5e592-b6f8-498b-9919-5a73bedec0e9", "vulnerability": {"vulnId": "CVE-2018-1273", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "59f5e592-b6f8-498b-9919-5a73bedec0e9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability... | Affected: Spring by Pivotal / Spring Framework | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-1273", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1273"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-1273"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability...", "vendor": "Spring by Pivotal", "product": "Spring Framework", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "419301dc-5098-4b30-97e4-971b0d0ec300", "vulnerability": {"vulnId": "CVE-2013-5223", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "419301dc-5098-4b30-97e4-971b0d0ec300", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web... | Affected: D-Link / DSL-2760U Gateway | CVSS: 5.4 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-5223", "url": "https://www.cve.org/CVERecord?id=CVE-2013-5223"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-5223"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web...", "vendor": "D-Link", "product": "DSL-2760U Gateway", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 5.4, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "707761f3-74b9-4a4f-91a8-8961def57288", "vulnerability": {"vulnId": "CVE-2018-0147", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "707761f3-74b9-4a4f-91a8-8961def57288", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to release 5.8 patch 9 could allow an... | Affected: Cisco / Cisco Secure Access Control System | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-0147", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0147"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-0147"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to release 5.8 patch 9 could allow an...", "vendor": "Cisco", "product": "Cisco Secure Access Control System", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c2905435-9002-46c5-8803-b7d1acc3971f", "vulnerability": {"vulnId": "CVE-2017-6316", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "c2905435-9002-46c5-8803-b7d1acc3971f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie.... | Affected: Citrix / NetScaler SD-WAN | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-6316", "url": "https://www.cve.org/CVERecord?id=CVE-2017-6316"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-6316"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie....", "vendor": "Citrix", "product": "NetScaler SD-WAN", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d149bb45-c4d9-4381-940d-91e31b42d3fb", "vulnerability": {"vulnId": "CVE-2017-0146", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "d149bb45-c4d9-4381-940d-91e31b42d3fb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2;... | Affected: Microsoft Corporation / Windows SMB | CVSS: 8.8 (HIGH) | EPSS: 0.89862 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-0146", "url": "https://www.cve.org/CVERecord?id=CVE-2017-0146"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-0146"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2;...", "vendor": "Microsoft Corporation", "product": "Windows SMB", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 8.8, "epss_score": 0.89862, "cvss_severity": "HIGH", "epss_percentile": 0.99777, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9601a722-c84f-48a7-9574-5163bdf4d895", "vulnerability": {"vulnId": "CVE-2017-12615", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "9601a722-c84f-48a7-9574-5163bdf4d895", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default... | Affected: Apache Software Foundation / Apache Tomcat | CVSS: 8.1 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-12615", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12615"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-12615"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default...", "vendor": "Apache Software Foundation", "product": "Apache Tomcat", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 8.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3e429dd5-0d4e-41d6-8b84-fdec34bd90a3", "vulnerability": {"vulnId": "CVE-2017-12617", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "3e429dd5-0d4e-41d6-8b84-fdec34bd90a3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via... | Affected: Apache Software Foundation / Apache Tomcat | CVSS: 8.1 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-12617", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12617"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-12617"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via...", "vendor": "Apache Software Foundation", "product": "Apache Tomcat", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 8.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "fed27f2f-022f-4cfa-a290-6f8301e32d99", "vulnerability": {"vulnId": "CVE-2018-6961", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "fed27f2f-022f-4cfa-a290-6f8301e32d99", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component... | Affected: VMware / NSX SD-WAN by VeloCloud | CVSS: 8.1 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-6961", "url": "https://www.cve.org/CVERecord?id=CVE-2018-6961"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-6961"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component...", "vendor": "VMware", "product": "NSX SD-WAN by VeloCloud", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 8.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6680bef1-f7b5-4044-ab92-110e648dd9cd", "vulnerability": {"vulnId": "CVE-2019-10068", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "6680bef1-f7b5-4044-ab92-110e648dd9cd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to... | Affected: Kentico / Kentico CMS | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-10068", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10068"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-10068"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to...", "vendor": "Kentico", "product": "Kentico CMS", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "fb7d2a1d-f1e7-4c83-9421-f7336066518b", "vulnerability": {"vulnId": "CVE-2019-12991", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "fb7d2a1d-f1e7-4c83-9421-f7336066518b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6). | Affected: Citrix / SD-WAN | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-12991", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12991"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-12991"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).", "vendor": "Citrix", "product": "SD-WAN", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "54ed0670-9f76-401b-a9e3-a2a14ae73e36", "vulnerability": {"vulnId": "CVE-2019-16920", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "54ed0670-9f76-401b-a9e3-a2a14ae73e36", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the... | Affected: D-Link / DIR-655C, DIR-866L, DIR-652, DHP-1565, DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, DIR-825 | CVSS: 9.8 (CRITICAL) | EPSS: 0.99996 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-16920", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16920"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-16920"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the...", "vendor": "D-Link", "product": "DIR-655C, DIR-866L, DIR-652, DHP-1565, DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, DIR-825", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99996, "cvss_severity": "CRITICAL", "epss_percentile": 0.99988, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "38650660-72ad-43f4-8395-9d8415253d02", "vulnerability": {"vulnId": "CVE-2019-2616", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "38650660-72ad-43f4-8395-9d8415253d02", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported... | Affected: Oracle Corporation / BI Publisher (formerly XML Publisher) | CVSS: 7.2 (HIGH) | EPSS: 0.92183 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-2616", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2616"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-2616"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported...", "vendor": "Oracle Corporation", "product": "BI Publisher (formerly XML Publisher)", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 7.2, "epss_score": 0.92183, "cvss_severity": "HIGH", "epss_percentile": 0.99809, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e3ec8768-063a-4030-abb5-39546bdc79bd", "vulnerability": {"vulnId": "CVE-2019-6340", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "e3ec8768-063a-4030-abb5-39546bdc79bd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Drupal core - Highly critical - Remote Code Execution | Affected: Drupal / Drupal Core | CVSS: 8.1 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-6340", "url": "https://www.cve.org/CVERecord?id=CVE-2019-6340"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-6340"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Drupal core - Highly critical - Remote Code Execution", "vendor": "Drupal", "product": "Drupal Core", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 8.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5bdcec02-81a9-46b1-b8d1-97f11caf6734", "vulnerability": {"vulnId": "CVE-2019-15107", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "5bdcec02-81a9-46b1-b8d1-97f11caf6734", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability. | Affected: Webmin / Webmin | CVSS: 9.8 (CRITICAL) | EPSS: 0.99766 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-15107", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15107"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-15107"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.", "vendor": "Webmin", "product": "Webmin", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99766, "cvss_severity": "CRITICAL", "epss_percentile": 0.99955, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f0855ee8-3f2a-47cd-9e2f-ac9a2c8bb9da", "vulnerability": {"vulnId": "CVE-2020-1631", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "f0855ee8-3f2a-47cd-9e2f-ac9a2c8bb9da", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Out of Cycle Security Advisory: Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services | Affected: Juniper Networks / Junos OS | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-1631", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1631"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-1631"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Out of Cycle Security Advisory: Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services", "vendor": "Juniper Networks", "product": "Junos OS", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "79df517e-feb0-4b91-a126-fea2f4bcd393", "vulnerability": {"vulnId": "CVE-2020-9377", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "79df517e-feb0-4b91-a126-fea2f4bcd393", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. NOTE: This vulnerability only affects products that are... | Affected: D-Link / DIR-610 | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-9377", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9377"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-9377"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. NOTE: This vulnerability only affects products that are...", "vendor": "D-Link", "product": "DIR-610", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2be19ed4-39f1-40b1-a08f-756532d7e9fc", "vulnerability": {"vulnId": "CVE-2018-14839", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "2be19ed4-39f1-40b1-a08f-756532d7e9fc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with... | Affected: LG / N1A1 NAS | CVSS: 9.8 (CRITICAL) | EPSS: 0.89354 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-14839", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14839"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-14839"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with...", "vendor": "LG", "product": "N1A1 NAS", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.89354, "cvss_severity": "CRITICAL", "epss_percentile": 0.99765, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "39823461-c8c0-4d88-8371-66d47a118727", "vulnerability": {"vulnId": "CVE-2016-4171", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "39823461-c8c0-4d88-8371-66d47a118727", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as... | Affected: Adobe / Flash Player | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-4171", "url": "https://www.cve.org/CVERecord?id=CVE-2016-4171"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-4171"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d17746e5-09d4-481b-ba3b-abe8faf582ea", "vulnerability": {"vulnId": "CVE-2016-1555", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "d17746e5-09d4-481b-ba3b-abe8faf582ea", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: (1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and... | Affected: Netgear / WN604, WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, WNDAP660 | CVSS: 9.8 (CRITICAL) | EPSS: 0.98325 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-1555", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1555"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-1555"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and...", "vendor": "Netgear", "product": "WN604, WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, WNDAP660", "added_date": "2022-03-25T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.98325, "cvss_severity": "CRITICAL", "epss_percentile": 0.99909, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c18fc1e0-c205-4ced-a211-617557b44c9b", "vulnerability": {"vulnId": "CVE-2015-2546", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-15T00:00:00+00:00"}, "gcve": {"object_uuid": "c18fc1e0-c205-4ced-a211-617557b44c9b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server... | Affected: Microsoft / Windows | CVSS: 8.2 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-2546", "url": "https://www.cve.org/CVERecord?id=CVE-2015-2546"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-2546"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server...", "vendor": "Microsoft", "product": "Windows", "added_date": "2022-03-15T00:00:00.000Z", "cvss_score": 8.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8a344ca3-1989-4bc2-a4f1-e83e46be319b", "vulnerability": {"vulnId": "CVE-2020-5135", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-15T00:00:00+00:00"}, "gcve": {"object_uuid": "8a344ca3-1989-4bc2-a4f1-e83e46be319b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by... | Affected: SonicWall / SonicOS | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-5135", "url": "https://www.cve.org/CVERecord?id=CVE-2020-5135"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-5135"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by...", "vendor": "SonicWall", "product": "SonicOS", "added_date": "2022-03-15T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6ce169a8-9835-46a0-ab4b-f1a81fbcc75a", "vulnerability": {"vulnId": "CVE-2019-1405", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-15T00:00:00+00:00"}, "gcve": {"object_uuid": "6ce169a8-9835-46a0-ab4b-f1a81fbcc75a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka... | Affected: Microsoft / Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-1405", "url": "https://www.cve.org/CVERecord?id=CVE-2019-1405"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-1405"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka...", "vendor": "Microsoft", "product": "Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)", "added_date": "2022-03-15T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "590acc05-6bf6-4a2f-b3f9-201796dd2533", "vulnerability": {"vulnId": "CVE-2019-1322", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-15T00:00:00+00:00"}, "gcve": {"object_uuid": "590acc05-6bf6-4a2f-b3f9-201796dd2533", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of... | Affected: Microsoft / Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-1322", "url": "https://www.cve.org/CVERecord?id=CVE-2019-1322"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-1322"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of...", "vendor": "Microsoft", "product": "Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)", "added_date": "2022-03-15T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a39fdebb-9bf0-4d14-9ece-a61c47a66685", "vulnerability": {"vulnId": "CVE-2019-1315", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-15T00:00:00+00:00"}, "gcve": {"object_uuid": "a39fdebb-9bf0-4d14-9ece-a61c47a66685", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting... | Affected: Microsoft / Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-1315", "url": "https://www.cve.org/CVERecord?id=CVE-2019-1315"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-1315"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting...", "vendor": "Microsoft", "product": "Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)", "added_date": "2022-03-15T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2f404ab0-34bb-4261-9fdb-a912e1f503dc", "vulnerability": {"vulnId": "CVE-2019-1253", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-15T00:00:00+00:00"}, "gcve": {"object_uuid": "2f404ab0-34bb-4261-9fdb-a912e1f503dc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability,... | Affected: Microsoft / Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-1253", "url": "https://www.cve.org/CVERecord?id=CVE-2019-1253"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-1253"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability,...", "vendor": "Microsoft", "product": "Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)", "added_date": "2022-03-15T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3333915e-a1be-46b2-9e6d-116c7df3b201", "vulnerability": {"vulnId": "CVE-2019-1132", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-15T00:00:00+00:00"}, "gcve": {"object_uuid": "3333915e-a1be-46b2-9e6d-116c7df3b201", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k... | Affected: Microsoft / Windows, Windows Server | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-1132", "url": "https://www.cve.org/CVERecord?id=CVE-2019-1132"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-1132"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k...", "vendor": "Microsoft", "product": "Windows, Windows Server", "added_date": "2022-03-15T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "fcac21ba-ef67-4004-ab23-da0f0ad82e07", "vulnerability": {"vulnId": "CVE-2019-1129", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-15T00:00:00+00:00"}, "gcve": {"object_uuid": "fcac21ba-ef67-4004-ab23-da0f0ad82e07", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation... | Affected: Microsoft / Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-1129", "url": "https://www.cve.org/CVERecord?id=CVE-2019-1129"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-1129"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation...", "vendor": "Microsoft", "product": "Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)", "added_date": "2022-03-15T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6833817f-cb19-4b20-a23e-f8d29a609d6d", "vulnerability": {"vulnId": "CVE-2019-1064", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-15T00:00:00+00:00"}, "gcve": {"object_uuid": "6833817f-cb19-4b20-a23e-f8d29a609d6d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1703, Windows 10 Version 1803, Windows Server, version 1803  (Server Core Installation), Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1709 for 32-bit Systems, Windows 10 Version 1709, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation), Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-1064", "url": "https://www.cve.org/CVERecord?id=CVE-2019-1064"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-1064"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1703, Windows 10 Version 1803, Windows Server, version 1803  (Server Core Installation), Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1709 for 32-bit Systems, Windows 10 Version 1709, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation), Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation)", "added_date": "2022-03-15T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "60616426-0943-4d9f-aa29-817e85cf0f4e", "vulnerability": {"vulnId": "CVE-2018-8120", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-15T00:00:00+00:00"}, "gcve": {"object_uuid": "60616426-0943-4d9f-aa29-817e85cf0f4e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \"Win32k... | Affected: Microsoft / Windows Server 2008, Windows 7, Windows Server 2008 R2 | CVSS: 7.0 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-8120", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8120"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-8120"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \"Win32k...", "vendor": "Microsoft", "product": "Windows Server 2008, Windows 7, Windows Server 2008 R2", "added_date": "2022-03-15T00:00:00.000Z", "cvss_score": 7.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7774ddcb-2f1e-40a3-a07b-6b21108099c7", "vulnerability": {"vulnId": "CVE-2016-3309", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-15T00:00:00+00:00"}, "gcve": {"object_uuid": "7774ddcb-2f1e-40a3-a07b-6b21108099c7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold... | Affected: Microsoft / Windows | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-3309", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3309"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-3309"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold...", "vendor": "Microsoft", "product": "Windows", "added_date": "2022-03-15T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b3db7226-46f6-451d-860d-e3ea568a2ee4", "vulnerability": {"vulnId": "CVE-2019-1069", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-15T00:00:00+00:00"}, "gcve": {"object_uuid": "b3db7226-46f6-451d-860d-e3ea568a2ee4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Task Scheduler Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1703, Windows 10 Version 1803, Windows Server, version 1803  (Server Core Installation), Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1709 for 32-bit Systems, Windows 10 Version 1709, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-1069", "url": "https://www.cve.org/CVERecord?id=CVE-2019-1069"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-1069"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Task Scheduler Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1703, Windows 10 Version 1803, Windows Server, version 1803  (Server Core Installation), Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1709 for 32-bit Systems, Windows 10 Version 1709, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation)", "added_date": "2022-03-15T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "09c93cfb-fe88-4f40-9055-c32f4fe094b9", "vulnerability": {"vulnId": "CVE-2017-0101", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-15T00:00:00+00:00"}, "gcve": {"object_uuid": "09c93cfb-fe88-4f40-9055-c32f4fe094b9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The kernel-mode drivers in Transaction Manager in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows... | Affected: Microsoft Corporation / Windows | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-0101", "url": "https://www.cve.org/CVERecord?id=CVE-2017-0101"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-0101"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The kernel-mode drivers in Transaction Manager in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows...", "vendor": "Microsoft Corporation", "product": "Windows", "added_date": "2022-03-15T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "25868475-49da-4a54-ba08-b9e4c31a3920", "vulnerability": {"vulnId": "CVE-2019-0841", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-15T00:00:00+00:00"}, "gcve": {"object_uuid": "25868475-49da-4a54-ba08-b9e4c31a3920", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation... | Affected: Microsoft / Windows, Windows Server | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-0841", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0841"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-0841"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation...", "vendor": "Microsoft", "product": "Windows, Windows Server", "added_date": "2022-03-15T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "121567d6-fd57-4766-b25c-d6b479570bd6", "vulnerability": {"vulnId": "CVE-2019-0543", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-15T00:00:00+00:00"}, "gcve": {"object_uuid": "121567d6-fd57-4766-b25c-d6b479570bd6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka \"Microsoft Windows Elevation of... | Affected: Microsoft / Windows | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-0543", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0543"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-0543"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka \"Microsoft Windows Elevation of...", "vendor": "Microsoft", "product": "Windows", "added_date": "2022-03-15T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d6c4f33f-c5ae-492d-9466-f83800763f09", "vulnerability": {"vulnId": "CVE-2021-20083", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-11T08:00:34+00:00"}, "gcve": {"object_uuid": "d6c4f33f-c5ae-492d-9466-f83800763f09", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-11T08:00:34+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-11T08:00:34+00:00"}, "scope": {"notes": "KEVIntel entry: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-plugin-query-object 2.2.3 allows a malicious... | Affected: jQuery / jquery-plugin-query-object | CVSS: 8.8 (HIGH) | EPSS: 0.02845 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-20083", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20083"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-20083"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-plugin-query-object 2.2.3 allows a malicious...", "vendor": "jQuery", "product": "jquery-plugin-query-object", "added_date": "2022-03-11T08:00:34.000Z", "cvss_score": 8.8, "epss_score": 0.02845, "cvss_severity": "HIGH", "epss_percentile": 0.85462, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "bb612c3e-d1ab-4fdb-8f72-2f79f7ceb704", "vulnerability": {"vulnId": "CVE-2017-6077", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-07T00:00:00+00:00"}, "gcve": {"object_uuid": "bb612c3e-d1ab-4fdb-8f72-2f79f7ceb704", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell... | Affected: NETGEAR / DGN2200 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-6077", "url": "https://www.cve.org/CVERecord?id=CVE-2017-6077"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-6077"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell...", "vendor": "NETGEAR", "product": "DGN2200", "added_date": "2022-03-07T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8fca2ae6-3ee3-4973-8d7d-33e255d18bed", "vulnerability": {"vulnId": "CVE-2019-11581", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-07T00:00:00+00:00"}, "gcve": {"object_uuid": "8fca2ae6-3ee3-4973-8d7d-33e255d18bed", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions.... | Affected: Atlassian / Jira Server and Data Center | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-11581", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11581"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-11581"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions....", "vendor": "Atlassian", "product": "Jira Server and Data Center", "added_date": "2022-03-07T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2b5c4193-556d-4ea6-a2b8-928ec22b567a", "vulnerability": {"vulnId": "CVE-2021-21973", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-07T00:00:00+00:00"}, "gcve": {"object_uuid": "2b5c4193-556d-4ea6-a2b8-928ec22b567a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server... | Affected: VMware / VMware vCenter Server, VMware Cloud Foundation | CVSS: 5.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-21973", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21973"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-21973"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server...", "vendor": "VMware", "product": "VMware vCenter Server, VMware Cloud Foundation", "added_date": "2022-03-07T00:00:00.000Z", "cvss_score": 5.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e6eef2b7-cb40-4f8e-9b75-5780cc59782f", "vulnerability": {"vulnId": "CVE-2022-26485", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-07T00:00:00+00:00"}, "gcve": {"object_uuid": "e6eef2b7-cb40-4f8e-9b75-5780cc59782f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing... | Affected: Mozilla / Firefox, Firefox ESR, Firefox for Android, Thunderbird, Focus | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-26485", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26485"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-26485"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing...", "vendor": "Mozilla", "product": "Firefox, Firefox ESR, Firefox for Android, Thunderbird, Focus", "added_date": "2022-03-07T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "33bf8938-1a16-4f0e-bba5-01d5ebe699c7", "vulnerability": {"vulnId": "CVE-2013-0625", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-07T00:00:00+00:00"}, "gcve": {"object_uuid": "33bf8938-1a16-4f0e-bba5-01d5ebe699c7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute... | Affected: Adobe / ColdFusion | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-0625", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0625"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-0625"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute...", "vendor": "Adobe", "product": "ColdFusion", "added_date": "2022-03-07T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "317169fa-7c29-4f0e-96df-8781afb9f240", "vulnerability": {"vulnId": "CVE-2013-0631", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-07T00:00:00+00:00"}, "gcve": {"object_uuid": "317169fa-7c29-4f0e-96df-8781afb9f240", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in... | Affected: Adobe / ColdFusion | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-0631", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0631"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-0631"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in...", "vendor": "Adobe", "product": "ColdFusion", "added_date": "2022-03-07T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "965eda4d-6304-410d-a79f-4118aed5f902", "vulnerability": {"vulnId": "CVE-2013-0629", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-07T00:00:00+00:00"}, "gcve": {"object_uuid": "965eda4d-6304-410d-a79f-4118aed5f902", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified... | Affected: Adobe / ColdFusion | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-0629", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0629"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-0629"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified...", "vendor": "Adobe", "product": "ColdFusion", "added_date": "2022-03-07T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4410693e-bcf2-441b-b02d-8dca396d64de", "vulnerability": {"vulnId": "CVE-2020-8218", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-07T00:00:00+00:00"}, "gcve": {"object_uuid": "4410693e-bcf2-441b-b02d-8dca396d64de", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code... | Affected: Pulse Secure / Pulse Connect Secure | CVSS: 7.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-8218", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8218"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-8218"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code...", "vendor": "Pulse Secure", "product": "Pulse Connect Secure", "added_date": "2022-03-07T00:00:00.000Z", "cvss_score": 7.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "fa1ac7c3-9642-43ee-9905-af64e0478ae4", "vulnerability": {"vulnId": "CVE-2016-6277", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-07T00:00:00+00:00"}, "gcve": {"object_uuid": "fa1ac7c3-9642-43ee-9905-af64e0478ae4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before... | Affected: NETGEAR / Routers | CVSS: 8.8 (HIGH) | EPSS: 0.99781 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-6277", "url": "https://www.cve.org/CVERecord?id=CVE-2016-6277"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-6277"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before...", "vendor": "NETGEAR", "product": "Routers", "added_date": "2022-03-07T00:00:00.000Z", "cvss_score": 8.8, "epss_score": 0.99781, "cvss_severity": "HIGH", "epss_percentile": 0.99955, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "1914e9c9-64af-41e9-ae5e-ad8815c978ea", "vulnerability": {"vulnId": "CVE-2022-26486", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-07T00:00:00+00:00"}, "gcve": {"object_uuid": "1914e9c9-64af-41e9-ae5e-ad8815c978ea", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in... | Affected: Mozilla / Firefox, Firefox ESR, Firefox for Android, Thunderbird, Focus | CVSS: 9.6 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-26486", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26486"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-26486"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in...", "vendor": "Mozilla", "product": "Firefox, Firefox ESR, Firefox for Android, Thunderbird, Focus", "added_date": "2022-03-07T00:00:00.000Z", "cvss_score": 9.6, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "1ed6f0f0-bd11-42f6-959b-e272ae0da313", "vulnerability": {"vulnId": "CVE-2009-3960", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-07T00:00:00+00:00"}, "gcve": {"object_uuid": "1ed6f0f0-bd11-42f6-959b-e272ae0da313", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-07T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0,... | Affected: Adobe / BlazeDS | CVSS: 6.5 (MEDIUM) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2009-3960", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3960"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2009-3960"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0,...", "vendor": "Adobe", "product": "BlazeDS", "added_date": "2022-03-07T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b1b53a58-9e87-4d5b-9bf3-cdc5b640ec63", "vulnerability": {"vulnId": "CVE-2017-12238", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "b1b53a58-9e87-4d5b-9bf3-cdc5b640ec63", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Cisco Catalyst 6800 Series Switches could allow... | Affected: Cisco / Cisco IOS | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-12238", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12238"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-12238"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Cisco Catalyst 6800 Series Switches could allow...", "vendor": "Cisco", "product": "Cisco IOS", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "58d5566f-70b7-40d0-87e6-f0b652d7f7ce", "vulnerability": {"vulnId": "CVE-2017-12240", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "58d5566f-70b7-40d0-87e6-f0b652d7f7ce", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated,... | Affected: Cisco / Cisco IOS and IOS XE | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-12240", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12240"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-12240"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated,...", "vendor": "Cisco", "product": "Cisco IOS and IOS XE", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2249b39b-cd04-4ded-a3a4-01aef2457dd1", "vulnerability": {"vulnId": "CVE-2008-3431", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2249b39b-cd04-4ded-a3a4-01aef2457dd1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and... | Affected: Sun / xVM VirtualBox | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2008-3431", "url": "https://www.cve.org/CVERecord?id=CVE-2008-3431"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2008-3431"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and...", "vendor": "Sun", "product": "xVM VirtualBox", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ff8ef4e3-9ee3-47b4-b32e-39e332da5f47", "vulnerability": {"vulnId": "CVE-2010-0232", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "ff8ef4e3-9ee3-47b4-b32e-39e332da5f47", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows... | Affected: Microsoft / Windows | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2010-0232", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0232"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2010-0232"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows...", "vendor": "Microsoft", "product": "Windows", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "85c077a7-9cd0-4b1c-910f-c612446d58c7", "vulnerability": {"vulnId": "CVE-2010-3333", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "85c077a7-9cd0-4b1c-910f-c612446d58c7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac... | Affected: Microsoft / Office | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2010-3333", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3333"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2010-3333"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac...", "vendor": "Microsoft", "product": "Office", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7af2af0b-5f86-421d-b3ec-48de7a4d7467", "vulnerability": {"vulnId": "CVE-2011-0611", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "7af2af0b-5f86-421d-b3ec-48de7a4d7467", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140;... | Affected: Adobe / Flash Player, AIR, Reader, Acrobat | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2011-0611", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0611"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2011-0611"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140;...", "vendor": "Adobe", "product": "Flash Player, AIR, Reader, Acrobat", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0347d0e0-85f3-4735-975b-18d5e9c557a0", "vulnerability": {"vulnId": "CVE-2017-12237", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "0347d0e0-85f3-4735-975b-18d5e9c557a0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS 15.0 through 15.6 and Cisco IOS XE 3.5 through 16.5 could allow... | Affected: Cisco / Cisco IOS and IOS XE | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-12237", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12237"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-12237"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS 15.0 through 15.6 and Cisco IOS XE 3.5 through 16.5 could allow...", "vendor": "Cisco", "product": "Cisco IOS and IOS XE", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a359e153-74a5-4271-a7c5-c38267af987e", "vulnerability": {"vulnId": "CVE-2017-12235", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a359e153-74a5-4271-a7c5-c38267af987e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS 12.2 through 15.6 could allow an... | Affected: Cisco / Cisco IOS | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-12235", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12235"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-12235"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS 12.2 through 15.6 could allow an...", "vendor": "Cisco", "product": "Cisco IOS", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "dedd5bf8-3689-4614-bd46-016a0c3e68e7", "vulnerability": {"vulnId": "CVE-2017-12234", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "dedd5bf8-3689-4614-bd46-016a0c3e68e7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an... | Affected: Cisco / Cisco IOS | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-12234", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12234"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-12234"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an...", "vendor": "Cisco", "product": "Cisco IOS", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "95552582-54f3-4d42-828e-69ae991f5576", "vulnerability": {"vulnId": "CVE-2011-1889", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "95552582-54f3-4d42-828e-69ae991f5576", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute... | Affected: Microsoft / Forefront Threat Management Gateway 2010 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2011-1889", "url": "https://www.cve.org/CVERecord?id=CVE-2011-1889"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2011-1889"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute...", "vendor": "Microsoft", "product": "Forefront Threat Management Gateway 2010", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4d309b6f-f157-44ad-9474-218e7d3f20b3", "vulnerability": {"vulnId": "CVE-2013-0641", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "4d309b6f-f157-44ad-9474-218e7d3f20b3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute... | Affected: Adobe / Reader and Acrobat | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-0641", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0641"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-0641"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute...", "vendor": "Adobe", "product": "Reader and Acrobat", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "74ffe94c-2d86-4536-b5c2-c729fdde4f70", "vulnerability": {"vulnId": "CVE-2013-1347", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "74ffe94c-2d86-4536-b5c2-c729fdde4f70", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an... | Affected: Microsoft / Internet Explorer 8 | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-1347", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1347"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-1347"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an...", "vendor": "Microsoft", "product": "Internet Explorer 8", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2a2346eb-1450-4c5d-8d58-f9f4e9e2f392", "vulnerability": {"vulnId": "CVE-2022-20700", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2a2346eb-1450-4c5d-8d58-f9f4e9e2f392", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco Small Business RV Series Routers Vulnerabilities | Affected: Cisco / Cisco Small Business RV Series Router Firmware | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-20700", "url": "https://www.cve.org/CVERecord?id=CVE-2022-20700"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-20700"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco Small Business RV Series Routers Vulnerabilities", "vendor": "Cisco", "product": "Cisco Small Business RV Series Router Firmware", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0435b08e-854c-4009-b350-44d10fbda26a", "vulnerability": {"vulnId": "CVE-2014-0496", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "0435b08e-854c-4009-b350-44d10fbda26a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allows attackers to... | Affected: Adobe / Reader and Acrobat | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2014-0496", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0496"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-0496"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allows attackers to...", "vendor": "Adobe", "product": "Reader and Acrobat", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4917926a-125d-4784-94bb-fef02f27ce16", "vulnerability": {"vulnId": "CVE-2014-4114", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "4917926a-125d-4784-94bb-fef02f27ce16", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and... | Affected: Microsoft / Windows | CVSS: 7.8 (HIGH) | EPSS: 0.81628 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2014-4114", "url": "https://www.cve.org/CVERecord?id=CVE-2014-4114"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-4114"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and...", "vendor": "Microsoft", "product": "Windows", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": 0.81628, "cvss_severity": "HIGH", "epss_percentile": 0.99597, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "406041a2-5d23-4ea3-ae20-99a149b35c90", "vulnerability": {"vulnId": "CVE-2011-3544", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "406041a2-5d23-4ea3-ae20-99a149b35c90", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote... | Affected: Oracle / Java SE | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2011-3544", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3544"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2011-3544"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote...", "vendor": "Oracle", "product": "Java SE", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7bfa60f6-3cb2-4a8f-9fb9-29e5c7861ed8", "vulnerability": {"vulnId": "CVE-2016-8562", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "7bfa60f6-3cb2-4a8f-9fb9-29e5c7861ed8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Under... | Affected: Siemens / SIMATIC CP 1543-1, SIPLUS NET CP 1543-1 | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-8562", "url": "https://www.cve.org/CVERecord?id=CVE-2016-8562"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-8562"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Under...", "vendor": "Siemens", "product": "SIMATIC CP 1543-1, SIPLUS NET CP 1543-1", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3f71e90c-bcd8-4e04-9015-f5abc3ad8064", "vulnerability": {"vulnId": "CVE-2015-2590", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "3f71e90c-bcd8-4e04-9015-f5abc3ad8064", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect... | Affected: Oracle / Java SE | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-2590", "url": "https://www.cve.org/CVERecord?id=CVE-2015-2590"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-2590"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect...", "vendor": "Oracle", "product": "Java SE", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cc05bf82-c939-4cd9-a729-0df716601c82", "vulnerability": {"vulnId": "CVE-2013-0632", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "cc05bf82-c939-4cd9-a729-0df716601c82", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary... | Affected: Adobe / ColdFusion | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-0632", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0632"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-0632"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary...", "vendor": "Adobe", "product": "ColdFusion", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5522b4c4-a0d2-4dd6-b06e-ae1de15c5bd5", "vulnerability": {"vulnId": "CVE-2015-2387", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "5522b4c4-a0d2-4dd6-b06e-ae1de15c5bd5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1,... | Affected: Microsoft / Windows | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-2387", "url": "https://www.cve.org/CVERecord?id=CVE-2015-2387"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-2387"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1,...", "vendor": "Microsoft", "product": "Windows", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cb562ce0-9d43-4c4c-b8cb-459f56ab808d", "vulnerability": {"vulnId": "CVE-2012-1856", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "cb562ce0-9d43-4c4c-b8cb-459f56ab808d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2... | Affected: Microsoft / Office | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2012-1856", "url": "https://www.cve.org/CVERecord?id=CVE-2012-1856"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2012-1856"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2...", "vendor": "Microsoft", "product": "Office", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "67cd75cb-cc14-4704-86a5-0b3ff509a6a4", "vulnerability": {"vulnId": "CVE-2015-7645", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "67cd75cb-cc14-4704-86a5-0b3ff509a6a4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote... | Affected: Adobe / Flash Player | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-7645", "url": "https://www.cve.org/CVERecord?id=CVE-2015-7645"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-7645"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b7f1d364-d5aa-4ea2-b72b-a906a2845344", "vulnerability": {"vulnId": "CVE-2016-7262", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "b7f1d364-d5aa-4ea2-b72b-a906a2845344", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow... | Affected: Microsoft / Excel | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-7262", "url": "https://www.cve.org/CVERecord?id=CVE-2016-7262"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-7262"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow...", "vendor": "Microsoft", "product": "Excel", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2fc5363f-827e-437f-b27a-3a5c1d1e79cd", "vulnerability": {"vulnId": "CVE-2017-0001", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2fc5363f-827e-437f-b27a-3a5c1d1e79cd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server... | Affected: Microsoft Corporation / Windows GDI | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-0001", "url": "https://www.cve.org/CVERecord?id=CVE-2017-0001"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-0001"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server...", "vendor": "Microsoft Corporation", "product": "Windows GDI", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cff9dc83-67a9-4108-a216-861cb2acc841", "vulnerability": {"vulnId": "CVE-2004-0210", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "cff9dc83-67a9-4108-a216-861cb2acc841", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by... | Affected: Microsoft / Windows NT, Windows 2000 | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2004-0210", "url": "https://www.cve.org/CVERecord?id=CVE-2004-0210"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2004-0210"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by...", "vendor": "Microsoft", "product": "Windows NT, Windows 2000", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7386b5ec-a3aa-4fe4-8e87-f43beab4027f", "vulnerability": {"vulnId": "CVE-2009-1123", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "7386b5ec-a3aa-4fe4-8e87-f43beab4027f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate... | Affected: Microsoft / Windows | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2009-1123", "url": "https://www.cve.org/CVERecord?id=CVE-2009-1123"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2009-1123"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate...", "vendor": "Microsoft", "product": "Windows", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "fb44cff8-d47d-4e63-821b-0c3af59c005a", "vulnerability": {"vulnId": "CVE-2009-3129", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "fb44cff8-d47d-4e63-821b-0c3af59c005a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel... | Affected: Microsoft / Office Excel | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2009-3129", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3129"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2009-3129"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel...", "vendor": "Microsoft", "product": "Office Excel", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e33688ad-f1e2-436f-8f81-05510bae1b97", "vulnerability": {"vulnId": "CVE-2010-0188", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e33688ad-f1e2-436f-8f81-05510bae1b97", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service... | Affected: Adobe / Reader and Acrobat | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2010-0188", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0188"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2010-0188"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service...", "vendor": "Adobe", "product": "Reader and Acrobat", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6d369b58-b718-4c7c-9081-5aef6d9d095a", "vulnerability": {"vulnId": "CVE-2018-0151", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "6d369b58-b718-4c7c-9081-5aef6d9d095a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote... | Affected: Cisco / Cisco IOS and IOS XE | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-0151", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0151"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-0151"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote...", "vendor": "Cisco", "product": "Cisco IOS and IOS XE", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "39546ad7-4cdf-4937-bc19-18e10c7eb7bc", "vulnerability": {"vulnId": "CVE-2017-6744", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "39546ad7-4cdf-4937-bc19-18e10c7eb7bc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an... | Affected: Cisco, IntelliShield / IOS, Universal Product | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-6744", "url": "https://www.cve.org/CVERecord?id=CVE-2017-6744"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-6744"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an...", "vendor": "Cisco, IntelliShield", "product": "IOS, Universal Product", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c765c71b-d840-457b-bf6c-110814313101", "vulnerability": {"vulnId": "CVE-2016-0099", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "c765c71b-d840-457b-bf6c-110814313101", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012... | Affected: Microsoft / Windows | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-0099", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0099"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-0099"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012...", "vendor": "Microsoft", "product": "Windows", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2d75fbc0-6089-4ffa-8087-49caf164e4c2", "vulnerability": {"vulnId": "CVE-2015-2424", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2d75fbc0-6089-4ffa-8087-49caf164e4c2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1... | Affected: Microsoft / Office | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-2424", "url": "https://www.cve.org/CVERecord?id=CVE-2015-2424"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-2424"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1...", "vendor": "Microsoft", "product": "Office", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "624385f3-5a85-43ec-9b4b-9adc5bc262b6", "vulnerability": {"vulnId": "CVE-2013-5065", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "624385f3-5a85-43ec-9b4b-9adc5bc262b6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application,... | Affected: Microsoft / Windows | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-5065", "url": "https://www.cve.org/CVERecord?id=CVE-2013-5065"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-5065"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application,...", "vendor": "Microsoft", "product": "Windows", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "22c416fd-3ac4-4196-8a4d-7bb99c8b99eb", "vulnerability": {"vulnId": "CVE-2017-6739", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "22c416fd-3ac4-4196-8a4d-7bb99c8b99eb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely... | Affected: IntelliShield / Universal Product | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-6739", "url": "https://www.cve.org/CVERecord?id=CVE-2017-6739"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-6739"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely...", "vendor": "IntelliShield", "product": "Universal Product", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "fdd05055-29b3-48c1-9352-7359a81989aa", "vulnerability": {"vulnId": "CVE-2013-3346", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "fdd05055-29b3-48c1-9352-7359a81989aa", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial... | Affected: Adobe / Reader and Acrobat | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-3346", "url": "https://www.cve.org/CVERecord?id=CVE-2013-3346"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-3346"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial...", "vendor": "Adobe", "product": "Reader and Acrobat", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b8e342d0-281e-4abb-9156-afd242af8bbb", "vulnerability": {"vulnId": "CVE-2018-0167", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "b8e342d0-281e-4abb-9156-afd242af8bbb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and... | Affected: Cisco / Cisco IOS, IOS XE, and IOS XR | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-0167", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0167"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-0167"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and...", "vendor": "Cisco", "product": "Cisco IOS, IOS XE, and IOS XR", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "defe66e4-c8ad-49e0-90cb-6bacd665edd8", "vulnerability": {"vulnId": "CVE-2018-0161", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "defe66e4-c8ad-49e0-90cb-6bacd665edd8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst... | Affected: Cisco / Cisco IOS | CVSS: 6.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-0161", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0161"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-0161"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst...", "vendor": "Cisco", "product": "Cisco IOS", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 6.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7953de0c-0ad2-4585-99f1-c44540d44baa", "vulnerability": {"vulnId": "CVE-2017-6736", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "7953de0c-0ad2-4585-99f1-c44540d44baa", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an... | Affected: Cisco, IntelliShield / IOS, Universal Product | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-6736", "url": "https://www.cve.org/CVERecord?id=CVE-2017-6736"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-6736"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an...", "vendor": "Cisco, IntelliShield", "product": "IOS, Universal Product", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "1cb594d2-8312-4311-a1ca-c62b04ac11f9", "vulnerability": {"vulnId": "CVE-2018-0154", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "1cb594d2-8312-4311-a1ca-c62b04ac11f9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an... | Affected: Cisco / Cisco IOS | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-0154", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0154"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-0154"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an...", "vendor": "Cisco", "product": "Cisco IOS", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "90a1d1c1-8f95-4085-8ad8-d8e324e9bfeb", "vulnerability": {"vulnId": "CVE-2017-8540", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "90a1d1c1-8f95-4085-8ad8-d8e324e9bfeb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1,... | Affected: Microsoft Corporation / Malware Protection Engine | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-8540", "url": "https://www.cve.org/CVERecord?id=CVE-2017-8540"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-8540"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1,...", "vendor": "Microsoft Corporation", "product": "Malware Protection Engine", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f76276af-b5f5-4e1d-ab63-c30ccb41114f", "vulnerability": {"vulnId": "CVE-2017-6743", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "f76276af-b5f5-4e1d-ab63-c30ccb41114f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an... | Affected: Cisco, IntelliShield / IOS, Universal Product | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-6743", "url": "https://www.cve.org/CVERecord?id=CVE-2017-6743"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-6743"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an...", "vendor": "Cisco, IntelliShield", "product": "IOS, Universal Product", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "85fefa33-5d55-451f-bfa5-86ef4757ac48", "vulnerability": {"vulnId": "CVE-2017-6740", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "85fefa33-5d55-451f-bfa5-86ef4757ac48", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an... | Affected: Cisco, IntelliShield / IOS, Universal Product | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-6740", "url": "https://www.cve.org/CVERecord?id=CVE-2017-6740"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-6740"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an...", "vendor": "Cisco, IntelliShield", "product": "IOS, Universal Product", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "bcdbf2bc-2176-409e-8b4f-4c22940c5773", "vulnerability": {"vulnId": "CVE-2017-6738", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "bcdbf2bc-2176-409e-8b4f-4c22940c5773", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an... | Affected: Cisco / IOS, Cisco IOS XE Software | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-6738", "url": "https://www.cve.org/CVERecord?id=CVE-2017-6738"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-6738"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an...", "vendor": "Cisco", "product": "IOS, Cisco IOS XE Software", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3a2ccf32-c72a-467f-a8f3-488cf28769b7", "vulnerability": {"vulnId": "CVE-2017-6737", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "3a2ccf32-c72a-467f-a8f3-488cf28769b7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely... | Affected: Cisco / IOS | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-6737", "url": "https://www.cve.org/CVERecord?id=CVE-2017-6737"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-6737"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely...", "vendor": "Cisco", "product": "IOS", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8dcf8532-d553-4fd6-b9a8-e7f34faed401", "vulnerability": {"vulnId": "CVE-2017-6663", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "8dcf8532-d553-4fd6-b9a8-e7f34faed401", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent... | Affected: Cisco / Cisco IOS and IOS XE | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-6663", "url": "https://www.cve.org/CVERecord?id=CVE-2017-6663"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-6663"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent...", "vendor": "Cisco", "product": "Cisco IOS and IOS XE", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4f823958-a5ab-4b9c-b10d-7ccc169c632a", "vulnerability": {"vulnId": "CVE-2017-6627", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "4f823958-a5ab-4b9c-b10d-7ccc169c632a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the UDP processing code of Cisco IOS 15.1, 15.2, and 15.4 and IOS XE 3.14 through 3.18 could allow an unauthenticated, remote... | Affected: Cisco / Cisco IOS and Cisco IOS XE | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-6627", "url": "https://www.cve.org/CVERecord?id=CVE-2017-6627"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-6627"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the UDP processing code of Cisco IOS 15.1, 15.2, and 15.4 and IOS XE 3.14 through 3.18 could allow an unauthenticated, remote...", "vendor": "Cisco", "product": "Cisco IOS and Cisco IOS XE", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7cbad70b-4085-4125-9e9c-2d78d2d44978", "vulnerability": {"vulnId": "CVE-2017-12319", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "7cbad70b-4085-4125-9e9c-2d78d2d44978", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an... | Affected: Cisco / Cisco IOS XE | CVSS: 5.9 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-12319", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12319"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-12319"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an...", "vendor": "Cisco", "product": "Cisco IOS XE", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 5.9, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "765f8739-32eb-4c55-a312-a4e560f64cb3", "vulnerability": {"vulnId": "CVE-2015-4902", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "765f8739-32eb-4c55-a312-a4e560f64cb3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to... | Affected: Oracle / Java SE | CVSS: 5.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-4902", "url": "https://www.cve.org/CVERecord?id=CVE-2015-4902"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-4902"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to...", "vendor": "Oracle", "product": "Java SE", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 5.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5d16105e-7bd2-4a26-9038-f826502b2ee4", "vulnerability": {"vulnId": "CVE-2013-3897", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "5d16105e-7bd2-4a26-9038-f826502b2ee4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to... | Affected: Microsoft / Internet Explorer | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-3897", "url": "https://www.cve.org/CVERecord?id=CVE-2013-3897"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-3897"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to...", "vendor": "Microsoft", "product": "Internet Explorer", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c74a0254-9b25-4bb5-a3ad-a7f2d3e1ffe7", "vulnerability": {"vulnId": "CVE-2022-20708", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "c74a0254-9b25-4bb5-a3ad-a7f2d3e1ffe7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco Small Business RV Series Routers Vulnerabilities | Affected: Cisco / Cisco Small Business RV Series Router Firmware | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-20708", "url": "https://www.cve.org/CVERecord?id=CVE-2022-20708"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-20708"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco Small Business RV Series Routers Vulnerabilities", "vendor": "Cisco", "product": "Cisco Small Business RV Series Router Firmware", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "37d44bdd-b3cd-4e99-80a3-8a0f378d1783", "vulnerability": {"vulnId": "CVE-2022-20703", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "37d44bdd-b3cd-4e99-80a3-8a0f378d1783", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco Small Business RV Series Routers Vulnerabilities | Affected: Cisco / Cisco Small Business RV Series Router Firmware | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-20703", "url": "https://www.cve.org/CVERecord?id=CVE-2022-20703"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-20703"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco Small Business RV Series Routers Vulnerabilities", "vendor": "Cisco", "product": "Cisco Small Business RV Series Router Firmware", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "aaf62061-ba01-42a6-93db-de6d04d05bd5", "vulnerability": {"vulnId": "CVE-2015-5119", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "aaf62061-ba01-42a6-93db-de6d04d05bd5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and... | Affected: Adobe / Flash Player | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-5119", "url": "https://www.cve.org/CVERecord?id=CVE-2015-5119"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-5119"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c71a3d99-9940-419f-8762-09319fdd023f", "vulnerability": {"vulnId": "CVE-2016-4117", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "c71a3d99-9940-419f-8762-09319fdd023f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in... | Affected: Adobe / Flash Player | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-4117", "url": "https://www.cve.org/CVERecord?id=CVE-2016-4117"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-4117"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0cde718e-5e8b-4eb5-b347-8b3c7d5c3aa1", "vulnerability": {"vulnId": "CVE-2022-20701", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "0cde718e-5e8b-4eb5-b347-8b3c7d5c3aa1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco Small Business RV Series Routers Vulnerabilities | Affected: Cisco / Cisco Small Business RV Series Router Firmware | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-20701", "url": "https://www.cve.org/CVERecord?id=CVE-2022-20701"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-20701"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco Small Business RV Series Routers Vulnerabilities", "vendor": "Cisco", "product": "Cisco Small Business RV Series Router Firmware", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6f246f6a-e2dd-43ae-828a-48ae53cdfc65", "vulnerability": {"vulnId": "CVE-2012-4681", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "6f246f6a-e2dd-43ae-828a-48ae53cdfc65", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute... | Affected: Oracle / Java SE | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2012-4681", "url": "https://www.cve.org/CVERecord?id=CVE-2012-4681"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2012-4681"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute...", "vendor": "Oracle", "product": "Java SE", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cce7acb4-ed80-4421-aae7-bfe720a87fd0", "vulnerability": {"vulnId": "CVE-2002-0367", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "cce7acb4-ed80-4421-aae7-bfe720a87fd0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows... | Affected: Microsoft / Windows | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2002-0367", "url": "https://www.cve.org/CVERecord?id=CVE-2002-0367"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2002-0367"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows...", "vendor": "Microsoft", "product": "Windows", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e9046dd7-4647-4b1f-909c-2a71cb79134b", "vulnerability": {"vulnId": "CVE-2008-2992", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e9046dd7-4647-4b1f-909c-2a71cb79134b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that... | Affected: Adobe / Acrobat and Reader | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2008-2992", "url": "https://www.cve.org/CVERecord?id=CVE-2008-2992"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2008-2992"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that...", "vendor": "Adobe", "product": "Acrobat and Reader", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c12a4135-e56a-4d8d-b800-ba1cba899bc9", "vulnerability": {"vulnId": "CVE-2012-0507", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "c12a4135-e56a-4d8d-b800-ba1cba899bc9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and... | Affected: Oracle / Java SE | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2012-0507", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0507"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2012-0507"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and...", "vendor": "Oracle", "product": "Java SE", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "bca26b21-a190-4f43-8b42-c350b028da17", "vulnerability": {"vulnId": "CVE-2016-1019", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "bca26b21-a190-4f43-8b42-c350b028da17", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary... | Affected: Adobe / Flash Player | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-1019", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1019"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-1019"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "46d011ae-d567-4afc-b58e-66c5972793cb", "vulnerability": {"vulnId": "CVE-2017-0261", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "46d011ae-d567-4afc-b58e-66c5972793cb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle... | Affected: Microsoft Corporation / Microsoft Office | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-0261", "url": "https://www.cve.org/CVERecord?id=CVE-2017-0261"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-0261"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle...", "vendor": "Microsoft Corporation", "product": "Microsoft Office", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "796d542e-d61d-4224-9bb4-cfb4c005beb8", "vulnerability": {"vulnId": "CVE-2012-1723", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "796d542e-d61d-4224-9bb4-cfb4c005beb8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5... | Affected: Oracle / Java SE | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2012-1723", "url": "https://www.cve.org/CVERecord?id=CVE-2012-1723"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2012-1723"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5...", "vendor": "Oracle", "product": "Java SE", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c68244bf-33ac-4e8e-a939-95f670703bc2", "vulnerability": {"vulnId": "CVE-2017-12233", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "c68244bf-33ac-4e8e-a939-95f670703bc2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an... | Affected: Cisco / Cisco IOS | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-12233", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12233"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-12233"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an...", "vendor": "Cisco", "product": "Cisco IOS", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6a73d725-e404-41ff-97ca-37fbb2d6fb98", "vulnerability": {"vulnId": "CVE-2017-12231", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "6a73d725-e404-41ff-97ca-37fbb2d6fb98", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS 12.4 through 15.6 could allow an... | Affected: Cisco / Cisco IOS | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-12231", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12231"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-12231"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS 12.4 through 15.6 could allow an...", "vendor": "Cisco", "product": "Cisco IOS", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ffda0b45-6e3a-4b41-ac39-08d2a6975cb4", "vulnerability": {"vulnId": "CVE-2016-5195", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "ffda0b45-6e3a-4b41-ac39-08d2a6975cb4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling... | Affected: Linux / Linux Kernel | CVSS: 7.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-5195", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5195"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-5195"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling...", "vendor": "Linux", "product": "Linux Kernel", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2def4223-5761-4912-b957-61e8356be433", "vulnerability": {"vulnId": "CVE-2017-11826", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2def4223-5761-4912-b957-61e8356be433", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word... | Affected: Microsoft Corporation / Microsoft Office | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-11826", "url": "https://www.cve.org/CVERecord?id=CVE-2017-11826"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-11826"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word...", "vendor": "Microsoft Corporation", "product": "Microsoft Office", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2c733ced-6456-4fb3-86e0-e49615ca13d5", "vulnerability": {"vulnId": "CVE-2015-1701", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2c733ced-6456-4fb3-86e0-e49615ca13d5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges... | Affected: Microsoft / Windows | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-1701", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1701"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-1701"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges...", "vendor": "Microsoft", "product": "Windows", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "93781652-9dcc-4564-9002-6ef9e2c92570", "vulnerability": {"vulnId": "CVE-2015-1642", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "93781652-9dcc-4564-9002-6ef9e2c92570", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office... | Affected: Microsoft / Office | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-1642", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1642"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-1642"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office...", "vendor": "Microsoft", "product": "Office", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "279b8b4c-778b-4643-bbac-d3f3b63533c9", "vulnerability": {"vulnId": "CVE-2012-1535", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "279b8b4c-778b-4643-bbac-d3f3b63533c9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote... | Affected: Adobe / Flash Player | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2012-1535", "url": "https://www.cve.org/CVERecord?id=CVE-2012-1535"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2012-1535"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "693d96bb-9029-4c04-bc11-390d65a130af", "vulnerability": {"vulnId": "CVE-2022-20699", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "693d96bb-9029-4c04-bc11-390d65a130af", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco Small Business RV Series Routers Vulnerabilities | Affected: Cisco / Cisco Small Business RV Series Router Firmware | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-20699", "url": "https://www.cve.org/CVERecord?id=CVE-2022-20699"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-20699"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco Small Business RV Series Routers Vulnerabilities", "vendor": "Cisco", "product": "Cisco Small Business RV Series Router Firmware", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "77fdc3a4-3362-44f9-9652-42fd3859ef0a", "vulnerability": {"vulnId": "CVE-2021-41379", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "77fdc3a4-3362-44f9-9652-42fd3859ef0a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Installer Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 5.5 (MEDIUM) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-41379", "url": "https://www.cve.org/CVERecord?id=CVE-2021-41379"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-41379"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Installer Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 5.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "57aecba3-ae07-4ddc-9901-4c156254e339", "vulnerability": {"vulnId": "CVE-2017-11292", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "57aecba3-ae07-4ddc-9901-4c156254e339", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in... | Affected: Adobe / Adobe Flash Player version 27.0.0.159 and earlier | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-11292", "url": "https://www.cve.org/CVERecord?id=CVE-2017-11292"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-11292"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in...", "vendor": "Adobe", "product": "Adobe Flash Player version 27.0.0.159 and earlier", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "313840ff-5c99-4cdb-9855-10399e34d0f6", "vulnerability": {"vulnId": "CVE-2015-2545", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "313840ff-5c99-4cdb-9855-10399e34d0f6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted EPS image, aka... | Affected: Microsoft / Office | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-2545", "url": "https://www.cve.org/CVERecord?id=CVE-2015-2545"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-2545"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted EPS image, aka...", "vendor": "Microsoft", "product": "Office", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3bfcc370-11e1-4bfc-9eb2-d6e35f5e61fc", "vulnerability": {"vulnId": "CVE-2015-3043", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "3bfcc370-11e1-4bfc-9eb2-d6e35f5e61fc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers... | Affected: Adobe / Flash Player | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-3043", "url": "https://www.cve.org/CVERecord?id=CVE-2015-3043"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-3043"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2e23a168-8107-4cb6-8e82-bcfdf09c4f07", "vulnerability": {"vulnId": "CVE-2013-0640", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2e23a168-8107-4cb6-8e82-bcfdf09c4f07", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a... | Affected: Adobe / Reader and Acrobat | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-0640", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0640"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-0640"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a...", "vendor": "Adobe", "product": "Reader and Acrobat", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a0f1d4ff-7806-4fde-bbce-1afea71db643", "vulnerability": {"vulnId": "CVE-2020-11899", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a0f1d4ff-7806-4fde-bbce-1afea71db643", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. | Affected: Treck / TCP/IP stack | CVSS: 5.4 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-11899", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11899"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-11899"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.", "vendor": "Treck", "product": "TCP/IP stack", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 5.4, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "18f413fd-0b05-40dc-bf8a-575287743fdf", "vulnerability": {"vulnId": "CVE-2019-16928", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "18f413fd-0b05-40dc-bf8a-575287743fdf", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in... | Affected: Exim / Exim | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-16928", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16928"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-16928"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in...", "vendor": "Exim", "product": "Exim", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e2003683-ee52-43f7-8c80-9f5fe2abcdf4", "vulnerability": {"vulnId": "CVE-2019-1652", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e2003683-ee52-43f7-8c80-9f5fe2abcdf4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability | Affected: Cisco / Cisco Small Business RV Series Router Firmware | CVSS: 7.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-1652", "url": "https://www.cve.org/CVERecord?id=CVE-2019-1652"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-1652"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability", "vendor": "Cisco", "product": "Cisco Small Business RV Series Router Firmware", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2f893516-2d04-49ec-84c2-691364e86348", "vulnerability": {"vulnId": "CVE-2018-8581", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2f893516-2d04-49ec-84c2-691364e86348", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka \"Microsoft Exchange Server Elevation of Privilege Vulnerability.\"... | Affected: Microsoft / Microsoft Exchange Server | CVSS: 7.4 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-8581", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8581"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-8581"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka \"Microsoft Exchange Server Elevation of Privilege Vulnerability.\"...", "vendor": "Microsoft", "product": "Microsoft Exchange Server", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.4, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b2f168ab-3542-481b-8af0-30114693c499", "vulnerability": {"vulnId": "CVE-2018-8298", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "b2f168ab-3542-481b-8af0-30114693c499", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka \"Scripting Engine... | Affected: Microsoft / ChakraCore | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-8298", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8298"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-8298"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka \"Scripting Engine...", "vendor": "Microsoft", "product": "ChakraCore", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9a0f04cc-3bd6-44b8-819e-6b9477a7ca11", "vulnerability": {"vulnId": "CVE-2020-1938", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "9a0f04cc-3bd6-44b8-819e-6b9477a7ca11", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections... | Affected: Apache / Apache Tomcat | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-1938", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1938"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-1938"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections...", "vendor": "Apache", "product": "Apache Tomcat", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "1d6191ea-dde0-4f3c-a311-2da2a5113c0f", "vulnerability": {"vulnId": "CVE-2019-1297", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "1d6191ea-dde0-4f3c-a311-2da2a5113c0f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka... | Affected: Microsoft / Microsoft Excel, Microsoft Office, Office 365 ProPlus | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-1297", "url": "https://www.cve.org/CVERecord?id=CVE-2019-1297"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-1297"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka...", "vendor": "Microsoft", "product": "Microsoft Excel, Microsoft Office, Office 365 ProPlus", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b5c706ba-1367-403e-bef8-0c304f49a091", "vulnerability": {"vulnId": "CVE-2018-0180", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "b5c706ba-1367-403e-bef8-0c304f49a091", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to... | Affected: Cisco / Cisco IOS | CVSS: 5.9 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-0180", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0180"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-0180"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to...", "vendor": "Cisco", "product": "Cisco IOS", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 5.9, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2a32ac44-b109-469d-aa87-c0ca697a3d4b", "vulnerability": {"vulnId": "CVE-2018-0179", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2a32ac44-b109-469d-aa87-c0ca697a3d4b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to... | Affected: Cisco / Cisco IOS | CVSS: 5.9 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-0179", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0179"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-0179"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to...", "vendor": "Cisco", "product": "Cisco IOS", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 5.9, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a356feb8-66a4-47a1-9129-5f604eea4085", "vulnerability": {"vulnId": "CVE-2018-0175", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a356feb8-66a4-47a1-9129-5f604eea4085", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR... | Affected: Cisco / Cisco IOS, IOS XE, and IOS XR | CVSS: 8.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-0175", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0175"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-0175"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR...", "vendor": "Cisco", "product": "Cisco IOS, IOS XE, and IOS XR", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 8.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "45a85de7-e15b-4ea3-b7cf-1bc93aed4eac", "vulnerability": {"vulnId": "CVE-2018-0174", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "45a85de7-e15b-4ea3-b7cf-1bc93aed4eac", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated,... | Affected: Cisco / Cisco IOS and IOS XE | CVSS: 8.6 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-0174", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0174"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-0174"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated,...", "vendor": "Cisco", "product": "Cisco IOS and IOS XE", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 8.6, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7787b768-63a1-44f7-b08f-5cc2fefa8a7d", "vulnerability": {"vulnId": "CVE-2018-0173", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "7787b768-63a1-44f7-b08f-5cc2fefa8a7d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4... | Affected: Cisco / Cisco IOS and IOS XE | CVSS: 8.6 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-0173", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0173"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-0173"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4...", "vendor": "Cisco", "product": "Cisco IOS and IOS XE", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 8.6, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "875a8129-865b-4aa2-9751-7415021f59c0", "vulnerability": {"vulnId": "CVE-2018-0156", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "875a8129-865b-4aa2-9751-7415021f59c0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to... | Affected: Cisco / Cisco IOS and IOS XE | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-0156", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0156"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-0156"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to...", "vendor": "Cisco", "product": "Cisco IOS and IOS XE", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a678ec14-ce5a-4e2d-90b4-9dd142e8ab9c", "vulnerability": {"vulnId": "CVE-2018-0155", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a678ec14-ce5a-4e2d-90b4-9dd142e8ab9c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst... | Affected: Cisco / Cisco IOS and IOS XE | CVSS: 8.6 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-0155", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0155"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-0155"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst...", "vendor": "Cisco", "product": "Cisco IOS and IOS XE", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 8.6, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "08f75233-9c3a-4fc4-8143-1a6861a8faeb", "vulnerability": {"vulnId": "CVE-2017-12232", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "08f75233-9c3a-4fc4-8143-1a6861a8faeb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS 15.0... | Affected: Cisco / Cisco IOS | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-12232", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12232"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-12232"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS 15.0...", "vendor": "Cisco", "product": "Cisco IOS", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "05505571-5106-4d02-bde0-92ee536620a1", "vulnerability": {"vulnId": "CVE-2016-7193", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "05505571-5106-4d02-bde0-92ee536620a1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility... | Affected: Microsoft / Word | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-7193", "url": "https://www.cve.org/CVERecord?id=CVE-2016-7193"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-7193"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility...", "vendor": "Microsoft", "product": "Word", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a406a5b4-079f-4460-8efd-64ff10ca21e7", "vulnerability": {"vulnId": "CVE-2018-0172", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a406a5b4-079f-4460-8efd-64ff10ca21e7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated,... | Affected: Cisco / Cisco IOS and IOS XE | CVSS: 8.6 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-0172", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0172"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-0172"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated,...", "vendor": "Cisco", "product": "Cisco IOS and IOS XE", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 8.6, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e0598e9f-f7ae-4585-b51c-24c8c85d39f4", "vulnerability": {"vulnId": "CVE-2013-1675", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e0598e9f-f7ae-4585-b51c-24c8c85d39f4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly... | Affected: Mozilla / Firefox, Firefox ESR, Thunderbird, Thunderbird ESR | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-1675", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1675"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-1675"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly...", "vendor": "Mozilla", "product": "Firefox, Firefox ESR, Thunderbird, Thunderbird ESR", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a7851a07-6c68-41f4-89e2-0236f5a70240", "vulnerability": {"vulnId": "CVE-2016-7855", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a7851a07-6c68-41f4-89e2-0236f5a70240", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers... | Affected: Adobe / Flash Player | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-7855", "url": "https://www.cve.org/CVERecord?id=CVE-2016-7855"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-7855"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "44935245-ff98-418f-ae9d-2e29b5fb7c06", "vulnerability": {"vulnId": "CVE-2018-0159", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "44935245-ff98-418f-ae9d-2e29b5fb7c06", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software... | Affected: Cisco / Cisco IOS and IOS XE | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-0159", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0159"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-0159"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software...", "vendor": "Cisco", "product": "Cisco IOS and IOS XE", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "234f9c31-20a6-45a6-90e2-38632b6339fe", "vulnerability": {"vulnId": "CVE-2018-0158", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "234f9c31-20a6-45a6-90e2-38632b6339fe", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-03-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an... | Affected: Cisco / Cisco IOS and IOS XE | CVSS: 8.6 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-0158", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0158"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-0158"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an...", "vendor": "Cisco", "product": "Cisco IOS and IOS XE", "added_date": "2022-03-03T00:00:00.000Z", "cvss_score": 8.6, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0bb6521c-6fd3-4022-8b88-7ce4add5ef70", "vulnerability": {"vulnId": "CVE-2014-6352", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-25T00:00:00+00:00"}, "gcve": {"object_uuid": "0bb6521c-6fd3-4022-8b88-7ce4add5ef70", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-02-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and... | Affected: Microsoft / Windows | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2014-6352", "url": "https://www.cve.org/CVERecord?id=CVE-2014-6352"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-6352"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and...", "vendor": "Microsoft", "product": "Windows", "added_date": "2022-02-25T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "57204bc7-afef-44c8-8829-4715bc2b7342", "vulnerability": {"vulnId": "CVE-2017-0222", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-25T00:00:00+00:00"}, "gcve": {"object_uuid": "57204bc7-afef-44c8-8829-4715bc2b7342", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-02-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka \"Internet Explorer Memory Corruption... | Affected: Microsoft Corporation / Internet Explorer | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-0222", "url": "https://www.cve.org/CVERecord?id=CVE-2017-0222"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-0222"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka \"Internet Explorer Memory Corruption...", "vendor": "Microsoft Corporation", "product": "Internet Explorer", "added_date": "2022-02-25T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d906e585-37c5-40ee-be99-00a5737e75ca", "vulnerability": {"vulnId": "CVE-2022-24682", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-25T00:00:00+00:00"}, "gcve": {"object_uuid": "d906e585-37c5-40ee-be99-00a5737e75ca", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-02-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild... | Affected: Zimbra / Collaboration Suite | CVSS: 6.1 (MEDIUM) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-24682", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24682"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-24682"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild...", "vendor": "Zimbra", "product": "Collaboration Suite", "added_date": "2022-02-25T00:00:00.000Z", "cvss_score": 6.1, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0a40987b-aa15-4f57-8ad2-3c6741aac405", "vulnerability": {"vulnId": "CVE-2017-8570", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-25T00:00:00+00:00"}, "gcve": {"object_uuid": "0a40987b-aa15-4f57-8ad2-3c6741aac405", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-02-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka \"Microsoft Office Remote Code... | Affected: Microsoft Corporation / Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, and Microsoft Office 2016. | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-8570", "url": "https://www.cve.org/CVERecord?id=CVE-2017-8570"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-8570"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka \"Microsoft Office Remote Code...", "vendor": "Microsoft Corporation", "product": "Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, and Microsoft Office 2016.", "added_date": "2022-02-25T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c0521bcc-b8de-4caa-9bed-b318b168df9b", "vulnerability": {"vulnId": "CVE-2022-23131", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-22T00:00:00+00:00"}, "gcve": {"object_uuid": "c0521bcc-b8de-4caa-9bed-b318b168df9b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-22T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-02-22T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML | Affected: Zabbix / Frontend | CVSS: 9.1 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-23131", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23131"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-23131"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML", "vendor": "Zabbix", "product": "Frontend", "added_date": "2022-02-22T00:00:00.000Z", "cvss_score": 9.1, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "63790939-572a-4924-9832-5beb7e0b0fdd", "vulnerability": {"vulnId": "CVE-2022-23134", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-22T00:00:00+00:00"}, "gcve": {"object_uuid": "63790939-572a-4924-9832-5beb7e0b0fdd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-22T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-02-22T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Possible view of the setup pages by unauthenticated users if config file already exists | Affected: Zabbix / Frontend | CVSS: 3.7 (LOW) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-23134", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23134"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-23134"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Possible view of the setup pages by unauthenticated users if config file already exists", "vendor": "Zabbix", "product": "Frontend", "added_date": "2022-02-22T00:00:00.000Z", "cvss_score": 3.7, "epss_score": null, "cvss_severity": "LOW", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "fb39b174-83f2-4ded-a36a-719c089ebf49", "vulnerability": {"vulnId": "CVE-2014-1761", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-15T00:00:00+00:00"}, "gcve": {"object_uuid": "fb39b174-83f2-4ded-a36a-719c089ebf49", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-02-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word... | Affected: Microsoft / Word | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2014-1761", "url": "https://www.cve.org/CVERecord?id=CVE-2014-1761"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-1761"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word...", "vendor": "Microsoft", "product": "Word", "added_date": "2022-02-15T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9f655a1a-0e1a-4a60-9a82-ca8de1ec4dce", "vulnerability": {"vulnId": "CVE-2022-0609", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-15T00:00:00+00:00"}, "gcve": {"object_uuid": "9f655a1a-0e1a-4a60-9a82-ca8de1ec4dce", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-02-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-0609", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0609"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-0609"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted...", "vendor": "Google", "product": "Chrome", "added_date": "2022-02-15T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "1e41cac7-ebf3-4e56-bbf0-078793e66f1c", "vulnerability": {"vulnId": "CVE-2018-15982", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-15T00:00:00+00:00"}, "gcve": {"object_uuid": "1e41cac7-ebf3-4e56-bbf0-078793e66f1c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-02-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to... | Affected: Adobe / Flash Player | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-15982", "url": "https://www.cve.org/CVERecord?id=CVE-2018-15982"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-15982"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2022-02-15T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7be039dd-f4b5-4e78-ade5-040d6560cd6c", "vulnerability": {"vulnId": "CVE-2013-3906", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-15T00:00:00+00:00"}, "gcve": {"object_uuid": "7be039dd-f4b5-4e78-ade5-040d6560cd6c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-02-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync... | Affected: Microsoft / Windows, Office, Office Compatibility Pack, Lync | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-3906", "url": "https://www.cve.org/CVERecord?id=CVE-2013-3906"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-3906"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync...", "vendor": "Microsoft", "product": "Windows, Office, Office Compatibility Pack, Lync", "added_date": "2022-02-15T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f80b61d3-4f3f-4230-909d-fa3c31b1b458", "vulnerability": {"vulnId": "CVE-2018-8174", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-15T00:00:00+00:00"}, "gcve": {"object_uuid": "f80b61d3-4f3f-4230-909d-fa3c31b1b458", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-02-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka \"Windows VBScript Engine Remote... | Affected: Microsoft / Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers | CVSS: 7.5 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-8174", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8174"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-8174"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka \"Windows VBScript Engine Remote...", "vendor": "Microsoft", "product": "Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers", "added_date": "2022-02-15T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c14d125d-25dd-4fc4-b48b-e37b432770a0", "vulnerability": {"vulnId": "CVE-2018-20250", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-15T00:00:00+00:00"}, "gcve": {"object_uuid": "c14d125d-25dd-4fc4-b48b-e37b432770a0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-02-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in... | Affected: Check Point Software Technologies Ltd. / WinRAR | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-20250", "url": "https://www.cve.org/CVERecord?id=CVE-2018-20250"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-20250"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in...", "vendor": "Check Point Software Technologies Ltd.", "product": "WinRAR", "added_date": "2022-02-15T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a59e5653-7e21-45f5-9b30-6835e389e6ec", "vulnerability": {"vulnId": "CVE-2022-24086", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-15T00:00:00+00:00"}, "gcve": {"object_uuid": "a59e5653-7e21-45f5-9b30-6835e389e6ec", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-02-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe Commerce checkout improper input validation leads to remote code execution | Affected: Adobe / Magento Commerce | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-24086", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24086"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-24086"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe Commerce checkout improper input validation leads to remote code execution", "vendor": "Adobe", "product": "Magento Commerce", "added_date": "2022-02-15T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "fc817c02-1bbd-4b3d-8d5a-e445ced2aaa8", "vulnerability": {"vulnId": "CVE-2017-9841", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-15T00:00:00+00:00"}, "gcve": {"object_uuid": "fc817c02-1bbd-4b3d-8d5a-e445ced2aaa8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-02-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data... | Affected: PHPUnit / PHPUnit | CVSS: 9.8 (CRITICAL) | EPSS: 0.99999 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-9841", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9841"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-9841"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data...", "vendor": "PHPUnit", "product": "PHPUnit", "added_date": "2022-02-15T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99999, "cvss_severity": "CRITICAL", "epss_percentile": 0.99994, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2a5ca4aa-efc6-4990-b917-58f4d0947aeb", "vulnerability": {"vulnId": "CVE-2019-0752", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-15T00:00:00+00:00"}, "gcve": {"object_uuid": "2a5ca4aa-efc6-4990-b917-58f4d0947aeb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-02-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting... | Affected: Microsoft / Internet Explorer 11, Internet Explorer 10 | CVSS: 7.5 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-0752", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0752"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-0752"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting...", "vendor": "Microsoft", "product": "Internet Explorer 11, Internet Explorer 10", "added_date": "2022-02-15T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "bf7a0b75-b907-4af3-9bdc-d4f709e1c654", "vulnerability": {"vulnId": "CVE-2022-22620", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-11T00:00:00+00:00"}, "gcve": {"object_uuid": "bf7a0b75-b907-4af3-9bdc-d4f709e1c654", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-02-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1,... | Affected: Apple / Safari (v and ), macOS | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-22620", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22620"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-22620"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1,...", "vendor": "Apple", "product": "Safari (v and ), macOS", "added_date": "2022-02-11T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ab07f9d4-3cdc-448a-8645-70d6674b5aa9", "vulnerability": {"vulnId": "CVE-2015-1130", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "ab07f9d4-3cdc-448a-8645-70d6674b5aa9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-02-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via... | Affected: Apple / OS X | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-1130", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1130"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-1130"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via...", "vendor": "Apple", "product": "OS X", "added_date": "2022-02-10T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cde4aee7-2b1a-46da-8c01-e9350cfd0aea", "vulnerability": {"vulnId": "CVE-2017-8464", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "cde4aee7-2b1a-46da-8c01-e9350cfd0aea", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-02-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT... | Affected: Microsoft Corporation / Windows Shell | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-8464", "url": "https://www.cve.org/CVERecord?id=CVE-2017-8464"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-8464"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT...", "vendor": "Microsoft Corporation", "product": "Windows Shell", "added_date": "2022-02-10T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "03c04566-93e3-4539-9c2e-87352bff912b", "vulnerability": {"vulnId": "CVE-2017-0262", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "03c04566-93e3-4539-9c2e-87352bff912b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-02-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle... | Affected: Microsoft Corporation / Microsoft Office | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-0262", "url": "https://www.cve.org/CVERecord?id=CVE-2017-0262"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-0262"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle...", "vendor": "Microsoft Corporation", "product": "Microsoft Office", "added_date": "2022-02-10T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "303ca945-82a5-44ec-b052-f58abb6ee35b", "vulnerability": {"vulnId": "CVE-2017-10271", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "303ca945-82a5-44ec-b052-f58abb6ee35b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-02-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are... | Affected: Oracle Corporation / WebLogic Server | CVSS: 7.5 (HIGH) | EPSS: 0.99934 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-10271", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10271"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-10271"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are...", "vendor": "Oracle Corporation", "product": "WebLogic Server", "added_date": "2022-02-10T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.99934, "cvss_severity": "HIGH", "epss_percentile": 0.99967, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cc8d1587-c5a8-4505-a7c9-750e867fa394", "vulnerability": {"vulnId": "CVE-2017-0263", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "cc8d1587-c5a8-4505-a7c9-750e867fa394", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-02-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The kernel-mode drivers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT... | Affected: Microsoft Corporation / Microsoft Windows | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-0263", "url": "https://www.cve.org/CVERecord?id=CVE-2017-0263"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-0263"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The kernel-mode drivers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT...", "vendor": "Microsoft Corporation", "product": "Microsoft Windows", "added_date": "2022-02-10T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2e5409e1-da6d-47e3-80ad-a98070901f34", "vulnerability": {"vulnId": "CVE-2021-36934", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "2e5409e1-da6d-47e3-80ad-a98070901f34", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-02-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows 10 Version 20H2 | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-36934", "url": "https://www.cve.org/CVERecord?id=CVE-2021-36934"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-36934"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows 10 Version 20H2", "added_date": "2022-02-10T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6cc2a209-3e65-4327-b184-6acb798f69bf", "vulnerability": {"vulnId": "CVE-2017-0145", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "6cc2a209-3e65-4327-b184-6acb798f69bf", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-02-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2;... | Affected: Microsoft Corporation / Windows SMB | CVSS: 8.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-0145", "url": "https://www.cve.org/CVERecord?id=CVE-2017-0145"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-0145"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2;...", "vendor": "Microsoft Corporation", "product": "Windows SMB", "added_date": "2022-02-10T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f44232a2-1f08-4469-a4d6-be3a0d14f682", "vulnerability": {"vulnId": "CVE-2015-1635", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "f44232a2-1f08-4469-a4d6-be3a0d14f682", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-02-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote... | Affected: Microsoft / Windows | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-1635", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1635"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-1635"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote...", "vendor": "Microsoft", "product": "Windows", "added_date": "2022-02-10T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "47cc0b4a-4f59-4202-a425-3befe501e8ff", "vulnerability": {"vulnId": "CVE-2017-0144", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "47cc0b4a-4f59-4202-a425-3befe501e8ff", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-02-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2;... | Affected: Microsoft Corporation / Windows SMB | CVSS: 8.8 (HIGH) | EPSS: 0.9923 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-0144", "url": "https://www.cve.org/CVERecord?id=CVE-2017-0144"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-0144"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2;...", "vendor": "Microsoft Corporation", "product": "Windows SMB", "added_date": "2022-02-10T00:00:00.000Z", "cvss_score": 8.8, "epss_score": 0.9923, "cvss_severity": "HIGH", "epss_percentile": 0.9993, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "faabefad-7b75-4190-b669-e87a9955866d", "vulnerability": {"vulnId": "CVE-2016-3088", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "faabefad-7b75-4190-b669-e87a9955866d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-02-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT... | Affected: Apache / ActiveMQ | CVSS: 9.8 (CRITICAL) | EPSS: 0.98518 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-3088", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3088"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-3088"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT...", "vendor": "Apache", "product": "ActiveMQ", "added_date": "2022-02-10T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.98518, "cvss_severity": "CRITICAL", "epss_percentile": 0.99914, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "03a0b598-b681-4a8f-b263-ec03ce59807f", "vulnerability": {"vulnId": "CVE-2015-2051", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "03a0b598-b681-4a8f-b263-ec03ce59807f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-02-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a... | Affected: D-Link / DIR-645 Wired/Wireless Router | CVSS: 8.8 (HIGH) | EPSS: 0.97101 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-2051", "url": "https://www.cve.org/CVERecord?id=CVE-2015-2051"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-2051"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a...", "vendor": "D-Link", "product": "DIR-645 Wired/Wireless Router", "added_date": "2022-02-10T00:00:00.000Z", "cvss_score": 8.8, "epss_score": 0.97101, "cvss_severity": "HIGH", "epss_percentile": 0.99884, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4330bc42-e4b4-4ebc-b390-eacffe2ab424", "vulnerability": {"vulnId": "CVE-2020-0796", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "4330bc42-e4b4-4ebc-b390-eacffe2ab424", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-02-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests,... | Affected: Microsoft / Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation), Windows 10 Version 1909 for 32-bit Systems, Windows 10 Version 1909 for x64-based Systems, Windows 10 Version 1909 for ARM64-based Systems, Windows Server, version 1909 (Server Core installation) | CVSS: 10.0 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-0796", "url": "https://www.cve.org/CVERecord?id=CVE-2020-0796"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-0796"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests,...", "vendor": "Microsoft", "product": "Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation), Windows 10 Version 1909 for 32-bit Systems, Windows 10 Version 1909 for x64-based Systems, Windows 10 Version 1909 for ARM64-based Systems, Windows Server, version 1909 (Server Core installation)", "added_date": "2022-02-10T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3415efcc-d7f7-4daf-876a-3e45d2bb35bd", "vulnerability": {"vulnId": "CVE-2018-1000861", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "3415efcc-d7f7-4daf-876a-3e45d2bb35bd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-02-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in... | Affected: Jenkins / Jenkins | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-1000861", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000861"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-1000861"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in...", "vendor": "Jenkins", "product": "Jenkins", "added_date": "2022-02-10T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d0a968c0-0103-49fe-b9a2-5ad765fbb0df", "vulnerability": {"vulnId": "CVE-2014-4404", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "d0a968c0-0103-49fe-b9a2-5ad765fbb0df", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-02-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged... | Affected: Apple / iOS, Apple TV | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2014-4404", "url": "https://www.cve.org/CVERecord?id=CVE-2014-4404"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-4404"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged...", "vendor": "Apple", "product": "iOS, Apple TV", "added_date": "2022-02-10T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cc39356f-31c7-42cf-9dfa-dc2e4a1e32f9", "vulnerability": {"vulnId": "CVE-2017-9791", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "cc39356f-31c7-42cf-9dfa-dc2e4a1e32f9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-02-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the... | Affected: Apache Software Foundation / Apache Struts | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-9791", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9791"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-9791"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the...", "vendor": "Apache Software Foundation", "product": "Apache Struts", "added_date": "2022-02-10T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "104159c7-eb2f-4a08-be3b-b456ddccf899", "vulnerability": {"vulnId": "CVE-2022-21882", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-04T00:00:00+00:00"}, "gcve": {"object_uuid": "104159c7-eb2f-4a08-be3b-b456ddccf899", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-04T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-02-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Win32k Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2 | CVSS: 7.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-21882", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21882"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-21882"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Win32k Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2", "added_date": "2022-02-04T00:00:00.000Z", "cvss_score": 7.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "715dff34-f0a6-4d53-a2d3-6bc2ab4ec1d1", "vulnerability": {"vulnId": "CVE-2014-7169", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-28T00:00:00+00:00"}, "gcve": {"object_uuid": "715dff34-f0a6-4d53-a2d3-6bc2ab4ec1d1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables,... | Affected: GNU / Bash | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2014-7169", "url": "https://www.cve.org/CVERecord?id=CVE-2014-7169"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-7169"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables,...", "vendor": "GNU", "product": "Bash", "added_date": "2022-01-28T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "da032ec0-44b8-42ff-811f-e02e2f8db9c5", "vulnerability": {"vulnId": "CVE-2014-6271", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-28T00:00:00+00:00"}, "gcve": {"object_uuid": "da032ec0-44b8-42ff-811f-e02e2f8db9c5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to... | Affected: GNU / Bash | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2014-6271", "url": "https://www.cve.org/CVERecord?id=CVE-2014-6271"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-6271"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to...", "vendor": "GNU", "product": "Bash", "added_date": "2022-01-28T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8d5edc07-0faf-447e-8d1c-4222e61e825e", "vulnerability": {"vulnId": "CVE-2014-1776", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-28T00:00:00+00:00"}, "gcve": {"object_uuid": "8d5edc07-0faf-447e-8d1c-4222e61e825e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of... | Affected: Microsoft / Internet Explorer | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2014-1776", "url": "https://www.cve.org/CVERecord?id=CVE-2014-1776"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-1776"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of...", "vendor": "Microsoft", "product": "Internet Explorer", "added_date": "2022-01-28T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b5a651d3-77c9-41a2-a394-5346d41f4071", "vulnerability": {"vulnId": "CVE-2020-0787", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-28T00:00:00+00:00"}, "gcve": {"object_uuid": "b5a651d3-77c9-41a2-a394-5346d41f4071", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links,... | Affected: Microsoft / Windows, Windows Server, Windows 10 Version 1909 for 32-bit Systems, Windows 10 Version 1909 for x64-based Systems, Windows 10 Version 1909 for ARM64-based Systems, Windows Server, version 1909 (Server Core installation), Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-0787", "url": "https://www.cve.org/CVERecord?id=CVE-2020-0787"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-0787"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links,...", "vendor": "Microsoft", "product": "Windows, Windows Server, Windows 10 Version 1909 for 32-bit Systems, Windows 10 Version 1909 for x64-based Systems, Windows 10 Version 1909 for ARM64-based Systems, Windows Server, version 1909 (Server Core installation), Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)", "added_date": "2022-01-28T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "181c1989-dc11-444b-a995-34d99b2f3aba", "vulnerability": {"vulnId": "CVE-2021-20038", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-28T00:00:00+00:00"}, "gcve": {"object_uuid": "181c1989-dc11-444b-a995-34d99b2f3aba", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated... | Affected: SonicWall / SonicWall SMA100 | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-20038", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20038"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-20038"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated...", "vendor": "SonicWall", "product": "SonicWall SMA100", "added_date": "2022-01-28T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "501507bc-dc02-438d-8b32-46aff49715ad", "vulnerability": {"vulnId": "CVE-2022-22587", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-28T00:00:00+00:00"}, "gcve": {"object_uuid": "501507bc-dc02-438d-8b32-46aff49715ad", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3,... | Affected: Apple / iOS and iPadOS, macOS | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2022-22587", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22587"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-22587"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3,...", "vendor": "Apple", "product": "iOS and iPadOS, macOS", "added_date": "2022-01-28T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "73ee2e51-cf13-47bf-b412-9d63703a3d81", "vulnerability": {"vulnId": "CVE-2020-5722", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-28T00:00:00+00:00"}, "gcve": {"object_uuid": "73ee2e51-cf13-47bf-b412-9d63703a3d81", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker... | Affected: Grandstream / Grandstream UCM6200 Series | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-5722", "url": "https://www.cve.org/CVERecord?id=CVE-2020-5722"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-5722"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker...", "vendor": "Grandstream", "product": "Grandstream UCM6200 Series", "added_date": "2022-01-28T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "136ed4d0-c61d-493f-90b6-0299ed000656", "vulnerability": {"vulnId": "CVE-2017-5689", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-28T00:00:00+00:00"}, "gcve": {"object_uuid": "136ed4d0-c61d-493f-90b6-0299ed000656", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-28T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-28T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and... | Affected: Intel Corporation / Intel Active Mangement Technology, Intel Small Business Technology, Intel Standard Manageability | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-5689", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5689"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-5689"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and...", "vendor": "Intel Corporation", "product": "Intel Active Mangement Technology, Intel Small Business Technology, Intel Standard Manageability", "added_date": "2022-01-28T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cf102be7-919e-46fc-a153-258801221372", "vulnerability": {"vulnId": "CVE-2012-0391", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-21T00:00:00+00:00"}, "gcve": {"object_uuid": "cf102be7-919e-46fc-a153-258801221372", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling... | Affected: Apache / Struts | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2012-0391", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0391"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2012-0391"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling...", "vendor": "Apache", "product": "Struts", "added_date": "2022-01-21T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6354dffd-6001-4265-ad90-d367df0e606a", "vulnerability": {"vulnId": "CVE-2018-8453", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-21T00:00:00+00:00"}, "gcve": {"object_uuid": "6354dffd-6001-4265-ad90-d367df0e606a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \"Win32k... | Affected: Microsoft / Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers | CVSS: 7.8 (HIGH) | EPSS: 0.73106 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-8453", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8453"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-8453"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \"Win32k...", "vendor": "Microsoft", "product": "Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers", "added_date": "2022-01-21T00:00:00.000Z", "cvss_score": 7.8, "epss_score": 0.73106, "cvss_severity": "HIGH", "epss_percentile": 0.99384, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2df17bf5-8fb1-49a6-9627-5a78a0252d77", "vulnerability": {"vulnId": "CVE-2021-35247", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-21T00:00:00+00:00"}, "gcve": {"object_uuid": "2df17bf5-8fb1-49a6-9627-5a78a0252d77", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Improper Input Validation Vulnerability in Serv-U | Affected: SolarWinds / Serv-U | CVSS: 4.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-35247", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35247"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-35247"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Improper Input Validation Vulnerability in Serv-U", "vendor": "SolarWinds", "product": "Serv-U", "added_date": "2022-01-21T00:00:00.000Z", "cvss_score": 4.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "eb977f02-30ea-445d-9d82-0f7a05dca3d3", "vulnerability": {"vulnId": "CVE-2006-1547", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-21T00:00:00+00:00"}, "gcve": {"object_uuid": "eb977f02-30ea-445d-9d82-0f7a05dca3d3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-21T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-21T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a... | Affected: Apache Software Foundation / Struts | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2006-1547", "url": "https://www.cve.org/CVERecord?id=CVE-2006-1547"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2006-1547"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a...", "vendor": "Apache Software Foundation", "product": "Struts", "added_date": "2022-01-21T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4b58514a-e4d5-44a7-b083-3a3196e4dcfd", "vulnerability": {"vulnId": "CVE-2021-21315", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-18T00:00:00+00:00"}, "gcve": {"object_uuid": "4b58514a-e4d5-44a7-b083-3a3196e4dcfd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Command Injection Vulnerability | Affected: sebhildebrandt / systeminformation | CVSS: 7.1 (HIGH) | EPSS: 0.9024 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-21315", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21315"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-21315"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Command Injection Vulnerability", "vendor": "sebhildebrandt", "product": "systeminformation", "added_date": "2022-01-18T00:00:00.000Z", "cvss_score": 7.1, "epss_score": 0.9024, "cvss_severity": "HIGH", "epss_percentile": 0.99784, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "79e641ac-2464-4bdb-92dd-c1bdf0c810e7", "vulnerability": {"vulnId": "CVE-2021-22991", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-18T00:00:00+00:00"}, "gcve": {"object_uuid": "79e641ac-2464-4bdb-92dd-c1bdf0c810e7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3,... | Affected: F5 / BIG-IP | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-22991", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22991"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-22991"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3,...", "vendor": "F5", "product": "BIG-IP", "added_date": "2022-01-18T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6ac3c41b-fe48-441f-a37e-d86d06c1bad9", "vulnerability": {"vulnId": "CVE-2020-14864", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-18T00:00:00+00:00"}, "gcve": {"object_uuid": "6ac3c41b-fe48-441f-a37e-d86d06c1bad9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported... | Affected: Oracle Corporation / Business Intelligence Enterprise Edition | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-14864", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14864"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-14864"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported...", "vendor": "Oracle Corporation", "product": "Business Intelligence Enterprise Edition", "added_date": "2022-01-18T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d8a1b365-a40f-44fe-8cec-45713d08729a", "vulnerability": {"vulnId": "CVE-2020-13671", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-18T00:00:00+00:00"}, "gcve": {"object_uuid": "d8a1b365-a40f-44fe-8cec-45713d08729a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension... | Affected: Drupal / Drupal Core | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-13671", "url": "https://www.cve.org/CVERecord?id=CVE-2020-13671"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-13671"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension...", "vendor": "Drupal", "product": "Drupal Core", "added_date": "2022-01-18T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e669c7f2-718d-4f7d-a61a-3d46854b2325", "vulnerability": {"vulnId": "CVE-2020-11978", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-18T00:00:00+00:00"}, "gcve": {"object_uuid": "e669c7f2-718d-4f7d-a61a-3d46854b2325", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example... | Affected: Apache Software Foundation / Apache Airflow | CVSS: 8.8 (HIGH) | EPSS: 0.99118 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-11978", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11978"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-11978"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example...", "vendor": "Apache Software Foundation", "product": "Apache Airflow", "added_date": "2022-01-18T00:00:00.000Z", "cvss_score": 8.8, "epss_score": 0.99118, "cvss_severity": "HIGH", "epss_percentile": 0.99927, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b311a961-d7bd-4033-8c5e-8782947990fd", "vulnerability": {"vulnId": "CVE-2021-32648", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-18T00:00:00+00:00"}, "gcve": {"object_uuid": "b311a961-d7bd-4033-8c5e-8782947990fd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Account Takeover in Octobercms | Affected: octobercms / october | CVSS: 8.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-32648", "url": "https://www.cve.org/CVERecord?id=CVE-2021-32648"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-32648"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Account Takeover in Octobercms", "vendor": "octobercms", "product": "october", "added_date": "2022-01-18T00:00:00.000Z", "cvss_score": 8.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5422db9b-165a-4c00-adca-4baa26ea3660", "vulnerability": {"vulnId": "CVE-2021-21975", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-18T00:00:00+00:00"}, "gcve": {"object_uuid": "5422db9b-165a-4c00-adca-4baa26ea3660", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the... | Affected: VMware / VMware vRealize Operations | CVSS: 7.5 (HIGH) | EPSS: 0.78435 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-21975", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21975"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-21975"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the...", "vendor": "VMware", "product": "VMware vRealize Operations", "added_date": "2022-01-18T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.78435, "cvss_severity": "HIGH", "epss_percentile": 0.99529, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ab1cda62-561f-4511-a027-281cf646b789", "vulnerability": {"vulnId": "CVE-2020-13927", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-18T00:00:00+00:00"}, "gcve": {"object_uuid": "ab1cda62-561f-4511-a027-281cf646b789", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to... | Affected: Apache / Apache Airflow | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-13927", "url": "https://www.cve.org/CVERecord?id=CVE-2020-13927"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-13927"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to...", "vendor": "Apache", "product": "Apache Airflow", "added_date": "2022-01-18T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e3d40f7b-6fe2-4010-8369-5cd27d0e7a44", "vulnerability": {"vulnId": "CVE-2021-25296", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-18T00:00:00+00:00"}, "gcve": {"object_uuid": "e3d40f7b-6fe2-4010-8369-5cd27d0e7a44", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file... | Affected: Nagios / Nagios XI | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-25296", "url": "https://www.cve.org/CVERecord?id=CVE-2021-25296"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-25296"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file...", "vendor": "Nagios", "product": "Nagios XI", "added_date": "2022-01-18T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5fd19200-f51e-4ef7-a387-5cedb1bf210e", "vulnerability": {"vulnId": "CVE-2021-25297", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-18T00:00:00+00:00"}, "gcve": {"object_uuid": "5fd19200-f51e-4ef7-a387-5cedb1bf210e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file... | Affected: Nagios / Nagios XI | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-25297", "url": "https://www.cve.org/CVERecord?id=CVE-2021-25297"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-25297"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file...", "vendor": "Nagios", "product": "Nagios XI", "added_date": "2022-01-18T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "fa840452-2381-42ea-8e15-ae046694d572", "vulnerability": {"vulnId": "CVE-2021-25298", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-18T00:00:00+00:00"}, "gcve": {"object_uuid": "fa840452-2381-42ea-8e15-ae046694d572", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file... | Affected: Nagios / Nagios XI | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-25298", "url": "https://www.cve.org/CVERecord?id=CVE-2021-25298"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-25298"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file...", "vendor": "Nagios", "product": "Nagios XI", "added_date": "2022-01-18T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "98cb5383-6c08-4f58-8f0f-5fac98fd55fd", "vulnerability": {"vulnId": "CVE-2021-40870", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-18T00:00:00+00:00"}, "gcve": {"object_uuid": "98cb5383-6c08-4f58-8f0f-5fac98fd55fd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which... | Affected: Aviatrix / Controller | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-40870", "url": "https://www.cve.org/CVERecord?id=CVE-2021-40870"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-40870"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which...", "vendor": "Aviatrix", "product": "Controller", "added_date": "2022-01-18T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ad6a89cf-4875-4b9b-8812-41d06625d49a", "vulnerability": {"vulnId": "CVE-2021-33766", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-18T00:00:00+00:00"}, "gcve": {"object_uuid": "ad6a89cf-4875-4b9b-8812-41d06625d49a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-18T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-18T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Exchange Server Information Disclosure Vulnerability | Affected: Microsoft / Microsoft Exchange Server 2019 Cumulative Update 9, Microsoft Exchange Server 2016 Cumulative Update 20, Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2016 Cumulative Update 19, Microsoft Exchange Server 2019 Cumulative Update 8 | CVSS: 7.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-33766", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33766"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-33766"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Exchange Server Information Disclosure Vulnerability", "vendor": "Microsoft", "product": "Microsoft Exchange Server 2019 Cumulative Update 9, Microsoft Exchange Server 2016 Cumulative Update 20, Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2016 Cumulative Update 19, Microsoft Exchange Server 2019 Cumulative Update 8", "added_date": "2022-01-18T00:00:00.000Z", "cvss_score": 7.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6c54b1ec-1833-4577-96d5-5ad6200b8b3c", "vulnerability": {"vulnId": "CVE-2022-21894", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-11T20:22:58+00:00"}, "gcve": {"object_uuid": "6c54b1ec-1833-4577-96d5-5ad6200b8b3c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-11T20:22:58+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-11T20:22:58+00:00"}, "scope": {"notes": "KEVIntel entry: Secure Boot Security Feature Bypass Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 8.1, Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 4.4 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2022-21894", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21894"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-21894"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Secure Boot Security Feature Bypass Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 8.1, Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2022-01-11T20:22:58.000Z", "cvss_score": 4.4, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "4c5f42da-7a96-4950-9d08-f8edaf111e4d", "vulnerability": {"vulnId": "CVE-2018-13382", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "4c5f42da-7a96-4950-9d08-f8edaf111e4d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to... | Affected: Fortinet / Fortinet FortiOS, FortiProxy | CVSS: 9.1 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-13382", "url": "https://www.cve.org/CVERecord?id=CVE-2018-13382"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-13382"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to...", "vendor": "Fortinet", "product": "Fortinet FortiOS, FortiProxy", "added_date": "2022-01-10T00:00:00.000Z", "cvss_score": 9.1, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5e9effbd-e40a-464c-8665-8f542286a814", "vulnerability": {"vulnId": "CVE-2019-1458", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "5e9effbd-e40a-464c-8665-8f542286a814", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k... | Affected: Microsoft / Windows, Windows Server | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-1458", "url": "https://www.cve.org/CVERecord?id=CVE-2019-1458"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-1458"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k...", "vendor": "Microsoft", "product": "Windows, Windows Server", "added_date": "2022-01-10T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "dcc80c2b-d67a-4ea6-b693-593e6ea71303", "vulnerability": {"vulnId": "CVE-2015-7450", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "dcc80c2b-d67a-4ea6-b693-593e6ea71303", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow... | Affected: IBM / WebSphere | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-7450", "url": "https://www.cve.org/CVERecord?id=CVE-2015-7450"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-7450"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow...", "vendor": "IBM", "product": "WebSphere", "added_date": "2022-01-10T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ff5b3890-0137-4373-8b73-5ecf9c966f12", "vulnerability": {"vulnId": "CVE-2019-10149", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "ff5b3890-0137-4373-8b73-5ecf9c966f12", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in... | Affected: exim / exim | CVSS: 9.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-10149", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10149"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-10149"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in...", "vendor": "exim", "product": "exim", "added_date": "2022-01-10T00:00:00.000Z", "cvss_score": 9.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d47c795e-5770-48ca-ac20-5b55a8f3e68d", "vulnerability": {"vulnId": "CVE-2018-13383", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "d47c795e-5770-48ca-ac20-5b55a8f3e68d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy... | Affected: Fortinet / Fortinet FortiOS and FortiProxy | CVSS: 4.3 (MEDIUM) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-13383", "url": "https://www.cve.org/CVERecord?id=CVE-2018-13383"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-13383"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy...", "vendor": "Fortinet", "product": "Fortinet FortiOS and FortiProxy", "added_date": "2022-01-10T00:00:00.000Z", "cvss_score": 4.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d0884d9a-ca31-4f0f-8e3e-82f9c0162c49", "vulnerability": {"vulnId": "CVE-2019-2725", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "d0884d9a-ca31-4f0f-8e3e-82f9c0162c49", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are... | Affected: Oracle Corporation / Tape Library ACSLS | CVSS: 9.8 (CRITICAL) | EPSS: 0.99964 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-2725", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2725"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-2725"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are...", "vendor": "Oracle Corporation", "product": "Tape Library ACSLS", "added_date": "2022-01-10T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99964, "cvss_severity": "CRITICAL", "epss_percentile": 0.99976, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4f6a8c32-2c29-48f1-be6d-ae4ab37a3393", "vulnerability": {"vulnId": "CVE-2021-22017", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "4f6a8c32-2c29-48f1-be6d-ae4ab37a3393", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network... | Affected: VMware / VMware vCenter Server, VMware Cloud Foundation | CVSS: 5.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-22017", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22017"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-22017"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network...", "vendor": "VMware", "product": "VMware vCenter Server, VMware Cloud Foundation", "added_date": "2022-01-10T00:00:00.000Z", "cvss_score": 5.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "1022b212-bacb-429d-9ef8-7e5d6e6cedf0", "vulnerability": {"vulnId": "CVE-2017-1000486", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "1022b212-bacb-429d-9ef8-7e5d6e6cedf0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution | Affected: Primetek / Primefaces | CVSS: 9.8 (CRITICAL) | EPSS: 0.94104 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-1000486", "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000486"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-1000486"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution", "vendor": "Primetek", "product": "Primefaces", "added_date": "2022-01-10T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.94104, "cvss_severity": "CRITICAL", "epss_percentile": 0.99837, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ecd0ef95-9fe7-4dd5-b0df-74d6002937a0", "vulnerability": {"vulnId": "CVE-2021-36260", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "ecd0ef95-9fe7-4dd5-b0df-74d6002937a0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the... | Affected: Hikvision / IP Camera | CVSS: 9.8 (CRITICAL) | EPSS: 0.99869 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-36260", "url": "https://www.cve.org/CVERecord?id=CVE-2021-36260"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-36260"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the...", "vendor": "Hikvision", "product": "IP Camera", "added_date": "2022-01-10T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99869, "cvss_severity": "CRITICAL", "epss_percentile": 0.9996, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f83efb44-97e5-4ed1-a3ea-5ab5ba167d2a", "vulnerability": {"vulnId": "CVE-2019-1579", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "f83efb44-97e5-4ed1-a3ea-5ab5ba167d2a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or... | Affected: Palo Alto Networks / Palo Alto Networks GlobalProtect Portal/Gateway Interface | CVSS: 8.1 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-1579", "url": "https://www.cve.org/CVERecord?id=CVE-2019-1579"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-1579"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or...", "vendor": "Palo Alto Networks", "product": "Palo Alto Networks GlobalProtect Portal/Gateway Interface", "added_date": "2022-01-10T00:00:00.000Z", "cvss_score": 8.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "002ae93b-039a-4ad6-97d0-e3083eedd0d9", "vulnerability": {"vulnId": "CVE-2013-3900", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "002ae93b-039a-4ad6-97d0-e3083eedd0d9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: WinVerifyTrust Signature Validation Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows Server 2025 (Server Core installation), Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows Server 2025, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 5.5 (MEDIUM) | EPSS: 0.44647 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-3900", "url": "https://www.cve.org/CVERecord?id=CVE-2013-3900"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-3900"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WinVerifyTrust Signature Validation Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows Server 2025 (Server Core installation), Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows Server 2025, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2022-01-10T00:00:00.000Z", "cvss_score": 5.5, "epss_score": 0.44647, "cvss_severity": "MEDIUM", "epss_percentile": 0.98605, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "53c1e24c-252c-4792-b113-bdb7e8357e21", "vulnerability": {"vulnId": "CVE-2020-6572", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "53c1e24c-252c-4792-b113-bdb7e8357e21", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-6572", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6572"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-6572"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.", "vendor": "Google", "product": "Chrome", "added_date": "2022-01-10T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4b167018-5b08-47be-9412-c9060715f788", "vulnerability": {"vulnId": "CVE-2019-9670", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "4b167018-5b08-47be-9412-c9060715f788", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as... | Affected: Synacor / Zimbra Collaboration Suite | CVSS: 9.8 (CRITICAL) | EPSS: 0.99986 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-9670", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9670"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-9670"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as...", "vendor": "Synacor", "product": "Zimbra Collaboration Suite", "added_date": "2022-01-10T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99986, "cvss_severity": "CRITICAL", "epss_percentile": 0.99983, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4a67559d-e76f-4475-ab53-0c8d957fd395", "vulnerability": {"vulnId": "CVE-2019-7609", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "4a67559d-e76f-4475-ab53-0c8d957fd395", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the... | Affected: Elastic / Kibana | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-7609", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7609"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-7609"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the...", "vendor": "Elastic", "product": "Kibana", "added_date": "2022-01-10T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "97851e65-4652-4b2b-a95f-71f8a8c5c22d", "vulnerability": {"vulnId": "CVE-2021-27860", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "97851e65-4652-4b2b-a95f-71f8a8c5c22d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-01-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Arbitrary file upload vulnerability in FatPipe software | Affected: FatPipe / WARP, IPVPN, MPVPN | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-27860", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27860"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-27860"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Arbitrary file upload vulnerability in FatPipe software", "vendor": "FatPipe", "product": "WARP, IPVPN, MPVPN", "added_date": "2022-01-10T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "91ab3094-c4d8-4b39-84e5-ecb81050aca7", "vulnerability": {"vulnId": "CVE-2021-45461", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-22T18:25:54+00:00"}, "gcve": {"object_uuid": "91ab3094-c4d8-4b39-84e5-ecb81050aca7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-22T18:25:54+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-12-22T18:25:54+00:00"}, "scope": {"notes": "KEVIntel entry: FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute... | Affected: FreePBX / Rest Phone Apps | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-45461", "url": "https://www.cve.org/CVERecord?id=CVE-2021-45461"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-45461"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute...", "vendor": "FreePBX", "product": "Rest Phone Apps", "added_date": "2021-12-22T18:25:54.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "b7a6c3a5-b27d-41d6-8c17-82022a0ff38f", "vulnerability": {"vulnId": "CVE-2021-43890", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-15T00:00:00+00:00"}, "gcve": {"object_uuid": "b7a6c3a5-b27d-41d6-8c17-82022a0ff38f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-12-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows AppX Installer Spoofing Vulnerability | Affected: Microsoft / App Installer | CVSS: 7.1 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-43890", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43890"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-43890"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows AppX Installer Spoofing Vulnerability", "vendor": "Microsoft", "product": "App Installer", "added_date": "2021-12-15T00:00:00.000Z", "cvss_score": 7.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b8818eea-d23b-4b01-ac1e-53c26eba5ffc", "vulnerability": {"vulnId": "CVE-2021-4102", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-15T00:00:00+00:00"}, "gcve": {"object_uuid": "b8818eea-d23b-4b01-ac1e-53c26eba5ffc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-15T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-12-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-4102", "url": "https://www.cve.org/CVERecord?id=CVE-2021-4102"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-4102"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "vendor": "Google", "product": "Chrome", "added_date": "2021-12-15T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c616bef0-2439-47eb-9bb6-c372a95c86b9", "vulnerability": {"vulnId": "CVE-2021-44228", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-10T00:00:00+00:00"}, "gcve": {"object_uuid": "c616bef0-2439-47eb-9bb6-c372a95c86b9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-12-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints | Affected: Apache Software Foundation / Apache Log4j2 | CVSS: 10.0 (CRITICAL) | EPSS: 0.99999 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-44228", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-44228"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", "vendor": "Apache Software Foundation", "product": "Apache Log4j2", "added_date": "2021-12-10T00:00:00.000Z", "cvss_score": 10.0, "epss_score": 0.99999, "cvss_severity": "CRITICAL", "epss_percentile": 1.0, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6696f2a0-9760-4343-baef-ff4786cb940a", "vulnerability": {"vulnId": "CVE-2017-17562", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-10T00:00:00+00:00"}, "gcve": {"object_uuid": "6696f2a0-9760-4343-baef-ff4786cb940a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-12-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of... | Affected: Embedthis / GoAhead | CVSS: 8.1 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-17562", "url": "https://www.cve.org/CVERecord?id=CVE-2017-17562"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-17562"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of...", "vendor": "Embedthis", "product": "GoAhead", "added_date": "2021-12-10T00:00:00.000Z", "cvss_score": 8.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cf142b32-b0f1-4038-b0c9-cde07721d403", "vulnerability": {"vulnId": "CVE-2020-17463", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-10T00:00:00+00:00"}, "gcve": {"object_uuid": "cf142b32-b0f1-4038-b0c9-cde07721d403", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-12-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items. | Affected: daylightstudio / FUEL CMS | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-17463", "url": "https://www.cve.org/CVERecord?id=CVE-2020-17463"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-17463"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.", "vendor": "daylightstudio", "product": "FUEL CMS", "added_date": "2021-12-10T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d8c93ee7-b2d7-4b18-adeb-346d15e72cdb", "vulnerability": {"vulnId": "CVE-2021-44515", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-10T00:00:00+00:00"}, "gcve": {"object_uuid": "d8c93ee7-b2d7-4b18-adeb-346d15e72cdb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-12-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild... | Affected: Zoho / ManageEngine Desktop Central | CVSS: 9.8 (CRITICAL) | EPSS: 0.99869 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-44515", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44515"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-44515"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild...", "vendor": "Zoho", "product": "ManageEngine Desktop Central", "added_date": "2021-12-10T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99869, "cvss_severity": "CRITICAL", "epss_percentile": 0.9996, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0dee4231-9cc1-445f-ab95-7c31b10b161a", "vulnerability": {"vulnId": "CVE-2019-13272", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-10T00:00:00+00:00"}, "gcve": {"object_uuid": "0dee4231-9cc1-445f-ab95-7c31b10b161a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-12-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a... | Affected: Linux / kernel | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-13272", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13272"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-13272"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a...", "vendor": "Linux", "product": "kernel", "added_date": "2021-12-10T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0e13a9ed-81f1-4b45-8126-2023be3bb39a", "vulnerability": {"vulnId": "CVE-2021-44168", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-10T00:00:00+00:00"}, "gcve": {"object_uuid": "0e13a9ed-81f1-4b45-8126-2023be3bb39a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-12-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A download of code without integrity check vulnerability in the \"execute restore src-vis\" command of FortiOS before 7.0.3 may allow a local... | Affected: Fortinet / Fortinet FortiOS | CVSS: 3.3 (LOW) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-44168", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44168"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-44168"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A download of code without integrity check vulnerability in the \"execute restore src-vis\" command of FortiOS before 7.0.3 may allow a local...", "vendor": "Fortinet", "product": "Fortinet FortiOS", "added_date": "2021-12-10T00:00:00.000Z", "cvss_score": 3.3, "epss_score": null, "cvss_severity": "LOW", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7d705ab8-0a12-460a-9a0f-fe13e19cad7c", "vulnerability": {"vulnId": "CVE-2019-10758", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-10T00:00:00+00:00"}, "gcve": {"object_uuid": "7d705ab8-0a12-460a-9a0f-fe13e19cad7c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-12-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to... | Affected: mongo-express / mongo-express | CVSS: 9.9 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-10758", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10758"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-10758"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to...", "vendor": "mongo-express", "product": "mongo-express", "added_date": "2021-12-10T00:00:00.000Z", "cvss_score": 9.9, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "26b225ea-40d2-4043-bf1c-42d1dfc430b4", "vulnerability": {"vulnId": "CVE-2019-7238", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-10T00:00:00+00:00"}, "gcve": {"object_uuid": "26b225ea-40d2-4043-bf1c-42d1dfc430b4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-12-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control. | Affected: Sonatype / Nexus Repository Manager | CVSS: 9.8 (CRITICAL) | EPSS: 0.76526 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-7238", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7238"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-7238"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.", "vendor": "Sonatype", "product": "Nexus Repository Manager", "added_date": "2021-12-10T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.76526, "cvss_severity": "CRITICAL", "epss_percentile": 0.9948, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0b0ba54a-a2f0-4571-9507-ddee96d2fcbb", "vulnerability": {"vulnId": "CVE-2017-12149", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-10T00:00:00+00:00"}, "gcve": {"object_uuid": "0b0ba54a-a2f0-4571-9507-ddee96d2fcbb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-12-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the... | Affected: Red Hat, Inc. / jbossas | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-12149", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12149"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-12149"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the...", "vendor": "Red Hat, Inc.", "product": "jbossas", "added_date": "2021-12-10T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "36b77b7b-58cc-4404-b258-aadb5ba5bdca", "vulnerability": {"vulnId": "CVE-2021-35394", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-10T00:00:00+00:00"}, "gcve": {"object_uuid": "36b77b7b-58cc-4404-b258-aadb5ba5bdca", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-12-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The... | Affected: Realtek / Jungle SDK | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-35394", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35394"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-35394"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The...", "vendor": "Realtek", "product": "Jungle SDK", "added_date": "2021-12-10T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c19a7486-e6b3-43ab-bd3f-d168c82f75b8", "vulnerability": {"vulnId": "CVE-2019-0193", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-10T00:00:00+00:00"}, "gcve": {"object_uuid": "c19a7486-e6b3-43ab-bd3f-d168c82f75b8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-12-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the... | Affected: Apache / Apache Solr | CVSS: 7.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-0193", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0193"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-0193"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the...", "vendor": "Apache", "product": "Apache Solr", "added_date": "2021-12-10T00:00:00.000Z", "cvss_score": 7.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4e1c5a01-0790-428a-9e48-0f50ad44858b", "vulnerability": {"vulnId": "CVE-2010-1871", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-10T00:00:00+00:00"}, "gcve": {"object_uuid": "4e1c5a01-0790-428a-9e48-0f50ad44858b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-12-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss... | Affected: Red Hat / JBoss Enterprise Application Platform | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2010-1871", "url": "https://www.cve.org/CVERecord?id=CVE-2010-1871"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2010-1871"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss...", "vendor": "Red Hat", "product": "JBoss Enterprise Application Platform", "added_date": "2021-12-10T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8176306f-e810-4d51-912d-c978020310a0", "vulnerability": {"vulnId": "CVE-2020-8816", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-10T00:00:00+00:00"}, "gcve": {"object_uuid": "8176306f-e810-4d51-912d-c978020310a0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-10T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-12-10T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease. | Affected: Pi-hole / Pi-hole Web | CVSS: 9.1 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-8816", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8816"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-8816"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.", "vendor": "Pi-hole", "product": "Pi-hole Web", "added_date": "2021-12-10T00:00:00.000Z", "cvss_score": 9.1, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9e5c69c0-43b9-4131-a32c-cb01dc0113d1", "vulnerability": {"vulnId": "CVE-2020-11261", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-01T00:00:00+00:00"}, "gcve": {"object_uuid": "9e5c69c0-43b9-4131-a32c-cb01dc0113d1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-01T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-12-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto,... | Affected: Qualcomm, Inc. / Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-11261", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11261"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-11261"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto,...", "vendor": "Qualcomm, Inc.", "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", "added_date": "2021-12-01T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e0f441e2-b131-4c9f-a715-22d417429bbc", "vulnerability": {"vulnId": "CVE-2021-37415", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-01T00:00:00+00:00"}, "gcve": {"object_uuid": "e0f441e2-b131-4c9f-a715-22d417429bbc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-01T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-12-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication. | Affected: Zoho / ManageEngine ServiceDesk Plus | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-37415", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37415"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-37415"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.", "vendor": "Zoho", "product": "ManageEngine ServiceDesk Plus", "added_date": "2021-12-01T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8f552444-6f2a-45f9-9d84-94f60fbb8aa9", "vulnerability": {"vulnId": "CVE-2021-40438", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-01T00:00:00+00:00"}, "gcve": {"object_uuid": "8f552444-6f2a-45f9-9d84-94f60fbb8aa9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-01T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-12-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: mod_proxy SSRF | Affected: Apache Software Foundation / Apache HTTP Server | CVSS: 9.0 (CRITICAL) | EPSS: 0.99999 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-40438", "url": "https://www.cve.org/CVERecord?id=CVE-2021-40438"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-40438"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "mod_proxy SSRF", "vendor": "Apache Software Foundation", "product": "Apache HTTP Server", "added_date": "2021-12-01T00:00:00.000Z", "cvss_score": 9.0, "epss_score": 0.99999, "cvss_severity": "CRITICAL", "epss_percentile": 0.99997, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a6378f87-9112-48da-9382-020a91bbb7b6", "vulnerability": {"vulnId": "CVE-2018-14847", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-01T00:00:00+00:00"}, "gcve": {"object_uuid": "a6378f87-9112-48da-9382-020a91bbb7b6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-01T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-12-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write... | Affected: MikroTik / RouterOS | CVSS: 9.1 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-14847", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14847"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-14847"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write...", "vendor": "MikroTik", "product": "RouterOS", "added_date": "2021-12-01T00:00:00.000Z", "cvss_score": 9.1, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "62f6826e-caa4-4172-a7c2-bad3da98db01", "vulnerability": {"vulnId": "CVE-2021-44077", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-01T00:00:00+00:00"}, "gcve": {"object_uuid": "62f6826e-caa4-4172-a7c2-bad3da98db01", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-01T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-12-01T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to... | Affected: Zoho / ManageEngine ServiceDesk Plus, ManageEngine ServiceDesk Plus MSP, ManageEngine SupportCenter Plus | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-44077", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44077"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-44077"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to...", "vendor": "Zoho", "product": "ManageEngine ServiceDesk Plus, ManageEngine ServiceDesk Plus MSP, ManageEngine SupportCenter Plus", "added_date": "2021-12-01T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4a15b265-e22c-4418-a04d-81d9153c2e32", "vulnerability": {"vulnId": "CVE-2021-42321", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-17T00:00:00+00:00"}, "gcve": {"object_uuid": "4a15b265-e22c-4418-a04d-81d9153c2e32", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-17T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-17T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Exchange Server Remote Code Execution Vulnerability | Affected: Microsoft / Microsoft Exchange Server 2016 Cumulative Update 21, Microsoft Exchange Server 2019 Cumulative Update 10, Microsoft Exchange Server 2016 Cumulative Update 22, Microsoft Exchange Server 2019 Cumulative Update 11 | CVSS: 8.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-42321", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42321"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-42321"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Exchange Server Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Microsoft Exchange Server 2016 Cumulative Update 21, Microsoft Exchange Server 2019 Cumulative Update 10, Microsoft Exchange Server 2016 Cumulative Update 22, Microsoft Exchange Server 2019 Cumulative Update 11", "added_date": "2021-11-17T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "944629a1-0706-4fba-a50c-74436e394b5f", "vulnerability": {"vulnId": "CVE-2021-42292", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-17T00:00:00+00:00"}, "gcve": {"object_uuid": "944629a1-0706-4fba-a50c-74436e394b5f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-17T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-17T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Excel Security Feature Bypass Vulnerability | Affected: Microsoft / Microsoft Office 2019, Microsoft Office 2019 for Mac, Microsoft 365 Apps for Enterprise, Microsoft Office LTSC for Mac 2021, Microsoft Office LTSC 2021, Microsoft Excel 2016, Microsoft Office 2016, Microsoft Excel 2013 Service Pack 1, Microsoft Office 2013 Service Pack 1 | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-42292", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42292"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-42292"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Excel Security Feature Bypass Vulnerability", "vendor": "Microsoft", "product": "Microsoft Office 2019, Microsoft Office 2019 for Mac, Microsoft 365 Apps for Enterprise, Microsoft Office LTSC for Mac 2021, Microsoft Office LTSC 2021, Microsoft Excel 2016, Microsoft Office 2016, Microsoft Excel 2013 Service Pack 1, Microsoft Office 2013 Service Pack 1", "added_date": "2021-11-17T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f2bbd3a4-5061-4b03-8792-b060c31fc0f6", "vulnerability": {"vulnId": "CVE-2021-40449", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-17T00:00:00+00:00"}, "gcve": {"object_uuid": "f2bbd3a4-5061-4b03-8792-b060c31fc0f6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-17T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-17T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Win32k Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-40449", "url": "https://www.cve.org/CVERecord?id=CVE-2021-40449"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-40449"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Win32k Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2021-11-17T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "31bae852-f3e1-45e5-a966-52cd9297385b", "vulnerability": {"vulnId": "CVE-2021-22204", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-17T00:00:00+00:00"}, "gcve": {"object_uuid": "31bae852-f3e1-45e5-a966-52cd9297385b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-17T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-17T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the... | Affected: ExifTool / ExifTool | CVSS: 6.8 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-22204", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22204"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-22204"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the...", "vendor": "ExifTool", "product": "ExifTool", "added_date": "2021-11-17T00:00:00.000Z", "cvss_score": 6.8, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ed86e206-7d5d-426e-8106-5ddd633aa937", "vulnerability": {"vulnId": "CVE-2020-10189", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "ed86e206-7d5d-426e-8106-5ddd633aa937", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the... | Affected: Zoho / ManageEngine Desktop Central | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-10189", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10189"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-10189"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the...", "vendor": "Zoho", "product": "ManageEngine Desktop Central", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3c7b0e1b-e0f3-4ed7-b809-737fd99572ed", "vulnerability": {"vulnId": "CVE-2019-9978", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "3c7b0e1b-e0f3-4ed7-b809-737fd99572ed", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as... | Affected: Warfare Plugins / Social Warfare | CVSS: 6.1 (MEDIUM) | EPSS: 0.73543 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-9978", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9978"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-9978"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as...", "vendor": "Warfare Plugins", "product": "Social Warfare", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 6.1, "epss_score": 0.73543, "cvss_severity": "MEDIUM", "epss_percentile": 0.99399, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "57dc5a42-aa59-47b0-9ab1-e0694cb05833", "vulnerability": {"vulnId": "CVE-2020-3952", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "57dc5a42-aa59-47b0-9ab1-e0694cb05833", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does... | Affected: VMware / VMware vCenter Server | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-3952", "url": "https://www.cve.org/CVERecord?id=CVE-2020-3952"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-3952"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does...", "vendor": "VMware", "product": "VMware vCenter Server", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b3a2733e-6594-4d6a-bdf3-178ca0c2b7ce", "vulnerability": {"vulnId": "CVE-2018-20062", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "b3a2733e-6594-4d6a-bdf3-178ca0c2b7ce", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of... | Affected: NoneCms / NoneCms | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-20062", "url": "https://www.cve.org/CVERecord?id=CVE-2018-20062"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-20062"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of...", "vendor": "NoneCms", "product": "NoneCms", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "414bbc1a-559d-4a94-af2a-0caefa42ce47", "vulnerability": {"vulnId": "CVE-2021-20016", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "414bbc1a-559d-4a94-af2a-0caefa42ce47", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access... | Affected: SonicWall / SonicWall SMA100 | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-20016", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20016"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-20016"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access...", "vendor": "SonicWall", "product": "SonicWall SMA100", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e56a86dc-282a-475a-9733-30529eeb5e2a", "vulnerability": {"vulnId": "CVE-2021-20022", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e56a86dc-282a-475a-9733-30529eeb5e2a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the... | Affected: SonicWall / Email Security | CVSS: 7.2 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-20022", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20022"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-20022"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the...", "vendor": "SonicWall", "product": "Email Security", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "503daaf7-1594-46c0-8384-91af0252a05d", "vulnerability": {"vulnId": "CVE-2016-3976", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "503daaf7-1594-46c0-8384-91af0252a05d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\\ (dot dot... | Affected: SAP / NetWeaver AS Java | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-3976", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3976"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-3976"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\\ (dot dot...", "vendor": "SAP", "product": "NetWeaver AS Java", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "bd2c5d1e-19d7-4985-bcc7-9da79b7f55f9", "vulnerability": {"vulnId": "CVE-2020-11651", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "bd2c5d1e-19d7-4985-bcc7-9da79b7f55f9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly... | Affected: SaltStack / Salt | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-11651", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11651"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-11651"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly...", "vendor": "SaltStack", "product": "Salt", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "91e01e3b-2ee8-413d-9bfe-d23a89857ac3", "vulnerability": {"vulnId": "CVE-2021-27561", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "91e01e3b-2ee8-413d-9bfe-d23a89857ac3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication. | Affected: Yealink / Device Management | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-27561", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27561"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-27561"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.", "vendor": "Yealink", "product": "Device Management", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "470f9476-b411-45eb-81ef-386ff89a2914", "vulnerability": {"vulnId": "CVE-2020-10181", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "470f9476-b411-45eb-81ef-386ff89a2914", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of arbitrary users with elevated privileges... | Affected: Sumavision / Enhanced Multimedia Router (EMR) | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-10181", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10181"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-10181"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of arbitrary users with elevated privileges...", "vendor": "Sumavision", "product": "Enhanced Multimedia Router (EMR)", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "315e6257-4ba5-4fef-85d4-ce051d34bc0a", "vulnerability": {"vulnId": "CVE-2020-12271", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "315e6257-4ba5-4fef-85d4-ce051d34bc0a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in... | Affected: Sophos / XG Firewall | CVSS: 10.0 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-12271", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12271"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-12271"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in...", "vendor": "Sophos", "product": "XG Firewall", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "108876c2-bb34-415f-a325-0d1e7dd5a90d", "vulnerability": {"vulnId": "CVE-2021-20021", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "108876c2-bb34-415f-a325-0d1e7dd5a90d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP... | Affected: SonicWall / Email Security | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-20021", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20021"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-20021"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP...", "vendor": "SonicWall", "product": "Email Security", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f406873b-a44a-4053-995c-ed58c9061261", "vulnerability": {"vulnId": "CVE-2021-35211", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "f406873b-a44a-4053-995c-ed58c9061261", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Serv-U Remote Memory Escape Vulnerability | Affected: SolarWinds / Serv-U Managed File Transfer Server and Serv-U Secured FTP | CVSS: 9.0 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-35211", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35211"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-35211"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Serv-U Remote Memory Escape Vulnerability", "vendor": "SolarWinds", "product": "Serv-U Managed File Transfer Server and Serv-U Secured FTP", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e0cd5131-0949-4c67-bcb4-51017af57dd5", "vulnerability": {"vulnId": "CVE-2019-16256", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e0cd5131-0949-4c67-bcb4-51017af57dd5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location... | Affected: Samsung / SIMalliance Toolbox Browser | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-16256", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16256"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-16256"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location...", "vendor": "Samsung", "product": "SIMalliance Toolbox Browser", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "28ed0bb6-a386-47a0-b886-b3345b43f0b1", "vulnerability": {"vulnId": "CVE-2020-11738", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "28ed0bb6-a386-47a0-b886-b3345b43f0b1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file... | Affected: Snap Creek / Duplicator | CVSS: 7.5 (HIGH) | EPSS: 0.97822 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-11738", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11738"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-11738"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file...", "vendor": "Snap Creek", "product": "Duplicator", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.97822, "cvss_severity": "HIGH", "epss_percentile": 0.99898, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "19f0cdd9-eb85-4e3d-a060-0b8a2e68af5a", "vulnerability": {"vulnId": "CVE-2020-25213", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "19f0cdd9-eb85-4e3d-a060-0b8a2e68af5a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it... | Affected: WordPress / File Manager plugin | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-25213", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25213"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-25213"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it...", "vendor": "WordPress", "product": "File Manager plugin", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2692dd93-f427-4f8f-a729-5ca673efbd14", "vulnerability": {"vulnId": "CVE-2020-3992", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2692dd93-f427-4f8f-a729-5ca673efbd14", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a... | Affected: VMware / VMware ESXi | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-3992", "url": "https://www.cve.org/CVERecord?id=CVE-2020-3992"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-3992"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a...", "vendor": "VMware", "product": "VMware ESXi", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3e37bdf5-bd18-4370-935f-4dce318b40a5", "vulnerability": {"vulnId": "CVE-2019-20085", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "3e37bdf5-bd18-4370-935f-4dce318b40a5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: TVT NVMS-1000 devices allow GET /.. Directory Traversal | Affected: TVT / NVMS-1000 | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-20085", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20085"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-20085"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "TVT NVMS-1000 devices allow GET /.. Directory Traversal", "vendor": "TVT", "product": "NVMS-1000", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3a67a37e-eac5-4d33-8e31-a5481cc64485", "vulnerability": {"vulnId": "CVE-2021-36741", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "3a67a37e-eac5-4d33-8e31-a5481cc64485", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1... | Affected: Trend Micro / Trend Micro Apex One, Trend Micro OfficeScan, Trend Micro Worry-Free Business Security | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-36741", "url": "https://www.cve.org/CVERecord?id=CVE-2021-36741"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-36741"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1...", "vendor": "Trend Micro", "product": "Trend Micro Apex One, Trend Micro OfficeScan, Trend Micro Worry-Free Business Security", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b3902d2e-8eb9-45a5-b990-48542aa201ea", "vulnerability": {"vulnId": "CVE-2021-22005", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "b3902d2e-8eb9-45a5-b990-48542aa201ea", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on... | Affected: VMware / VMware vCenter Server, VMware Cloud Foundation | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-22005", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22005"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-22005"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on...", "vendor": "VMware", "product": "VMware vCenter Server, VMware Cloud Foundation", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e16cf0d2-4f5b-474d-8568-dc8fb9ea851d", "vulnerability": {"vulnId": "CVE-2020-8467", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e16cf0d2-4f5b-474d-8568-dc8fb9ea851d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute... | Affected: Trend Micro / Trend Micro OfficeScan, Trend Micro Apex One | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-8467", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8467"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-8467"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute...", "vendor": "Trend Micro", "product": "Trend Micro OfficeScan, Trend Micro Apex One", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cc58ea7c-fa98-4bac-ad41-62d161009a2b", "vulnerability": {"vulnId": "CVE-2017-9248", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "cc58ea7c-fa98-4bac-ad41-62d161009a2b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect... | Affected: Progress / Telerik UI for ASP.NET AJAX | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-9248", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9248"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-9248"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect...", "vendor": "Progress", "product": "Telerik UI for ASP.NET AJAX", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0caaee5b-52f0-4131-8596-5b9dfef3394a", "vulnerability": {"vulnId": "CVE-2021-35395", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "0caaee5b-52f0-4131-8596-5b9dfef3394a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access... | Affected: Realtek / Jungle SDK | CVSS: 9.8 (CRITICAL) | EPSS: 0.98059 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-35395", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35395"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-35395"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access...", "vendor": "Realtek", "product": "Jungle SDK", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.98059, "cvss_severity": "CRITICAL", "epss_percentile": 0.99904, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "bd8954fd-a5fc-4cd0-b831-69154c858e61", "vulnerability": {"vulnId": "CVE-2021-1906", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "bd8954fd-a5fc-4cd0-b831-69154c858e61", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Improper handling of address deregistration on failure can lead to new GPU address allocation failure. in Snapdragon Auto, Snapdragon Compute,... | Affected: Qualcomm, Inc. / Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | CVSS: 6.2 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-1906", "url": "https://www.cve.org/CVERecord?id=CVE-2021-1906"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-1906"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Improper handling of address deregistration on failure can lead to new GPU address allocation failure. in Snapdragon Auto, Snapdragon Compute,...", "vendor": "Qualcomm, Inc.", "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 6.2, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2434c4cb-9397-46ec-97c5-036253a56417", "vulnerability": {"vulnId": "CVE-2012-3152", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2434c4cb-9397-46ec-97c5-036253a56417", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote... | Affected: Oracle / Fusion Middleware | CVSS: 9.1 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2012-3152", "url": "https://www.cve.org/CVERecord?id=CVE-2012-3152"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2012-3152"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote...", "vendor": "Oracle", "product": "Fusion Middleware", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.1, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "bb3628c5-931d-4981-9b2b-c8c59641600b", "vulnerability": {"vulnId": "CVE-2020-6820", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "bb3628c5-931d-4981-9b2b-c8c59641600b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild... | Affected: Mozilla / Thunderbird, Firefox, Firefox ESR | CVSS: 8.1 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-6820", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6820"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-6820"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild...", "vendor": "Mozilla", "product": "Thunderbird, Firefox, Firefox ESR", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f24df4af-cdad-44ac-bf43-73283eed136f", "vulnerability": {"vulnId": "CVE-2019-5544", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "f24df4af-cdad-44ac-bf43-73283eed136f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the... | Affected: VMware / ESXi and Horizon DaaS | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-5544", "url": "https://www.cve.org/CVERecord?id=CVE-2019-5544"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-5544"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the...", "vendor": "VMware", "product": "ESXi and Horizon DaaS", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ce2bc1d6-3aef-4a9c-abf8-c7526ee561bb", "vulnerability": {"vulnId": "CVE-2020-5849", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "ce2bc1d6-3aef-4a9c-abf8-c7526ee561bb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unraid 6.8.0 allows authentication bypass. | Affected: Limetech / Unraid | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-5849", "url": "https://www.cve.org/CVERecord?id=CVE-2020-5849"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-5849"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unraid 6.8.0 allows authentication bypass.", "vendor": "Limetech", "product": "Unraid", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "04e61a23-1536-48cf-8caa-828fe06f210b", "vulnerability": {"vulnId": "CVE-2020-8599", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "04e61a23-1536-48cf-8caa-828fe06f210b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an... | Affected: Trend Micro / Trend Micro OfficeScan, Trend Micro Apex One | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-8599", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8599"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-8599"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an...", "vendor": "Trend Micro", "product": "Trend Micro OfficeScan, Trend Micro Apex One", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "521f6bb7-5fd7-43a9-b074-73adb70761fa", "vulnerability": {"vulnId": "CVE-2021-36742", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "521f6bb7-5fd7-43a9-b074-73adb70761fa", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1... | Affected: Trend Micro / Trend Micro Apex One, Trend Micro OfficeScan, Trend Micro Worry-Free Business Security | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-36742", "url": "https://www.cve.org/CVERecord?id=CVE-2021-36742"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-36742"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1...", "vendor": "Trend Micro", "product": "Trend Micro Apex One, Trend Micro OfficeScan, Trend Micro Worry-Free Business Security", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e1dbf96e-864e-4d79-9722-f45ae57a194f", "vulnerability": {"vulnId": "CVE-2021-20023", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e1dbf96e-864e-4d79-9722-f45ae57a194f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the... | Affected: SonicWall / Email Security | CVSS: 4.9 (MEDIUM) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-20023", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20023"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-20023"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the...", "vendor": "SonicWall", "product": "Email Security", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 4.9, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4e9922f9-e957-4ad7-b43f-c803b95e1f48", "vulnerability": {"vulnId": "CVE-2020-11652", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "4e9922f9-e957-4ad7-b43f-c803b95e1f48", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some... | Affected: SaltStack / Salt | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-11652", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11652"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-11652"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some...", "vendor": "SaltStack", "product": "Salt", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d8536e20-c503-483d-b3b3-333020708ab0", "vulnerability": {"vulnId": "CVE-2020-24557", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "d8536e20-c503-483d-b3b3-333020708ab0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a... | Affected: Trend Micro / Trend Micro Apex One, Trend Micro Worry-Free Business Security | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-24557", "url": "https://www.cve.org/CVERecord?id=CVE-2020-24557"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-24557"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a...", "vendor": "Trend Micro", "product": "Trend Micro Apex One, Trend Micro Worry-Free Business Security", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "47307578-2633-408d-a62e-3209b3089455", "vulnerability": {"vulnId": "CVE-2020-8468", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "47307578-2633-408d-a62e-3209b3089455", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape... | Affected: Trend Micro / Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS) | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-8468", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8468"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-8468"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape...", "vendor": "Trend Micro", "product": "Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS)", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "fec481ca-9fff-4e69-a791-87b8aba0f858", "vulnerability": {"vulnId": "CVE-2019-18187", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "fec481ca-9fff-4e69-a791-87b8aba0f858", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files... | Affected: Trend Micro / Trend Micro OfficeScan | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-18187", "url": "https://www.cve.org/CVERecord?id=CVE-2019-18187"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-18187"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files...", "vendor": "Trend Micro", "product": "Trend Micro OfficeScan", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "12c2cf20-3d4d-4d99-8511-4888b1f3c759", "vulnerability": {"vulnId": "CVE-2019-9082", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "12c2cf20-3d4d-4d99-8511-4888b1f3c759", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via... | Affected: ThinkPHP / ThinkPHP | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-9082", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9082"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-9082"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via...", "vendor": "ThinkPHP", "product": "ThinkPHP", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "91c58266-f6e7-48e9-a296-8a2ff06feb6c", "vulnerability": {"vulnId": "CVE-2021-1905", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "91c58266-f6e7-48e9-a296-8a2ff06feb6c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute,... | Affected: Qualcomm, Inc. / Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | CVSS: 8.4 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-1905", "url": "https://www.cve.org/CVERecord?id=CVE-2021-1905"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-1905"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute,...", "vendor": "Qualcomm, Inc.", "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.4, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "326a1afe-92d3-47c5-ac1d-07c4919bc863", "vulnerability": {"vulnId": "CVE-2019-11539", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "326a1afe-92d3-47c5-ac1d-07c4919bc863", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse... | Affected: Pulse Secure / Pulse Connect Secure | CVSS: 8.0 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-11539", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11539"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-11539"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse...", "vendor": "Pulse Secure", "product": "Pulse Connect Secure", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "87bd3410-3916-445a-9ff1-cff2433021a2", "vulnerability": {"vulnId": "CVE-2019-11510", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "87bd3410-3916-445a-9ff1-cff2433021a2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can... | Affected: Pulse Secure / Pulse Connect Secure | CVSS: 10.0 (CRITICAL) | EPSS: 0.99999 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-11510", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11510"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-11510"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can...", "vendor": "Pulse Secure", "product": "Pulse Connect Secure", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 10.0, "epss_score": 0.99999, "cvss_severity": "CRITICAL", "epss_percentile": 0.99995, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4d223b49-54c2-4195-8f2a-914635214368", "vulnerability": {"vulnId": "CVE-2017-6327", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "4d223b49-54c2-4195-8f2a-914635214368", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual... | Affected: Symantec Corporation / Messaging Gateway | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-6327", "url": "https://www.cve.org/CVERecord?id=CVE-2017-6327"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-6327"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual...", "vendor": "Symantec Corporation", "product": "Messaging Gateway", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4e7608aa-bf7c-48cd-b546-13af91c3670b", "vulnerability": {"vulnId": "CVE-2016-3643", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "4e7608aa-bf7c-48cd-b546-13af91c3670b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated... | Affected: SolarWinds / Virtualization Manager | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-3643", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3643"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-3643"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated...", "vendor": "SolarWinds", "product": "Virtualization Manager", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "509039c9-aa9c-48b3-a4e7-c08e814f86f2", "vulnerability": {"vulnId": "CVE-2020-10148", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "509039c9-aa9c-48b3-a4e7-c08e814f86f2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands | Affected: SolarWinds / Orion Platform | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-10148", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10148"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-10148"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands", "vendor": "SolarWinds", "product": "Orion Platform", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6f3060f1-f041-48d2-b147-1e917ece59c8", "vulnerability": {"vulnId": "CVE-2017-16651", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "6f3060f1-f041-48d2-b147-1e917ece59c8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem,... | Affected: Roundcube / Roundcube Webmail | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-16651", "url": "https://www.cve.org/CVERecord?id=CVE-2017-16651"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-16651"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem,...", "vendor": "Roundcube", "product": "Roundcube Webmail", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4c089301-5181-4220-bc0b-5aeeeb516720", "vulnerability": {"vulnId": "CVE-2020-14750", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "4c089301-5181-4220-bc0b-5aeeeb516720", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are... | Affected: Oracle Corporation / WebLogic Server | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-14750", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14750"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-14750"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are...", "vendor": "Oracle Corporation", "product": "WebLogic Server", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "45c7896f-10ca-4acb-a914-842773b5d530", "vulnerability": {"vulnId": "CVE-2020-1040", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "45c7896f-10ca-4acb-a914-842773b5d530", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated... | Affected: Microsoft / Windows Server | CVSS: 9.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-1040", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1040"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-1040"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated...", "vendor": "Microsoft", "product": "Windows Server", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "09e497bd-6707-4466-917d-daa0082c0acd", "vulnerability": {"vulnId": "CVE-2021-38003", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "09e497bd-6707-4466-917d-daa0082c0acd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-38003", "url": "https://www.cve.org/CVERecord?id=CVE-2021-38003"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-38003"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a...", "vendor": "Google", "product": "Chrome", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "48a5ef91-44c2-4d1a-ae04-dce18de26139", "vulnerability": {"vulnId": "CVE-2020-6287", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "48a5ef91-44c2-4d1a-ae04-dce18de26139", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an... | Affected: SAP SE / SAP NetWeaver AS JAVA (LM Configuration Wizard) | CVSS: 10.0 (CRITICAL) | EPSS: 0.94719 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-6287", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6287"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-6287"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an...", "vendor": "SAP SE", "product": "SAP NetWeaver AS JAVA (LM Configuration Wizard)", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 10.0, "epss_score": 0.94719, "cvss_severity": "CRITICAL", "epss_percentile": 0.99847, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "896ec2bb-b603-416e-b4ed-a5de72033fd1", "vulnerability": {"vulnId": "CVE-2021-1498", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "896ec2bb-b603-416e-b4ed-a5de72033fd1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco HyperFlex HX Command Injection Vulnerabilities | Affected: Cisco / Cisco HyperFlex HX Data Platform | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-1498", "url": "https://www.cve.org/CVERecord?id=CVE-2021-1498"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-1498"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco HyperFlex HX Command Injection Vulnerabilities", "vendor": "Cisco", "product": "Cisco HyperFlex HX Data Platform", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2c6bac3d-35d3-43ae-aff3-b75fc43a4265", "vulnerability": {"vulnId": "CVE-2020-3118", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2c6bac3d-35d3-43ae-aff3-b75fc43a4265", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability | Affected: Cisco / Cisco IOS XR Software | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-3118", "url": "https://www.cve.org/CVERecord?id=CVE-2020-3118"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-3118"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability", "vendor": "Cisco", "product": "Cisco IOS XR Software", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8beafa06-ee4f-42ab-b7e4-54dfc19018a2", "vulnerability": {"vulnId": "CVE-2020-3566", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "8beafa06-ee4f-42ab-b7e4-54dfc19018a2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability | Affected: Cisco / Cisco IOS XR Software | CVSS: 8.6 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-3566", "url": "https://www.cve.org/CVERecord?id=CVE-2020-3566"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-3566"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability", "vendor": "Cisco", "product": "Cisco IOS XR Software", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.6, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "461423ee-a039-4d13-b45c-85775ea980b1", "vulnerability": {"vulnId": "CVE-2010-5326", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "461423ee-a039-4d13-b45c-85775ea980b1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote... | Affected: SAP / NetWeaver Application Server Java | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2010-5326", "url": "https://www.cve.org/CVERecord?id=CVE-2010-5326"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2010-5326"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote...", "vendor": "SAP", "product": "NetWeaver Application Server Java", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "54c73a5d-cf98-4ca9-af34-cb3790d2cc63", "vulnerability": {"vulnId": "CVE-2020-8260", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "54c73a5d-cf98-4ca9-af34-cb3790d2cc63", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code... | Affected: Pulse Secure / Pulse Connect Secure / Pulse Policy Secure | CVSS: 7.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-8260", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8260"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-8260"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code...", "vendor": "Pulse Secure", "product": "Pulse Connect Secure / Pulse Policy Secure", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b7368dd1-07f3-4d3c-b76e-46b0be0b708f", "vulnerability": {"vulnId": "CVE-2020-3161", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "b7368dd1-07f3-4d3c-b76e-46b0be0b708f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco IP Phones Web Server Remote Code Execution and Denial of Service Vulnerability | Affected: Cisco / Cisco IP phone | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-3161", "url": "https://www.cve.org/CVERecord?id=CVE-2020-3161"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-3161"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco IP Phones Web Server Remote Code Execution and Denial of Service Vulnerability", "vendor": "Cisco", "product": "Cisco IP phone", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "769842d8-796b-4e6f-9b0c-2f721bf9dd51", "vulnerability": {"vulnId": "CVE-2020-3452", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "769842d8-796b-4e6f-9b0c-2f721bf9dd51", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability | Affected: Cisco / Cisco Adaptive Security Appliance (ASA) Software | CVSS: 7.5 (HIGH) | EPSS: 0.99992 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-3452", "url": "https://www.cve.org/CVERecord?id=CVE-2020-3452"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-3452"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability", "vendor": "Cisco", "product": "Cisco Adaptive Security Appliance (ASA) Software", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.99992, "cvss_severity": "HIGH", "epss_percentile": 0.99986, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "75e26457-7bda-48f3-8433-63e3200110d8", "vulnerability": {"vulnId": "CVE-2020-3580", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "75e26457-7bda-48f3-8433-63e3200110d8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities | Affected: Cisco / Cisco Adaptive Security Appliance (ASA) Software | CVSS: 6.1 (MEDIUM) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-3580", "url": "https://www.cve.org/CVERecord?id=CVE-2020-3580"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-3580"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities", "vendor": "Cisco", "product": "Cisco Adaptive Security Appliance (ASA) Software", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 6.1, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8c82a612-7819-4b95-b65a-9cf84bc435c0", "vulnerability": {"vulnId": "CVE-2021-1497", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "8c82a612-7819-4b95-b65a-9cf84bc435c0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco HyperFlex HX Command Injection Vulnerabilities | Affected: Cisco / Cisco HyperFlex HX Data Platform | CVSS: 9.8 (CRITICAL) | EPSS: 0.99928 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-1497", "url": "https://www.cve.org/CVERecord?id=CVE-2021-1497"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-1497"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco HyperFlex HX Command Injection Vulnerabilities", "vendor": "Cisco", "product": "Cisco HyperFlex HX Data Platform", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99928, "cvss_severity": "CRITICAL", "epss_percentile": 0.99967, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "faaf6546-adbd-47ef-9168-198876fd67f7", "vulnerability": {"vulnId": "CVE-2020-3569", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "faaf6546-adbd-47ef-9168-198876fd67f7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities | Affected: Cisco / Cisco IOS XR Software | CVSS: 8.6 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-3569", "url": "https://www.cve.org/CVERecord?id=CVE-2020-3569"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-3569"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities", "vendor": "Cisco", "product": "Cisco IOS XR Software", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.6, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d939d031-fb8b-4327-a06d-a46152672806", "vulnerability": {"vulnId": "CVE-2019-1653", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "d939d031-fb8b-4327-a06d-a46152672806", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability | Affected: Cisco / Cisco Small Business RV Series Router Firmware | CVSS: 7.5 (HIGH) | EPSS: 0.99876 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-1653", "url": "https://www.cve.org/CVERecord?id=CVE-2019-1653"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-1653"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability", "vendor": "Cisco", "product": "Cisco Small Business RV Series Router Firmware", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.99876, "cvss_severity": "HIGH", "epss_percentile": 0.99961, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5f20ff92-ff11-41c7-9669-9b7fd8b6be58", "vulnerability": {"vulnId": "CVE-2018-0296", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "5f20ff92-ff11-41c7-9669-9b7fd8b6be58", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an... | Affected: Cisco / Cisco Adaptive Security Appliance unknown | CVSS: 7.5 (HIGH) | EPSS: 0.99903 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-0296", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0296"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-0296"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an...", "vendor": "Cisco", "product": "Cisco Adaptive Security Appliance unknown", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.99903, "cvss_severity": "HIGH", "epss_percentile": 0.99964, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c85b84cc-7d89-4c85-93cb-4cf64f51552a", "vulnerability": {"vulnId": "CVE-2020-8195", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "c85b84cc-7d89-4c85-93cb-4cf64f51552a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix... | Affected: Citrix / Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-8195", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8195"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-8195"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix...", "vendor": "Citrix", "product": "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4af5d010-394e-449b-8a47-66d3358e6334", "vulnerability": {"vulnId": "CVE-2020-8196", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "4af5d010-394e-449b-8a47-66d3358e6334", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix... | Affected: Citrix / Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP | CVSS: 4.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-8196", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8196"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-8196"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix...", "vendor": "Citrix", "product": "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 4.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "891dfc73-d9b9-4051-9d89-72e7b3ad632a", "vulnerability": {"vulnId": "CVE-2019-19781", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "891dfc73-d9b9-4051-9d89-72e7b3ad632a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal. | Affected: Citrix / Application Delivery Controller and Gateway | CVSS: 9.8 (CRITICAL) | EPSS: 0.99999 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-19781", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19781"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-19781"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.", "vendor": "Citrix", "product": "Application Delivery Controller and Gateway", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99999, "cvss_severity": "CRITICAL", "epss_percentile": 0.99998, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "59f4f8d8-8330-4a29-88c3-c0b9eec7ec1e", "vulnerability": {"vulnId": "CVE-2019-8394", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "59f4f8d8-8330-4a29-88c3-c0b9eec7ec1e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization. | Affected: Zoho / ManageEngine ServiceDesk Plus | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-8394", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8394"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-8394"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.", "vendor": "Zoho", "product": "ManageEngine ServiceDesk Plus", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c6c7b76b-728f-466a-9462-e9df9620f9ca", "vulnerability": {"vulnId": "CVE-2019-11634", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "c6c7b76b-728f-466a-9462-e9df9620f9ca", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Citrix Workspace App before 1904 for Windows has Incorrect Access Control. | Affected: Citrix / Workspace App | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-11634", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11634"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-11634"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Citrix Workspace App before 1904 for Windows has Incorrect Access Control.", "vendor": "Citrix", "product": "Workspace App", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "1083963b-3736-445e-9b5c-2368b6b6f3da", "vulnerability": {"vulnId": "CVE-2020-29557", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "1083963b-3736-445e-9b5c-2368b6b6f3da", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to... | Affected: D-Link / DIR-825 R1 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-29557", "url": "https://www.cve.org/CVERecord?id=CVE-2020-29557"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-29557"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to...", "vendor": "D-Link", "product": "DIR-825 R1", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c8aeb228-87d6-46b3-aae1-2d9201aa01f4", "vulnerability": {"vulnId": "CVE-2020-25506", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "c8aeb228-87d6-46b3-aae1-2d9201aa01f4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code... | Affected: D-Link / DNS-320 | CVSS: 9.8 (CRITICAL) | EPSS: 0.99968 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-25506", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25506"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-25506"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code...", "vendor": "D-Link", "product": "DNS-320", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99968, "cvss_severity": "CRITICAL", "epss_percentile": 0.99978, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "30f9cf14-9eec-4b17-8dba-9b9fc120ed22", "vulnerability": {"vulnId": "CVE-2017-9822", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "30f9cf14-9eec-4b17-8dba-9b9fc120ed22", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka \"2017-08 (Critical) Possible remote code execution on DNN sites.\" | Affected: DotNetNuke / DotNetNuke CMS Fixed in 9.1.1 | CVSS: 8.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-9822", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9822"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-9822"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka \"2017-08 (Critical) Possible remote code execution on DNN sites.\"", "vendor": "DotNetNuke", "product": "DotNetNuke CMS Fixed in 9.1.1", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "96f463ed-1a72-45da-9529-ec490723d919", "vulnerability": {"vulnId": "CVE-2019-15752", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "96f463ed-1a72-45da-9529-ec490723d919", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file... | Affected: Docker / Docker Desktop Community Edition | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-15752", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15752"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-15752"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file...", "vendor": "Docker", "product": "Docker Desktop Community Edition", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9dbc3040-5f5e-40ee-abaf-983078fc524b", "vulnerability": {"vulnId": "CVE-2020-0601", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "9dbc3040-5f5e-40ee-abaf-983078fc524b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker... | Affected: Microsoft / Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation), Windows 10 Version 1909 for 32-bit Systems, Windows 10 Version 1909 for x64-based Systems, Windows Server, version 1909 (Server Core installation), Windows 10 Version 1909 for ARM64-based Systems | CVSS: 8.1 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-0601", "url": "https://www.cve.org/CVERecord?id=CVE-2020-0601"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-0601"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker...", "vendor": "Microsoft", "product": "Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation), Windows 10 Version 1909 for 32-bit Systems, Windows 10 Version 1909 for x64-based Systems, Windows Server, version 1909 (Server Core installation), Windows 10 Version 1909 for ARM64-based Systems", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c5ca31d9-156f-48e6-ac94-cd89accc8122", "vulnerability": {"vulnId": "CVE-2021-26084", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "c5ca31d9-156f-48e6-ac94-cd89accc8122", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to... | Affected: Atlassian / Confluence Server, Confluence Data Center | CVSS: 9.8 (CRITICAL) | EPSS: 0.99999 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-26084", "url": "https://www.cve.org/CVERecord?id=CVE-2021-26084"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-26084"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to...", "vendor": "Atlassian", "product": "Confluence Server, Confluence Data Center", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99999, "cvss_severity": "CRITICAL", "epss_percentile": 0.99992, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2ede7ee5-4b32-4923-b72d-c4b893776d47", "vulnerability": {"vulnId": "CVE-2021-28663", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2ede7ee5-4b32-4923-b72d-c4b893776d47", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a... | Affected: Arm / Mali GPU kernel driver | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-28663", "url": "https://www.cve.org/CVERecord?id=CVE-2021-28663"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-28663"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a...", "vendor": "Arm", "product": "Mali GPU kernel driver", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c680e9d9-e2c3-46b1-9698-4a42ac1d5f1b", "vulnerability": {"vulnId": "CVE-2021-20090", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "c680e9d9-e2c3-46b1-9698-4a42ac1d5f1b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <=... | Affected: Buffalo / Buffalo WSR-2533DHPL2, Buffalo WSR-2533DHP3 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-20090", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20090"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-20090"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <=...", "vendor": "Buffalo", "product": "Buffalo WSR-2533DHPL2, Buffalo WSR-2533DHP3", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "33f76683-7c82-43bf-9b7b-df0aa734dd6f", "vulnerability": {"vulnId": "CVE-2021-30869", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "33f76683-7c82-43bf-9b7b-df0aa734dd6f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 12.5.5, iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2,... | Affected: Apple / iOS and iPadOS, macOS | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-30869", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30869"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-30869"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 12.5.5, iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2,...", "vendor": "Apple", "product": "iOS and iPadOS, macOS", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a75e50f2-5a1a-4297-94bf-fc832a5a06e9", "vulnerability": {"vulnId": "CVE-2021-30761", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a75e50f2-5a1a-4297-94bf-fc832a5a06e9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web... | Affected: Apple / iOS | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-30761", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30761"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-30761"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web...", "vendor": "Apple", "product": "iOS", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c1654561-9916-40a0-be1a-f631d1f41ac1", "vulnerability": {"vulnId": "CVE-2021-30663", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "c1654561-9916-40a0-be1a-f631d1f41ac1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3,... | Affected: Apple / macOS | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-30663", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30663"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-30663"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3,...", "vendor": "Apple", "product": "macOS", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "54574a56-ae50-4b8f-968c-da641e7df5a5", "vulnerability": {"vulnId": "CVE-2021-30666", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "54574a56-ae50-4b8f-968c-da641e7df5a5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content... | Affected: Apple / iOS | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-30666", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30666"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-30666"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content...", "vendor": "Apple", "product": "iOS", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6d6b8a29-3c6a-495a-9476-62b2dcd478e9", "vulnerability": {"vulnId": "CVE-2021-1879", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "6d6b8a29-3c6a-495a-9476-62b2dcd478e9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS... | Affected: Apple / iOS and iPadOS, iOS, watchOS | CVSS: 6.1 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-1879", "url": "https://www.cve.org/CVERecord?id=CVE-2021-1879"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-1879"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS...", "vendor": "Apple", "product": "iOS and iPadOS, iOS, watchOS", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 6.1, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3e6e9d2d-8fb7-4c8b-afb2-b21b2495ba5a", "vulnerability": {"vulnId": "CVE-2021-1870", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "3e6e9d2d-8fb7-4c8b-afb2-b21b2495ba5a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security... | Affected: Apple / iOS and iPadOS, macOS | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-1870", "url": "https://www.cve.org/CVERecord?id=CVE-2021-1870"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-1870"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security...", "vendor": "Apple", "product": "iOS and iPadOS, macOS", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "635c5327-ef37-4f66-9253-2439d3eca935", "vulnerability": {"vulnId": "CVE-2018-0171", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "635c5327-ef37-4f66-9253-2439d3eca935", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to... | Affected: Cisco / Cisco IOS and IOS XE | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-0171", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0171"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-0171"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to...", "vendor": "Cisco", "product": "Cisco IOS and IOS XE", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "fcb119a6-716d-4483-a1dc-591452b8c3da", "vulnerability": {"vulnId": "CVE-2021-1782", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "fcb119a6-716d-4483-a1dc-591452b8c3da", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update... | Affected: Apple / iOS and iPadOS, macOS | CVSS: 7.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-1782", "url": "https://www.cve.org/CVERecord?id=CVE-2021-1782"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-1782"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update...", "vendor": "Apple", "product": "iOS and iPadOS, macOS", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "265d4631-49fb-436a-a1ab-18aeeb010bc7", "vulnerability": {"vulnId": "CVE-2021-30762", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "265d4631-49fb-436a-a1ab-18aeeb010bc7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content... | Affected: Apple / iOS | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-30762", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30762"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-30762"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content...", "vendor": "Apple", "product": "iOS", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5d3a696e-df00-49a4-ab51-0d5236f25f49", "vulnerability": {"vulnId": "CVE-2021-1871", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "5d3a696e-df00-49a4-ab51-0d5236f25f49", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security... | Affected: Apple / iOS and iPadOS, macOS | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-1871", "url": "https://www.cve.org/CVERecord?id=CVE-2021-1871"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-1871"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security...", "vendor": "Apple", "product": "iOS and iPadOS, macOS", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "00299a39-18d1-43e6-9aa6-50d0e154fa98", "vulnerability": {"vulnId": "CVE-2016-9563", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "00299a39-18d1-43e6-9aa6-50d0e154fa98", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the... | Affected: SAP / NetWeaver AS JAVA | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-9563", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9563"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-9563"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the...", "vendor": "SAP", "product": "NetWeaver AS JAVA", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "60187cf3-0066-494e-a13e-e77852720a0e", "vulnerability": {"vulnId": "CVE-2020-6207", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "60187cf3-0066-494e-a13e-e77852720a0e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a... | Affected: SAP SE / SAP Solution Manager (User Experience Monitoring) | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-6207", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6207"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-6207"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a...", "vendor": "SAP SE", "product": "SAP Solution Manager (User Experience Monitoring)", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3bfb8c6a-e7c2-459b-9886-625898f88953", "vulnerability": {"vulnId": "CVE-2020-10199", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "3bfb8c6a-e7c2-459b-9886-625898f88953", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2). | Affected: Sonatype / Nexus Repository | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-10199", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10199"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-10199"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).", "vendor": "Sonatype", "product": "Nexus Repository", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a40bf844-cbe4-4a97-b5f7-e67824c4042d", "vulnerability": {"vulnId": "CVE-2019-7481", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a40bf844-cbe4-4a97-b5f7-e67824c4042d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. This vulnerablity impacted SMA100... | Affected: SonicWall / SMA100 | CVSS: 7.5 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-7481", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7481"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-7481"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. This vulnerablity impacted SMA100...", "vendor": "SonicWall", "product": "SMA100", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ac194421-83cc-45a9-9b04-b9f43ce72e07", "vulnerability": {"vulnId": "CVE-2018-14558", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "ac194421-83cc-45a9-9b04-b9f43ce72e07", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through... | Affected: Tenda / AC7, AC9, AC10 | CVSS: 9.8 (CRITICAL) | EPSS: 0.08672 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-14558", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14558"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-14558"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through...", "vendor": "Tenda", "product": "AC7, AC9, AC10", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.08672, "cvss_severity": "CRITICAL", "epss_percentile": 0.94435, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "34da8b7a-e7ac-463d-bb64-719adf34dc8d", "vulnerability": {"vulnId": "CVE-2020-9819", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "34da8b7a-e7ac-463d-bb64-719adf34dc8d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5,... | Affected: Apple / iOS, iOS-1, watchOS, watchOS-1 | CVSS: 4.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-9819", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9819"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-9819"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5,...", "vendor": "Apple", "product": "iOS, iOS-1, watchOS, watchOS-1", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 4.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9590b7b7-1c27-4410-b817-662e0ddac34a", "vulnerability": {"vulnId": "CVE-2019-6223", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "9590b7b7-1c27-4410-b817-662e0ddac34a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS... | Affected: Apple / iOS, macOS | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-6223", "url": "https://www.cve.org/CVERecord?id=CVE-2019-6223"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-6223"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS...", "vendor": "Apple", "product": "iOS, macOS", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9f473d7e-2b52-498b-a7f0-c09e3389ab3a", "vulnerability": {"vulnId": "CVE-2017-5638", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "9f473d7e-2b52-498b-a7f0-c09e3389ab3a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message... | Affected: Apache Software Foundation / Apache Struts | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-5638", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5638"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-5638"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message...", "vendor": "Apache Software Foundation", "product": "Apache Struts", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "255defaf-ceb2-420d-8ebc-b7a4109a80bb", "vulnerability": {"vulnId": "CVE-2021-21017", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "255defaf-ceb2-420d-8ebc-b7a4109a80bb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Acrobat Reader DC Heap-based Buffer Overflow Vulnerability Could Lead To Arbitrary Code Execution | Affected: Adobe / Acrobat Reader | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-21017", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21017"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-21017"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Acrobat Reader DC Heap-based Buffer Overflow Vulnerability Could Lead To Arbitrary Code Execution", "vendor": "Adobe", "product": "Acrobat Reader", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "121194f1-54fd-479c-bbb1-bc6fbc993943", "vulnerability": {"vulnId": "CVE-2021-27103", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "121194f1-54fd-479c-bbb1-bc6fbc993943", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later. | Affected: Accellion / FTA | CVSS: 9.8 (CRITICAL) | EPSS: 0.11406 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-27103", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27103"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-27103"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later.", "vendor": "Accellion", "product": "FTA", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.11406, "cvss_severity": "CRITICAL", "epss_percentile": 0.95441, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a4ccbd79-a10f-4493-ab40-3f66e82605da", "vulnerability": {"vulnId": "CVE-2021-27101", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a4ccbd79-a10f-4493-ab40-3f66e82605da", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is... | Affected: Accellion / FTA | CVSS: 9.8 (CRITICAL) | EPSS: 0.05998 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-27101", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27101"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-27101"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is...", "vendor": "Accellion", "product": "FTA", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.05998, "cvss_severity": "CRITICAL", "epss_percentile": 0.92386, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "41aeac0b-012b-409f-8161-3911817f0c3e", "vulnerability": {"vulnId": "CVE-2020-9818", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "41aeac0b-012b-409f-8161-3911817f0c3e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS... | Affected: Apple / iOS, iOS-1, watchOS | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-9818", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9818"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-9818"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS...", "vendor": "Apple", "product": "iOS, iOS-1, watchOS", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b9523f43-c3bc-43e6-85f4-bdbbbb4b066c", "vulnerability": {"vulnId": "CVE-2020-27932", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "b9523f43-c3bc-43e6-85f4-bdbbbb4b066c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS... | Affected: Apple / watchOS, iOS and iPadOS, macOS | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-27932", "url": "https://www.cve.org/CVERecord?id=CVE-2020-27932"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-27932"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS...", "vendor": "Apple", "product": "watchOS, iOS and iPadOS, macOS", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f8b91f51-fb54-4d62-9e19-d9d28469c86f", "vulnerability": {"vulnId": "CVE-2020-27950", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "f8b91f51-fb54-4d62-9e19-d9d28469c86f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update... | Affected: Apple / watchOS, iOS and iPadOS, macOS | CVSS: 5.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-27950", "url": "https://www.cve.org/CVERecord?id=CVE-2020-27950"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-27950"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update...", "vendor": "Apple", "product": "watchOS, iOS and iPadOS, macOS", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 5.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0142a1b5-5dfe-4666-ac07-4872395f1d76", "vulnerability": {"vulnId": "CVE-2016-4437", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "0142a1b5-5dfe-4666-ac07-4872395f1d76", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Apache Shiro before 1.2.5, when a cipher key has not been configured for the \"remember me\" feature, allows remote attackers to execute arbitrary... | Affected: Apache / Shiro | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-4437", "url": "https://www.cve.org/CVERecord?id=CVE-2016-4437"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-4437"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Apache Shiro before 1.2.5, when a cipher key has not been configured for the \"remember me\" feature, allows remote attackers to execute arbitrary...", "vendor": "Apache", "product": "Shiro", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ab523586-a550-46d0-9c01-7b8d6d407155", "vulnerability": {"vulnId": "CVE-2019-0211", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "ab523586-a550-46d0-9c01-7b8d6d407155", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or... | Affected: Apache / Apache HTTP Server | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-0211", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0211"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-0211"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or...", "vendor": "Apache", "product": "Apache HTTP Server", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7de1c345-82e9-4f95-a258-15926bce4f4b", "vulnerability": {"vulnId": "CVE-2021-41773", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "7de1c345-82e9-4f95-a258-15926bce4f4b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 | Affected: Apache Software Foundation / Apache HTTP Server | CVSS: 7.5 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-41773", "url": "https://www.cve.org/CVERecord?id=CVE-2021-41773"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-41773"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49", "vendor": "Apache Software Foundation", "product": "Apache HTTP Server", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "02f15046-864d-4456-98a4-369c84723aa8", "vulnerability": {"vulnId": "CVE-2021-42013", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "02f15046-864d-4456-98a4-369c84723aa8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) | Affected: Apache Software Foundation / Apache HTTP Server | CVSS: 9.8 (CRITICAL) | EPSS: 0.99964 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-42013", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42013"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-42013"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)", "vendor": "Apache Software Foundation", "product": "Apache HTTP Server", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99964, "cvss_severity": "CRITICAL", "epss_percentile": 0.99976, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4e560787-d504-4613-ba4f-5947e561e2e4", "vulnerability": {"vulnId": "CVE-2020-27930", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "4e560787-d504-4613-ba4f-5947e561e2e4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9,... | Affected: Apple / watchOS, iOS and iPadOS, macOS | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-27930", "url": "https://www.cve.org/CVERecord?id=CVE-2020-27930"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-27930"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9,...", "vendor": "Apple", "product": "watchOS, iOS and iPadOS, macOS", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c2c7e0e0-d473-469d-84bf-15351f0a1ab8", "vulnerability": {"vulnId": "CVE-2021-30860", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "c2c7e0e0-d473-469d-84bf-15351f0a1ab8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS... | Affected: Apple / macOS, watchOS, iOS | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-30860", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30860"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-30860"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS...", "vendor": "Apple", "product": "macOS, watchOS, iOS", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2e874c2f-7132-47fd-a177-6d306f97c7d2", "vulnerability": {"vulnId": "CVE-2021-30858", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2e874c2f-7132-47fd-a177-6d306f97c7d2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6.... | Affected: Apple / macOS, iOS | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-30858", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30858"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-30858"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6....", "vendor": "Apple", "product": "macOS, iOS", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ca867985-cad6-4fff-8631-ac08a63b6bb3", "vulnerability": {"vulnId": "CVE-2018-11776", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "ca867985-cad6-4fff-8631-ac08a63b6bb3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by... | Affected: Apache Software Foundation / Apache Struts | CVSS: 8.1 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-11776", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11776"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-11776"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by...", "vendor": "Apache Software Foundation", "product": "Apache Struts", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "aef74227-e97e-49f0-88fd-b065ec0dba48", "vulnerability": {"vulnId": "CVE-2017-9805", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "aef74227-e97e-49f0-88fd-b065ec0dba48", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for... | Affected: Apache Software Foundation / Apache Struts | CVSS: 8.1 (HIGH) | EPSS: 0.99461 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-9805", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9805"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-9805"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for...", "vendor": "Apache Software Foundation", "product": "Apache Struts", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.1, "epss_score": 0.99461, "cvss_severity": "HIGH", "epss_percentile": 0.99937, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b504e39f-fae6-4736-a25c-12e400a77ebe", "vulnerability": {"vulnId": "CVE-2020-0069", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "b504e39f-fae6-4736-a25c-12e400a77ebe", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and... | Affected: Mediatek / Android | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-0069", "url": "https://www.cve.org/CVERecord?id=CVE-2020-0069"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-0069"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and...", "vendor": "Mediatek", "product": "Android", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0728b4a1-9fd0-454d-87fb-b3b668f42549", "vulnerability": {"vulnId": "CVE-2020-0041", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "0728b4a1-9fd0-454d-87fb-b3b668f42549", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of... | Affected: Google / Android | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-0041", "url": "https://www.cve.org/CVERecord?id=CVE-2020-0041"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-0041"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of...", "vendor": "Google", "product": "Android", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b3fb7253-3725-493e-9839-7aa64a19fbd0", "vulnerability": {"vulnId": "CVE-2020-5735", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "b3fb7253-3725-493e-9839-7aa64a19fbd0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to... | Affected: Amcrest / Amcrest | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-5735", "url": "https://www.cve.org/CVERecord?id=CVE-2020-5735"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-5735"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to...", "vendor": "Amcrest", "product": "Amcrest", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6d9512e9-216c-4b60-b03c-ab82d734ae41", "vulnerability": {"vulnId": "CVE-2018-4878", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "6d9512e9-216c-4b60-b03c-ab82d734ae41", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the... | Affected: Adobe / Adobe Flash Player before 28.0.0.161 | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-4878", "url": "https://www.cve.org/CVERecord?id=CVE-2018-4878"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-4878"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the...", "vendor": "Adobe", "product": "Adobe Flash Player before 28.0.0.161", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "bb4271af-9b73-44db-9d7d-64815e99ede9", "vulnerability": {"vulnId": "CVE-2021-28664", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "bb4271af-9b73-44db-9d7d-64815e99ede9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve... | Affected: Arm / Mali GPU kernel driver | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-28664", "url": "https://www.cve.org/CVERecord?id=CVE-2021-28664"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-28664"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve...", "vendor": "Arm", "product": "Mali GPU kernel driver", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2e4ab130-255f-4eef-aaaf-d61672777be5", "vulnerability": {"vulnId": "CVE-2021-42258", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2e4ab130-255f-4eef-aaaf-d61672777be5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild... | Affected: BQE / BillQuick Web Suite | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-42258", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42258"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-42258"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild...", "vendor": "BQE", "product": "BillQuick Web Suite", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "055c0f9e-e56a-4740-90bf-e8ea5ee14938", "vulnerability": {"vulnId": "CVE-2021-21985", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "055c0f9e-e56a-4740-90bf-e8ea5ee14938", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in... | Affected: VMware / VMware vCenter Server and VMware Cloud Foundation | CVSS: 9.8 (CRITICAL) | EPSS: 0.99999 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-21985", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21985"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-21985"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in...", "vendor": "VMware", "product": "VMware vCenter Server and VMware Cloud Foundation", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99999, "cvss_severity": "CRITICAL", "epss_percentile": 0.99992, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "30974f9b-b342-4d9e-baaf-2098b965dcd9", "vulnerability": {"vulnId": "CVE-2021-21972", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "30974f9b-b342-4d9e-baaf-2098b965dcd9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port... | Affected: VMware / VMware vCenter Server, VMware Cloud Foundation | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-21972", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21972"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-21972"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port...", "vendor": "VMware", "product": "VMware vCenter Server, VMware Cloud Foundation", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f7b267c1-0fef-4177-a188-c0a231dcdd76", "vulnerability": {"vulnId": "CVE-2018-15961", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "f7b267c1-0fef-4177-a188-c0a231dcdd76", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload... | Affected: Adobe / ColdFusion | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-15961", "url": "https://www.cve.org/CVERecord?id=CVE-2018-15961"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-15961"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload...", "vendor": "Adobe", "product": "ColdFusion", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f4c38585-7a5b-41da-ac65-b4ef0fe10cc8", "vulnerability": {"vulnId": "CVE-2020-17496", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "f4c38585-7a5b-41da-ac65-b4ef0fe10cc8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel... | Affected: vBulletin / vBulletin | CVSS: 9.8 (CRITICAL) | EPSS: 0.8774 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-17496", "url": "https://www.cve.org/CVERecord?id=CVE-2020-17496"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-17496"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel...", "vendor": "vBulletin", "product": "vBulletin", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.8774, "cvss_severity": "CRITICAL", "epss_percentile": 0.99738, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f479858a-8a64-453e-8610-72f026515cf8", "vulnerability": {"vulnId": "CVE-2021-27562", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "f479858a-8a64-453e-8610-72f026515cf8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when... | Affected: Arm / Trusted Firmware M | CVSS: 5.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-27562", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27562"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-27562"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when...", "vendor": "Arm", "product": "Trusted Firmware M", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 5.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f76ce0b1-6bba-4918-8bc7-8dcee0571c66", "vulnerability": {"vulnId": "CVE-2021-27102", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "f76ce0b1-6bba-4918-8bc7-8dcee0571c66", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later. | Affected: Accellion / FTA | CVSS: 7.8 (HIGH) | EPSS: 0.03654 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-27102", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27102"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-27102"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later.", "vendor": "Accellion", "product": "FTA", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": 0.03654, "cvss_severity": "HIGH", "epss_percentile": 0.88166, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "926dc2be-dfa4-4e76-906b-90d6a2ab84e1", "vulnerability": {"vulnId": "CVE-2019-16759", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "926dc2be-dfa4-4e76-906b-90d6a2ab84e1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. | Affected: vBulletin / vBulletin | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-16759", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16759"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-16759"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.", "vendor": "vBulletin", "product": "vBulletin", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "662e37c3-4dea-4037-b572-13066b5e1aa4", "vulnerability": {"vulnId": "CVE-2020-5847", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "662e37c3-4dea-4037-b572-13066b5e1aa4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unraid through 6.8.0 allows Remote Code Execution. | Affected: Lime Technology / Unraid | CVSS: 9.8 (CRITICAL) | EPSS: 0.95844 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-5847", "url": "https://www.cve.org/CVERecord?id=CVE-2020-5847"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-5847"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unraid through 6.8.0 allows Remote Code Execution.", "vendor": "Lime Technology", "product": "Unraid", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.95844, "cvss_severity": "CRITICAL", "epss_percentile": 0.99865, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "34c54f99-a959-4dd2-88e0-292b0a23a4f1", "vulnerability": {"vulnId": "CVE-2020-10987", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "34c54f99-a959-4dd2-88e0-292b0a23a4f1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the... | Affected: Tenda / AC15 AC1900 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-10987", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10987"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-10987"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the...", "vendor": "Tenda", "product": "AC15 AC1900", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "bfabecc6-7390-4bc8-8472-3f15ca0157ff", "vulnerability": {"vulnId": "CVE-2021-31755", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "bfabecc6-7390-4bc8-8472-3f15ca0157ff", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows... | Affected: Tenda / AC11 | CVSS: 9.8 (CRITICAL) | EPSS: 0.85849 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-31755", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31755"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-31755"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows...", "vendor": "Tenda", "product": "AC11", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.85849, "cvss_severity": "CRITICAL", "epss_percentile": 0.99699, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4039507d-7f57-42fd-aa8f-92dfbc730b50", "vulnerability": {"vulnId": "CVE-2019-18988", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "4039507d-7f57-42fd-aa8f-92dfbc730b50", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers'... | Affected: TeamViewer / TeamViewer Desktop | CVSS: 7.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-18988", "url": "https://www.cve.org/CVERecord?id=CVE-2019-18988"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-18988"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers'...", "vendor": "TeamViewer", "product": "TeamViewer Desktop", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "24ac4f0a-bc78-4a65-8319-1c11fee9348f", "vulnerability": {"vulnId": "CVE-2021-40539", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "24ac4f0a-bc78-4a65-8319-1c11fee9348f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution. | Affected: Zoho / ManageEngine ADSelfService Plus | CVSS: 9.8 (CRITICAL) | EPSS: 0.9896 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-40539", "url": "https://www.cve.org/CVERecord?id=CVE-2021-40539"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-40539"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.", "vendor": "Zoho", "product": "ManageEngine ADSelfService Plus", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.9896, "cvss_severity": "CRITICAL", "epss_percentile": 0.99924, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d2ac9408-9dcb-423c-b6e2-84edc4035c50", "vulnerability": {"vulnId": "CVE-2020-3950", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "d2ac9408-9dcb-423c-b6e2-84edc4035c50", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before... | Affected: VMware / VMware Fusion, VMware Remote Console for Mac and Horizon Client for Mac | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-3950", "url": "https://www.cve.org/CVERecord?id=CVE-2020-3950"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-3950"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before...", "vendor": "VMware", "product": "VMware Fusion, VMware Remote Console for Mac and Horizon Client for Mac", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a6f5b73c-cd91-4430-bb43-ea9cf5d8222c", "vulnerability": {"vulnId": "CVE-2020-29583", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a6f5b73c-cd91-4430-bb43-ea9cf5d8222c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account... | Affected: Zyxel / USG devices | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-29583", "url": "https://www.cve.org/CVERecord?id=CVE-2020-29583"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-29583"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account...", "vendor": "Zyxel", "product": "USG devices", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f4dad4ea-c9af-495c-8086-91ec5c0b64a5", "vulnerability": {"vulnId": "CVE-2020-4006", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "f4dad4ea-c9af-495c-8086-91ec5c0b64a5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. | Affected: VMware / VMware Workspace One Access (Access), VMware Workspace One Access Connector (Access Connector), VMware Identity Manager (vIDM), VMware Identity Manager Connector (vIDM Connector), VMware Cloud Foundation, vRealize Suite Lifecycle Manager | CVSS: 9.1 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-4006", "url": "https://www.cve.org/CVERecord?id=CVE-2020-4006"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-4006"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.", "vendor": "VMware", "product": "VMware Workspace One Access (Access), VMware Workspace One Access Connector (Access Connector), VMware Identity Manager (vIDM), VMware Identity Manager Connector (vIDM Connector), VMware Cloud Foundation, vRealize Suite Lifecycle Manager", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.1, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a9a7154e-d807-41e2-ae9a-4e8a50641bbd", "vulnerability": {"vulnId": "CVE-2019-1367", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a9a7154e-d807-41e2-ae9a-4e8a50641bbd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting... | Affected: Microsoft / Internet Explorer 9, Internet Explorer 11, Internet Explorer 11 on Windows Server 2012, Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems, Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems, Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems, Internet Explorer 10 | CVSS: 7.5 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-1367", "url": "https://www.cve.org/CVERecord?id=CVE-2019-1367"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-1367"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting...", "vendor": "Microsoft", "product": "Internet Explorer 9, Internet Explorer 11, Internet Explorer 11 on Windows Server 2012, Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems, Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems, Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems, Internet Explorer 10", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cc8eca25-ad1b-486b-b483-458cb3dd2513", "vulnerability": {"vulnId": "CVE-2020-1147", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "cc8eca25-ad1b-486b-b483-458cb3dd2513", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source... | Affected: Microsoft / Microsoft SharePoint Enterprise Server, Microsoft SharePoint Server, Microsoft Visual Studio 2019, Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5), Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8), Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3), .NET Core, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems, Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems, Microsoft .NET Framework 4.8 on Windows Server, version 1803  (Server Core Installation), Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems, Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems, Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems, Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems, Microsoft .NET Framework 4.8 on Windows Server 2016, Microsoft .NET Framework 4.8 on Windows Server 2016  (Server Core installation), Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1, Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1, Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems, Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems, Microsoft .NET Framework 4.8 on Windows RT 8.1, Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1, Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation), Microsoft .NET Framework 4.8 on Windows Server 2012, Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation), Microsoft .NET Framework 4.8 on Windows Server 2012 R2, Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation), Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019, Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019  (Server Core installation), Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation), Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation), Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803  (Server Core Installation), Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019  (Server Core installation), Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016, Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016  (Server Core installation), Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems, Microsoft .NET Framework 4.6, Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based Systems, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for ARM64-based Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 2004 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 2004 (Server Core installation), Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for ARM64-based Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for ARM64-based Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 2004 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 2004 for ARM64-based Systems | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-1147", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1147"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-1147"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source...", "vendor": "Microsoft", "product": "Microsoft SharePoint Enterprise Server, Microsoft SharePoint Server, Microsoft Visual Studio 2019, Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5), Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8), Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3), .NET Core, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems, Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems, Microsoft .NET Framework 4.8 on Windows Server, version 1803  (Server Core Installation), Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems, Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems, Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems, Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems, Microsoft .NET Framework 4.8 on Windows Server 2016, Microsoft .NET Framework 4.8 on Windows Server 2016  (Server Core installation), Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1, Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1, Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems, Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems, Microsoft .NET Framework 4.8 on Windows RT 8.1, Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1, Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation), Microsoft .NET Framework 4.8 on Windows Server 2012, Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation), Microsoft .NET Framework 4.8 on Windows Server 2012 R2, Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation), Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019, Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019  (Server Core installation), Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation), Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation), Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803  (Server Core Installation), Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019  (Server Core installation), Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016, Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016  (Server Core installation), Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems, Microsoft .NET Framework 4.6, Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based Systems, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for ARM64-based Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 2004 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 2004 (Server Core installation), Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for ARM64-based Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for ARM64-based Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 2004 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 2004 for ARM64-based Systems", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a9fdc827-4889-48da-8463-909eae9fc3b8", "vulnerability": {"vulnId": "CVE-2019-0803", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a9fdc827-4889-48da-8463-909eae9fc3b8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k... | Affected: Microsoft / Windows, Windows Server | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-0803", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0803"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-0803"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k...", "vendor": "Microsoft", "product": "Windows, Windows Server", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "76413558-42eb-42b6-9469-073d4fdfc876", "vulnerability": {"vulnId": "CVE-2020-0968", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "76413558-42eb-42b6-9469-073d4fdfc876", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting... | Affected: Microsoft / Internet Explorer 9, Internet Explorer 11, Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems, Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems, Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems, Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems, Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems, Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems, Internet Explorer 11 on Windows Server 2012 | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-0968", "url": "https://www.cve.org/CVERecord?id=CVE-2020-0968"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-0968"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting...", "vendor": "Microsoft", "product": "Internet Explorer 9, Internet Explorer 11, Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems, Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems, Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems, Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems, Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems, Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems, Internet Explorer 11 on Windows Server 2012", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "689a1567-2b26-4e7f-9bf7-77e3a951a6c7", "vulnerability": {"vulnId": "CVE-2021-26855", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "689a1567-2b26-4e7f-9bf7-77e3a951a6c7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Exchange Server Remote Code Execution Vulnerability | Affected: Microsoft / Microsoft Exchange Server 2016 Cumulative Update 19, Microsoft Exchange Server 2019 Cumulative Update 8, Microsoft Exchange Server 2019, Microsoft Exchange Server 2013 Cumulative Update 22, Microsoft Exchange Server 2019 Cumulative Update 2, Microsoft Exchange Server 2016 Cumulative Update 13, Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 3, Microsoft Exchange Server 2016 Cumulative Update 14, Microsoft Exchange Server 2019 Cumulative Update 4, Microsoft Exchange Server 2016 Cumulative Update 15, Microsoft Exchange Server 2019 Cumulative Update 5, Microsoft Exchange Server 2019 Cumulative Update 6, Microsoft Exchange Server 2016 Cumulative Update 16, Microsoft Exchange Server 2016 Cumulative Update 17, Microsoft Exchange Server 2019 Cumulative Update 7, Microsoft Exchange Server 2016 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 21, Microsoft Exchange Server 2016 Cumulative Update 12, Microsoft Exchange Server 2016 Cumulative Update 8, Microsoft Exchange Server 2019 Cumulative Update 1, Microsoft Exchange Server 2016 Cumulative Update 9, Microsoft Exchange Server 2016 Cumulative Update 10, Microsoft Exchange Server 2016 Cumulative Update 11 | CVSS: 9.1 (CRITICAL) | EPSS: 0.99999 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-26855", "url": "https://www.cve.org/CVERecord?id=CVE-2021-26855"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-26855"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Exchange Server Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Microsoft Exchange Server 2016 Cumulative Update 19, Microsoft Exchange Server 2019 Cumulative Update 8, Microsoft Exchange Server 2019, Microsoft Exchange Server 2013 Cumulative Update 22, Microsoft Exchange Server 2019 Cumulative Update 2, Microsoft Exchange Server 2016 Cumulative Update 13, Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 3, Microsoft Exchange Server 2016 Cumulative Update 14, Microsoft Exchange Server 2019 Cumulative Update 4, Microsoft Exchange Server 2016 Cumulative Update 15, Microsoft Exchange Server 2019 Cumulative Update 5, Microsoft Exchange Server 2019 Cumulative Update 6, Microsoft Exchange Server 2016 Cumulative Update 16, Microsoft Exchange Server 2016 Cumulative Update 17, Microsoft Exchange Server 2019 Cumulative Update 7, Microsoft Exchange Server 2016 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 21, Microsoft Exchange Server 2016 Cumulative Update 12, Microsoft Exchange Server 2016 Cumulative Update 8, Microsoft Exchange Server 2019 Cumulative Update 1, Microsoft Exchange Server 2016 Cumulative Update 9, Microsoft Exchange Server 2016 Cumulative Update 10, Microsoft Exchange Server 2016 Cumulative Update 11", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.1, "epss_score": 0.99999, "cvss_severity": "CRITICAL", "epss_percentile": 0.99997, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8fa9220c-8b89-42af-b8b0-4df4ef605288", "vulnerability": {"vulnId": "CVE-2021-27065", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "8fa9220c-8b89-42af-b8b0-4df4ef605288", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Exchange Server Remote Code Execution Vulnerability | Affected: Microsoft / Microsoft Exchange Server 2019, Microsoft Exchange Server 2013 Cumulative Update 22, Microsoft Exchange Server 2019 Cumulative Update 2, Microsoft Exchange Server 2016 Cumulative Update 13, Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 3, Microsoft Exchange Server 2016 Cumulative Update 14, Microsoft Exchange Server 2019 Cumulative Update 4, Microsoft Exchange Server 2016 Cumulative Update 15, Microsoft Exchange Server 2019 Cumulative Update 5, Microsoft Exchange Server 2019 Cumulative Update 6, Microsoft Exchange Server 2016 Cumulative Update 16, Microsoft Exchange Server 2016 Cumulative Update 17, Microsoft Exchange Server 2019 Cumulative Update 7, Microsoft Exchange Server 2016 Cumulative Update 18, Microsoft Exchange Server 2016 Cumulative Update 19, Microsoft Exchange Server 2019 Cumulative Update 8, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2013 Cumulative Update 21, Microsoft Exchange Server 2016 Cumulative Update 12, Microsoft Exchange Server 2016 Cumulative Update 8, Microsoft Exchange Server 2019 Cumulative Update 1, Microsoft Exchange Server 2016 Cumulative Update 9, Microsoft Exchange Server 2016 Cumulative Update 10, Microsoft Exchange Server 2016 Cumulative Update 11 | CVSS: 7.8 (HIGH) | EPSS: 0.99946 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-27065", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27065"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-27065"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Exchange Server Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Microsoft Exchange Server 2019, Microsoft Exchange Server 2013 Cumulative Update 22, Microsoft Exchange Server 2019 Cumulative Update 2, Microsoft Exchange Server 2016 Cumulative Update 13, Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 3, Microsoft Exchange Server 2016 Cumulative Update 14, Microsoft Exchange Server 2019 Cumulative Update 4, Microsoft Exchange Server 2016 Cumulative Update 15, Microsoft Exchange Server 2019 Cumulative Update 5, Microsoft Exchange Server 2019 Cumulative Update 6, Microsoft Exchange Server 2016 Cumulative Update 16, Microsoft Exchange Server 2016 Cumulative Update 17, Microsoft Exchange Server 2019 Cumulative Update 7, Microsoft Exchange Server 2016 Cumulative Update 18, Microsoft Exchange Server 2016 Cumulative Update 19, Microsoft Exchange Server 2019 Cumulative Update 8, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2013 Cumulative Update 21, Microsoft Exchange Server 2016 Cumulative Update 12, Microsoft Exchange Server 2016 Cumulative Update 8, Microsoft Exchange Server 2019 Cumulative Update 1, Microsoft Exchange Server 2016 Cumulative Update 9, Microsoft Exchange Server 2016 Cumulative Update 10, Microsoft Exchange Server 2016 Cumulative Update 11", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": 0.99946, "cvss_severity": "HIGH", "epss_percentile": 0.99972, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "913cc257-3445-428d-975a-6e1ba3ac848f", "vulnerability": {"vulnId": "CVE-2021-1675", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "913cc257-3445-428d-975a-6e1ba3ac848f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Print Spooler Remote Code Execution Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-1675", "url": "https://www.cve.org/CVERecord?id=CVE-2021-1675"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-1675"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Print Spooler Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4cdf4830-f493-4a01-8436-a9f3ebf2f776", "vulnerability": {"vulnId": "CVE-2017-11774", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "4cdf4830-f493-4a01-8436-a9f3ebf2f776", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft... | Affected: Microsoft Corporation / Microsoft Outlook | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-11774", "url": "https://www.cve.org/CVERecord?id=CVE-2017-11774"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-11774"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft...", "vendor": "Microsoft Corporation", "product": "Microsoft Outlook", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9265215f-9e2f-4318-b735-fa8bdcecd06b", "vulnerability": {"vulnId": "CVE-2020-1472", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "9265215f-9e2f-4318-b735-fa8bdcecd06b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Netlogon Elevation of Privilege Vulnerability | Affected: Microsoft / Windows Server version 2004, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server, version 1909 (Server Core installation), Windows Server, version 1903 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server version 20H2 | CVSS: 5.5 (MEDIUM) | EPSS: 0.99512 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-1472", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1472"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-1472"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Netlogon Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows Server version 2004, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server, version 1909 (Server Core installation), Windows Server, version 1903 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server version 20H2", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 5.5, "epss_score": 0.99512, "cvss_severity": "MEDIUM", "epss_percentile": 0.99939, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "000a7ae3-012f-4f8c-be3a-0d29f25964b5", "vulnerability": {"vulnId": "CVE-2021-26858", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "000a7ae3-012f-4f8c-be3a-0d29f25964b5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Exchange Server Remote Code Execution Vulnerability | Affected: Microsoft / Microsoft Exchange Server 2019, Microsoft Exchange Server 2013 Cumulative Update 22, Microsoft Exchange Server 2019 Cumulative Update 2, Microsoft Exchange Server 2016 Cumulative Update 13, Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 3, Microsoft Exchange Server 2016 Cumulative Update 14, Microsoft Exchange Server 2019 Cumulative Update 4, Microsoft Exchange Server 2016 Cumulative Update 15, Microsoft Exchange Server 2019 Cumulative Update 5, Microsoft Exchange Server 2019 Cumulative Update 6, Microsoft Exchange Server 2016 Cumulative Update 16, Microsoft Exchange Server 2016 Cumulative Update 17, Microsoft Exchange Server 2019 Cumulative Update 7, Microsoft Exchange Server 2016 Cumulative Update 18, Microsoft Exchange Server 2016 Cumulative Update 19, Microsoft Exchange Server 2019 Cumulative Update 8, Microsoft Exchange Server 2013 Cumulative Update 21, Microsoft Exchange Server 2016 Cumulative Update 12, Microsoft Exchange Server 2016 Cumulative Update 8, Microsoft Exchange Server 2019 Cumulative Update 1, Microsoft Exchange Server 2016 Cumulative Update 9, Microsoft Exchange Server 2016 Cumulative Update 10, Microsoft Exchange Server 2016 Cumulative Update 11 | CVSS: 7.8 (HIGH) | EPSS: 0.89509 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-26858", "url": "https://www.cve.org/CVERecord?id=CVE-2021-26858"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-26858"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Exchange Server Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Microsoft Exchange Server 2019, Microsoft Exchange Server 2013 Cumulative Update 22, Microsoft Exchange Server 2019 Cumulative Update 2, Microsoft Exchange Server 2016 Cumulative Update 13, Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 3, Microsoft Exchange Server 2016 Cumulative Update 14, Microsoft Exchange Server 2019 Cumulative Update 4, Microsoft Exchange Server 2016 Cumulative Update 15, Microsoft Exchange Server 2019 Cumulative Update 5, Microsoft Exchange Server 2019 Cumulative Update 6, Microsoft Exchange Server 2016 Cumulative Update 16, Microsoft Exchange Server 2016 Cumulative Update 17, Microsoft Exchange Server 2019 Cumulative Update 7, Microsoft Exchange Server 2016 Cumulative Update 18, Microsoft Exchange Server 2016 Cumulative Update 19, Microsoft Exchange Server 2019 Cumulative Update 8, Microsoft Exchange Server 2013 Cumulative Update 21, Microsoft Exchange Server 2016 Cumulative Update 12, Microsoft Exchange Server 2016 Cumulative Update 8, Microsoft Exchange Server 2019 Cumulative Update 1, Microsoft Exchange Server 2016 Cumulative Update 9, Microsoft Exchange Server 2016 Cumulative Update 10, Microsoft Exchange Server 2016 Cumulative Update 11", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": 0.89509, "cvss_severity": "HIGH", "epss_percentile": 0.99769, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a2f07465-01b6-4380-b56d-4763f502eef5", "vulnerability": {"vulnId": "CVE-2021-34448", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a2f07465-01b6-4380-b56d-4763f502eef5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Scripting Engine Memory Corruption Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows 10 Version 20H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 R2 Service Pack 1, Windows Server 2012, Windows Server 2012 R2 | CVSS: 6.8 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-34448", "url": "https://www.cve.org/CVERecord?id=CVE-2021-34448"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-34448"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Scripting Engine Memory Corruption Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows 10 Version 20H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 R2 Service Pack 1, Windows Server 2012, Windows Server 2012 R2", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 6.8, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "dcf866e4-b864-44c2-95c3-2f51cc86e31a", "vulnerability": {"vulnId": "CVE-2020-0646", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "dcf866e4-b864-44c2-95c3-2f51cc86e31a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code... | Affected: Microsoft / Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems, Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems, Microsoft .NET Framework 4.8 on Windows Server, version 1803  (Server Core Installation), Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems, Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems, Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems, Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems, Microsoft .NET Framework 4.8 on Windows Server 2016, Microsoft .NET Framework 4.8 on Windows Server 2016  (Server Core installation), Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1, Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1, Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems, Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems, Microsoft .NET Framework 4.8 on Windows RT 8.1, Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1, Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation), Microsoft .NET Framework 4.8 on Windows Server 2012, Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation), Microsoft .NET Framework 4.8 on Windows Server 2012 R2, Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation), Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019, Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019  (Server Core installation), Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation), Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019  (Server Core installation), Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation), Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803  (Server Core Installation), Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016  (Server Core installation), Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-0646", "url": "https://www.cve.org/CVERecord?id=CVE-2020-0646"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-0646"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code...", "vendor": "Microsoft", "product": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems, Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems, Microsoft .NET Framework 4.8 on Windows Server, version 1803  (Server Core Installation), Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems, Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems, Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems, Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems, Microsoft .NET Framework 4.8 on Windows Server 2016, Microsoft .NET Framework 4.8 on Windows Server 2016  (Server Core installation), Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1, Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1, Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems, Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems, Microsoft .NET Framework 4.8 on Windows RT 8.1, Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1, Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation), Microsoft .NET Framework 4.8 on Windows Server 2012, Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation), Microsoft .NET Framework 4.8 on Windows Server 2012 R2, Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation), Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019, Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019  (Server Core installation), Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation), Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019  (Server Core installation), Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation), Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803  (Server Core Installation), Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016  (Server Core installation), Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "1cb7115f-296f-44ea-8fc0-37fd674596a5", "vulnerability": {"vulnId": "CVE-2018-2380", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "1cb7115f-296f-44ea-8fc0-37fd674596a5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus... | Affected: SAP SE / SAP CRM | CVSS: 6.6 (MEDIUM) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-2380", "url": "https://www.cve.org/CVERecord?id=CVE-2018-2380"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-2380"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus...", "vendor": "SAP SE", "product": "SAP CRM", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 6.6, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e774cb6d-b82f-4205-a3ee-254085f0c760", "vulnerability": {"vulnId": "CVE-2020-16846", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e774cb6d-b82f-4205-a3ee-254085f0c760", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in... | Affected: SaltStack / Salt | CVSS: 9.8 (CRITICAL) | EPSS: 0.99585 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-16846", "url": "https://www.cve.org/CVERecord?id=CVE-2020-16846"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-16846"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in...", "vendor": "SaltStack", "product": "Salt", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99585, "cvss_severity": "CRITICAL", "epss_percentile": 0.99942, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "97f10374-eaa6-4c21-8a28-64a6331a4e8f", "vulnerability": {"vulnId": "CVE-2019-1429", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "97f10374-eaa6-4c21-8a28-64a6331a4e8f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting... | Affected: Microsoft / Internet Explorer 9, Internet Explorer 11, Internet Explorer 11 on Windows Server 2012, Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems, Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems, Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems, Internet Explorer 10 | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-1429", "url": "https://www.cve.org/CVERecord?id=CVE-2019-1429"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-1429"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting...", "vendor": "Microsoft", "product": "Internet Explorer 9, Internet Explorer 11, Internet Explorer 11 on Windows Server 2012, Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems, Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems, Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems, Internet Explorer 10", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e636836d-4e85-46d2-8707-157ee47b1844", "vulnerability": {"vulnId": "CVE-2017-0199", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e636836d-4e85-46d2-8707-157ee47b1844", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server... | Affected: Microsoft Corporation / Office/WordPad | CVSS: 7.8 (HIGH) | EPSS: 0.99933 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-0199", "url": "https://www.cve.org/CVERecord?id=CVE-2017-0199"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-0199"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server...", "vendor": "Microsoft Corporation", "product": "Office/WordPad", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": 0.99933, "cvss_severity": "HIGH", "epss_percentile": 0.99967, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "bf4f779a-3720-4c94-bf6e-256d220e99d1", "vulnerability": {"vulnId": "CVE-2020-0674", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "bf4f779a-3720-4c94-bf6e-256d220e99d1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting... | Affected: Microsoft / Internet Explorer 10, Internet Explorer 11, Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems, Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems, Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems, Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems, Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems, Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems, Internet Explorer 11 on Windows Server 2012, Internet Explorer 9 | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-0674", "url": "https://www.cve.org/CVERecord?id=CVE-2020-0674"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-0674"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting...", "vendor": "Microsoft", "product": "Internet Explorer 10, Internet Explorer 11, Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems, Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems, Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems, Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems, Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems, Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems, Internet Explorer 11 on Windows Server 2012, Internet Explorer 9", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0d9d4189-67c9-4539-b3b7-f7c3ca420b58", "vulnerability": {"vulnId": "CVE-2018-0802", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "0d9d4189-67c9-4539-b3b7-f7c3ca420b58", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution... | Affected: Microsoft Corporation / Equation Editor | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-0802", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0802"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-0802"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution...", "vendor": "Microsoft Corporation", "product": "Equation Editor", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2b994ba9-0a61-4347-9cbc-7c79dd59e50f", "vulnerability": {"vulnId": "CVE-2021-30661", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2b994ba9-0a61-4347-9cbc-7c79dd59e50f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5,... | Affected: Apple / iOS and iPadOS, Safari, tvOS, watchOS, macOS | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-30661", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30661"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-30661"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5,...", "vendor": "Apple", "product": "iOS and iPadOS, Safari, tvOS, watchOS, macOS", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5385b3e4-2b84-4714-946d-337515d4e9fe", "vulnerability": {"vulnId": "CVE-2018-7600", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "5385b3e4-2b84-4714-946d-337515d4e9fe", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an... | Affected: Drupal / Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 | CVSS: 9.8 (CRITICAL) | EPSS: 0.99993 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-7600", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7600"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-7600"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an...", "vendor": "Drupal", "product": "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99993, "cvss_severity": "CRITICAL", "epss_percentile": 0.99986, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cb9e1bd6-03e0-4019-a6ad-2452e49b21e6", "vulnerability": {"vulnId": "CVE-2021-22205", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "cb9e1bd6-03e0-4019-a6ad-2452e49b21e6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were... | Affected: GitLab / GitLab | CVSS: 10.0 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-22205", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22205"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-22205"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were...", "vendor": "GitLab", "product": "GitLab", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "37f6e986-0eee-429b-aabb-7c40c9727a88", "vulnerability": {"vulnId": "CVE-2018-6789", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "37f6e986-0eee-429b-aabb-7c40c9727a88", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may... | Affected: Exim / Exim | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-6789", "url": "https://www.cve.org/CVERecord?id=CVE-2018-6789"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-6789"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may...", "vendor": "Exim", "product": "Exim", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "abdd5eee-d44c-46fa-b126-7689c85b51d8", "vulnerability": {"vulnId": "CVE-2020-10221", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "abdd5eee-d44c-46fa-b126-7689c85b51d8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in... | Affected: rConfig / rConfig | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-10221", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10221"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-10221"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in...", "vendor": "rConfig", "product": "rConfig", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7bbba6ca-2024-4840-b5b4-62b222e72ca2", "vulnerability": {"vulnId": "CVE-2021-22894", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "7bbba6ca-2024-4840-b5b4-62b222e72ca2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as... | Affected: Pulse Secure / Pulse Connect Secure | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-22894", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22894"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-22894"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as...", "vendor": "Pulse Secure", "product": "Pulse Connect Secure", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e8939e3c-e683-4645-8ed0-6c73b9ec3e96", "vulnerability": {"vulnId": "CVE-2018-15811", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e8939e3c-e683-4645-8ed0-6c73b9ec3e96", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters. | Affected: DNN / DotNetNuke | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-15811", "url": "https://www.cve.org/CVERecord?id=CVE-2018-15811"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-15811"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.", "vendor": "DNN", "product": "DotNetNuke", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c1c06e6e-232e-48b9-aada-2cbb37b523f0", "vulnerability": {"vulnId": "CVE-2018-18325", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "c1c06e6e-232e-48b9-aada-2cbb37b523f0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an... | Affected: DNN Software / DNN Platform | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-18325", "url": "https://www.cve.org/CVERecord?id=CVE-2018-18325"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-18325"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an...", "vendor": "DNN Software", "product": "DNN Platform", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "02293d56-fa32-4dda-b06d-0c0338746ae2", "vulnerability": {"vulnId": "CVE-2020-8515", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "02293d56-fa32-4dda-b06d-0c0338746ae2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as... | Affected: DrayTek / Vigor2960, Vigor3900, Vigor300B | CVSS: 9.8 (CRITICAL) | EPSS: 0.99993 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-8515", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8515"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-8515"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as...", "vendor": "DrayTek", "product": "Vigor2960, Vigor3900, Vigor300B", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99993, "cvss_severity": "CRITICAL", "epss_percentile": 0.99987, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2fa80727-d729-498d-8eea-dea9e2762792", "vulnerability": {"vulnId": "CVE-2020-5902", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2fa80727-d729-498d-8eea-dea9e2762792", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface... | Affected: F5 / BIG-IP | CVSS: 9.8 (CRITICAL) | EPSS: 0.99999 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-5902", "url": "https://www.cve.org/CVERecord?id=CVE-2020-5902"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-5902"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface...", "vendor": "F5", "product": "BIG-IP", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99999, "cvss_severity": "CRITICAL", "epss_percentile": 1.0, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "71c31354-da34-48af-b17d-bd3e7b28c991", "vulnerability": {"vulnId": "CVE-2021-30713", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "71c31354-da34-48af-b17d-bd3e7b28c991", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to... | Affected: Apple / macOS | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-30713", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30713"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-30713"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to...", "vendor": "Apple", "product": "macOS", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ec4c4343-70be-4ead-ba90-6f0967ff4706", "vulnerability": {"vulnId": "CVE-2021-30657", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "ec4c4343-70be-4ead-ba90-6f0967ff4706", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A... | Affected: Apple / macOS | CVSS: 5.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-30657", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30657"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-30657"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A...", "vendor": "Apple", "product": "macOS", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 5.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "aaf08536-d716-4cbd-9ccb-ae4621fb79c9", "vulnerability": {"vulnId": "CVE-2020-8657", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "aaf08536-d716-4cbd-9ccb-ae4621fb79c9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API... | Affected: EyesOfNetwork / EyesOfNetwork | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-8657", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8657"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-8657"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API...", "vendor": "EyesOfNetwork", "product": "EyesOfNetwork", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "777e3805-25a4-45fc-84c2-edce94146ba8", "vulnerability": {"vulnId": "CVE-2021-22986", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "777e3805-25a4-45fc-84c2-edce94146ba8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd... | Affected: F5 / BIG-IP; BIG-IQ | CVSS: 9.8 (CRITICAL) | EPSS: 0.99898 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-22986", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22986"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-22986"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd...", "vendor": "F5", "product": "BIG-IP; BIG-IQ", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99898, "cvss_severity": "CRITICAL", "epss_percentile": 0.99963, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9e42fda4-4d0d-4639-884d-354211213216", "vulnerability": {"vulnId": "CVE-2021-35464", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "9e42fda4-4d0d-4639-884d-354211213216", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does... | Affected: ForgeRock / AM server | CVSS: 9.8 (CRITICAL) | EPSS: 0.99999 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-35464", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35464"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-35464"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does...", "vendor": "ForgeRock", "product": "AM server", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99999, "cvss_severity": "CRITICAL", "epss_percentile": 0.99993, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "33a61943-a60f-415a-909e-4f83be81f2ee", "vulnerability": {"vulnId": "CVE-2019-5591", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "33a61943-a60f-415a-909e-4f83be81f2ee", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by... | Affected: Fortinet / Fortinet FortiOS | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-5591", "url": "https://www.cve.org/CVERecord?id=CVE-2019-5591"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-5591"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by...", "vendor": "Fortinet", "product": "Fortinet FortiOS", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "381c15af-4c85-4144-9f05-49298f4f11bf", "vulnerability": {"vulnId": "CVE-2020-12812", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "381c15af-4c85-4144-9f05-49298f4f11bf", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in... | Affected: Fortinet / Fortinet FortiOS | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-12812", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12812"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-12812"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in...", "vendor": "Fortinet", "product": "Fortinet FortiOS", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "225d82f8-a546-4faa-946b-6053ac7088c8", "vulnerability": {"vulnId": "CVE-2018-13379", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "225d82f8-a546-4faa-946b-6053ac7088c8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to... | Affected: Fortinet / Fortinet FortiOS, FortiProxy | CVSS: 9.1 (CRITICAL) | EPSS: 0.99999 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-13379", "url": "https://www.cve.org/CVERecord?id=CVE-2018-13379"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-13379"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to...", "vendor": "Fortinet", "product": "Fortinet FortiOS, FortiProxy", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.1, "epss_score": 0.99999, "cvss_severity": "CRITICAL", "epss_percentile": 0.99994, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "185d63ec-1292-4bfb-a920-14e8f675a203", "vulnerability": {"vulnId": "CVE-2020-16010", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "185d63ec-1292-4bfb-a920-14e8f675a203", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to... | Affected: Google / Chrome | CVSS: 9.6 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-16010", "url": "https://www.cve.org/CVERecord?id=CVE-2020-16010"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-16010"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to...", "vendor": "Google", "product": "Chrome", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.6, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cf920248-461f-4643-9c4d-e6ed50f82b39", "vulnerability": {"vulnId": "CVE-2020-16017", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "cf920248-461f-4643-9c4d-e6ed50f82b39", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to... | Affected: Google / Chrome | CVSS: 9.6 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-16017", "url": "https://www.cve.org/CVERecord?id=CVE-2020-16017"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-16017"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to...", "vendor": "Google", "product": "Chrome", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.6, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "61f27715-445c-40c9-b08b-006227102370", "vulnerability": {"vulnId": "CVE-2021-37976", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "61f27715-445c-40c9-b08b-006227102370", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information... | Affected: Google / Chrome | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-37976", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37976"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-37976"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information...", "vendor": "Google", "product": "Chrome", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2776574f-36c8-4d28-8eb6-e2ac81b4f405", "vulnerability": {"vulnId": "CVE-2020-16009", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2776574f-36c8-4d28-8eb6-e2ac81b4f405", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-16009", "url": "https://www.cve.org/CVERecord?id=CVE-2020-16009"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-16009"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a...", "vendor": "Google", "product": "Chrome", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2b34ac42-c9e4-4fe8-a850-f799ecb180e6", "vulnerability": {"vulnId": "CVE-2021-30665", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2b34ac42-c9e4-4fe8-a850-f799ecb180e6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS... | Affected: Apple / macOS | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-30665", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30665"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-30665"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS...", "vendor": "Apple", "product": "macOS", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "31461c1f-5b4a-4ecc-92c0-009bac3cee24", "vulnerability": {"vulnId": "CVE-2020-15999", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "31461c1f-5b4a-4ecc-92c0-009bac3cee24", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a... | Affected: Google / Chrome | CVSS: 9.6 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-15999", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15999"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-15999"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a...", "vendor": "Google", "product": "Chrome", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.6, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e6c4b6bb-25ef-46d4-94ae-11ae91e74d76", "vulnerability": {"vulnId": "CVE-2021-21166", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e6c4b6bb-25ef-46d4-94ae-11ae91e74d76", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-21166", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21166"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-21166"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "vendor": "Google", "product": "Chrome", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "443b695c-fbc6-418e-9c6c-b826e00e4c0d", "vulnerability": {"vulnId": "CVE-2021-30632", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "443b695c-fbc6-418e-9c6c-b826e00e4c0d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-30632", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30632"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-30632"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted...", "vendor": "Google", "product": "Chrome", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e549f870-30fe-4523-8c5a-8ceb7a7ea416", "vulnerability": {"vulnId": "CVE-2020-16013", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e549f870-30fe-4523-8c5a-8ceb7a7ea416", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-16013", "url": "https://www.cve.org/CVERecord?id=CVE-2020-16013"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-16013"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a...", "vendor": "Google", "product": "Chrome", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "111a9600-ba52-4cb0-8e2f-605da7a9ea15", "vulnerability": {"vulnId": "CVE-2021-30633", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "111a9600-ba52-4cb0-8e2f-605da7a9ea15", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to... | Affected: Google / Chrome | CVSS: 9.6 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-30633", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30633"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-30633"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to...", "vendor": "Google", "product": "Chrome", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.6, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a7f0c5a3-9f3a-41cb-87f2-99a1304fb64b", "vulnerability": {"vulnId": "CVE-2021-21148", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a7f0c5a3-9f3a-41cb-87f2-99a1304fb64b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-21148", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21148"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-21148"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted...", "vendor": "Google", "product": "Chrome", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7c0f796d-b9e3-4107-b04d-933bc7d5e56e", "vulnerability": {"vulnId": "CVE-2021-37973", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "7c0f796d-b9e3-4107-b04d-933bc7d5e56e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially... | Affected: Google / Chrome | CVSS: 9.6 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-37973", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37973"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-37973"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially...", "vendor": "Google", "product": "Chrome", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.6, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "69ec981c-e33c-4420-850e-bfd4ba70a0f8", "vulnerability": {"vulnId": "CVE-2021-30551", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "69ec981c-e33c-4420-850e-bfd4ba70a0f8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-30551", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30551"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-30551"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "vendor": "Google", "product": "Chrome", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "926fa9dd-7bbd-4903-b161-2d5f0593b3dc", "vulnerability": {"vulnId": "CVE-2021-37975", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "926fa9dd-7bbd-4903-b161-2d5f0593b3dc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-37975", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37975"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-37975"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "vendor": "Google", "product": "Chrome", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "1ac622ff-0e6d-4612-96a6-be2e543791aa", "vulnerability": {"vulnId": "CVE-2020-6418", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "1ac622ff-0e6d-4612-96a6-be2e543791aa", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-6418", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6418"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-6418"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "vendor": "Google", "product": "Chrome", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "be31e80b-cc55-475f-96f3-9f9285c21b14", "vulnerability": {"vulnId": "CVE-2019-15949", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "be31e80b-cc55-475f-96f3-9f9285c21b14", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the... | Affected: Nagios / XI | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-15949", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15949"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-15949"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the...", "vendor": "Nagios", "product": "XI", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a4d1c0b4-85d1-4cee-89c2-7e67b18e217a", "vulnerability": {"vulnId": "CVE-2020-8655", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a4d1c0b4-85d1-4cee-89c2-7e67b18e217a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability, allowing the apache user... | Affected: EyesOfNetwork / EyesOfNetwork | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-8655", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8655"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-8655"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability, allowing the apache user...", "vendor": "EyesOfNetwork", "product": "EyesOfNetwork", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "11b063fc-c53e-482c-80cd-12f72eb05225", "vulnerability": {"vulnId": "CVE-2021-30554", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "11b063fc-c53e-482c-80cd-12f72eb05225", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-30554", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30554"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-30554"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...", "vendor": "Google", "product": "Chrome", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5059e569-2113-43f7-b6a8-1fed564ccdc2", "vulnerability": {"vulnId": "CVE-2020-6819", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "5059e569-2113-43f7-b6a8-1fed564ccdc2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in... | Affected: Mozilla / Thunderbird, Firefox, Firefox ESR | CVSS: 8.1 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-6819", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6819"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-6819"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in...", "vendor": "Mozilla", "product": "Thunderbird, Firefox, Firefox ESR", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "087c592c-561f-48c1-a001-1fb64d4c1b4c", "vulnerability": {"vulnId": "CVE-2021-26857", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "087c592c-561f-48c1-a001-1fb64d4c1b4c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Exchange Server Remote Code Execution Vulnerability | Affected: Microsoft / Microsoft Exchange Server 2016 Cumulative Update 19, Microsoft Exchange Server 2019 Cumulative Update 8, Microsoft Exchange Server 2019, Microsoft Exchange Server 2013 Cumulative Update 22, Microsoft Exchange Server 2019 Cumulative Update 2, Microsoft Exchange Server 2016 Cumulative Update 13, Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 3, Microsoft Exchange Server 2016 Cumulative Update 14, Microsoft Exchange Server 2019 Cumulative Update 4, Microsoft Exchange Server 2016 Cumulative Update 15, Microsoft Exchange Server 2019 Cumulative Update 5, Microsoft Exchange Server 2019 Cumulative Update 6, Microsoft Exchange Server 2016 Cumulative Update 16, Microsoft Exchange Server 2016 Cumulative Update 17, Microsoft Exchange Server 2019 Cumulative Update 7, Microsoft Exchange Server 2016 Cumulative Update 18, Microsoft Exchange Server 2010 Service Pack 3, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2013 Cumulative Update 21, Microsoft Exchange Server 2016 Cumulative Update 12, Microsoft Exchange Server 2016 Cumulative Update 8, Microsoft Exchange Server 2019 Cumulative Update 1, Microsoft Exchange Server 2016 Cumulative Update 9, Microsoft Exchange Server 2016 Cumulative Update 10, Microsoft Exchange Server 2016 Cumulative Update 11 | CVSS: 7.8 (HIGH) | EPSS: 0.94008 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-26857", "url": "https://www.cve.org/CVERecord?id=CVE-2021-26857"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-26857"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Exchange Server Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Microsoft Exchange Server 2016 Cumulative Update 19, Microsoft Exchange Server 2019 Cumulative Update 8, Microsoft Exchange Server 2019, Microsoft Exchange Server 2013 Cumulative Update 22, Microsoft Exchange Server 2019 Cumulative Update 2, Microsoft Exchange Server 2016 Cumulative Update 13, Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 3, Microsoft Exchange Server 2016 Cumulative Update 14, Microsoft Exchange Server 2019 Cumulative Update 4, Microsoft Exchange Server 2016 Cumulative Update 15, Microsoft Exchange Server 2019 Cumulative Update 5, Microsoft Exchange Server 2019 Cumulative Update 6, Microsoft Exchange Server 2016 Cumulative Update 16, Microsoft Exchange Server 2016 Cumulative Update 17, Microsoft Exchange Server 2019 Cumulative Update 7, Microsoft Exchange Server 2016 Cumulative Update 18, Microsoft Exchange Server 2010 Service Pack 3, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2013 Cumulative Update 21, Microsoft Exchange Server 2016 Cumulative Update 12, Microsoft Exchange Server 2016 Cumulative Update 8, Microsoft Exchange Server 2019 Cumulative Update 1, Microsoft Exchange Server 2016 Cumulative Update 9, Microsoft Exchange Server 2016 Cumulative Update 10, Microsoft Exchange Server 2016 Cumulative Update 11", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": 0.94008, "cvss_severity": "HIGH", "epss_percentile": 0.99835, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "96ddbaca-77c8-4bd7-982e-15a3d17a0e8f", "vulnerability": {"vulnId": "CVE-2021-22899", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "96ddbaca-77c8-4bd7-982e-15a3d17a0e8f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code... | Affected: Pulse Secure / Pulse Connect Secure | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-22899", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22899"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-22899"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code...", "vendor": "Pulse Secure", "product": "Pulse Connect Secure", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b0a199da-7dc9-4a23-b82a-df699cd6b34d", "vulnerability": {"vulnId": "CVE-2021-21206", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "b0a199da-7dc9-4a23-b82a-df699cd6b34d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-21206", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21206"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-21206"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...", "vendor": "Google", "product": "Chrome", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8adab740-1f9e-4f23-86a4-9043f276936d", "vulnerability": {"vulnId": "CVE-2020-8243", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "8adab740-1f9e-4f23-86a4-9043f276936d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to... | Affected: Pulse Secure / Pulse Connect Secre | CVSS: 7.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-8243", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8243"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-8243"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to...", "vendor": "Pulse Secure", "product": "Pulse Connect Secre", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "150df3b8-f25b-464c-9559-0ef5d8aa2053", "vulnerability": {"vulnId": "CVE-2021-22893", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "150df3b8-f25b-464c-9559-0ef5d8aa2053", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and... | Affected: Pulse Secure / Pulse Connect Secure | CVSS: 10.0 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-22893", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22893"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-22893"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and...", "vendor": "Pulse Secure", "product": "Pulse Connect Secure", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8ade9ff1-7373-47c7-a660-c53240cd6fec", "vulnerability": {"vulnId": "CVE-2021-22900", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "8ade9ff1-7373-47c7-a660-c53240cd6fec", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to... | Affected: Pulse Secure / Pulse Secure Secure | CVSS: 7.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-22900", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22900"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-22900"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to...", "vendor": "Pulse Secure", "product": "Pulse Secure Secure", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "89f69dc6-431c-4915-87e6-5acfb621a2a6", "vulnerability": {"vulnId": "CVE-2020-14883", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "89f69dc6-431c-4915-87e6-5acfb621a2a6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are... | Affected: Oracle Corporation / WebLogic Server | CVSS: 7.2 (HIGH) | EPSS: 0.97929 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-14883", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14883"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-14883"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are...", "vendor": "Oracle Corporation", "product": "WebLogic Server", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.2, "epss_score": 0.97929, "cvss_severity": "HIGH", "epss_percentile": 0.99901, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9afe4fda-d0f6-4da6-8037-0f976970551e", "vulnerability": {"vulnId": "CVE-2021-38000", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "9afe4fda-d0f6-4da6-8037-0f976970551e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily... | Affected: Google / Chrome | CVSS: 6.1 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-38000", "url": "https://www.cve.org/CVERecord?id=CVE-2021-38000"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-38000"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily...", "vendor": "Google", "product": "Chrome", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 6.1, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "64871e12-3abf-4c5e-a36a-ba068a1a1e96", "vulnerability": {"vulnId": "CVE-2020-9859", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "64871e12-3abf-4c5e-a36a-ba068a1a1e96", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5... | Affected: Apple / iOS, macOS, tvOS, watchOS | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-9859", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9859"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-9859"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5...", "vendor": "Apple", "product": "iOS, macOS, tvOS, watchOS", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "95c58a00-24b5-43e1-94e6-465a32a78082", "vulnerability": {"vulnId": "CVE-2019-3398", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "95c58a00-24b5-43e1-94e6-465a32a78082", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission... | Affected: Atlassian / Confluence | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-3398", "url": "https://www.cve.org/CVERecord?id=CVE-2019-3398"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-3398"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission...", "vendor": "Atlassian", "product": "Confluence", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9c0b4641-587b-4a7c-8bb0-04be33cf1fdb", "vulnerability": {"vulnId": "CVE-2021-21224", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "9c0b4641-587b-4a7c-8bb0-04be33cf1fdb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-21224", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21224"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-21224"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML...", "vendor": "Google", "product": "Chrome", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a16eb6d9-7373-40d9-b169-3a9bd1fd656b", "vulnerability": {"vulnId": "CVE-2019-18935", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a16eb6d9-7373-40d9-b169-3a9bd1fd656b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is... | Affected: Progress / Telerik UI for ASP.NET AJAX | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-18935", "url": "https://www.cve.org/CVERecord?id=CVE-2019-18935"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-18935"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is...", "vendor": "Progress", "product": "Telerik UI for ASP.NET AJAX", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "1af6adda-b8e1-487a-9c9a-b80f9477d378", "vulnerability": {"vulnId": "CVE-2019-19356", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "1af6adda-b8e1-487a-9c9a-b80f9477d378", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been... | Affected: Netis / WF2419 | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-19356", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19356"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-19356"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been...", "vendor": "Netis", "product": "WF2419", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f9cfced5-d561-48bd-ba78-43ddf63928d2", "vulnerability": {"vulnId": "CVE-2020-26919", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "f9cfced5-d561-48bd-ba78-43ddf63928d2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level. | Affected: NETGEAR / JGS516PE | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-26919", "url": "https://www.cve.org/CVERecord?id=CVE-2020-26919"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-26919"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level.", "vendor": "NETGEAR", "product": "JGS516PE", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2b6ec46d-1fc0-4e16-8d3d-485ed6e56917", "vulnerability": {"vulnId": "CVE-2021-21193", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2b6ec46d-1fc0-4e16-8d3d-485ed6e56917", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-21193", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21193"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-21193"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...", "vendor": "Google", "product": "Chrome", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5d3594f2-5986-4122-8c20-2478f580ed1e", "vulnerability": {"vulnId": "CVE-2019-0863", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "5d3594f2-5986-4122-8c20-2478f580ed1e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of... | Affected: Microsoft / Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-0863", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0863"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-0863"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of...", "vendor": "Microsoft", "product": "Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "32493cbb-ca16-4a5f-a6c6-6cc5e7093e82", "vulnerability": {"vulnId": "CVE-2016-3235", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "32493cbb-ca16-4a5f-a6c6-6cc5e7093e82", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which... | Affected: Microsoft / Visio | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-3235", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3235"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-3235"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which...", "vendor": "Microsoft", "product": "Visio", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cf306ab2-804a-466e-95b9-bfeb8e5f0916", "vulnerability": {"vulnId": "CVE-2019-1214", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "cf306ab2-804a-466e-95b9-bfeb8e5f0916", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka... | Affected: Microsoft / Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-1214", "url": "https://www.cve.org/CVERecord?id=CVE-2019-1214"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-1214"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka...", "vendor": "Microsoft", "product": "Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a73986f7-3a06-4e60-bed9-ac8cdf35a507", "vulnerability": {"vulnId": "CVE-2020-8644", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a73986f7-3a06-4e60-bed9-ac8cdf35a507", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. | Affected: PlaySMS / PlaySMS | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-8644", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8644"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-8644"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.", "vendor": "PlaySMS", "product": "PlaySMS", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6aa38e8e-df83-4131-8676-e7ed43a87e7f", "vulnerability": {"vulnId": "CVE-2019-0808", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "6aa38e8e-df83-4131-8676-e7ed43a87e7f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k... | Affected: Microsoft / Windows, Windows Server | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-0808", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0808"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-0808"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k...", "vendor": "Microsoft", "product": "Windows, Windows Server", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4e05bfff-a5b1-4baf-a2d7-35f6ff1786bd", "vulnerability": {"vulnId": "CVE-2019-11580", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "4e05bfff-a5b1-4baf-a2d7-35f6ff1786bd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send... | Affected: Atlassian / Crowd | CVSS: 9.8 (CRITICAL) | EPSS: 0.95355 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-11580", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11580"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-11580"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send...", "vendor": "Atlassian", "product": "Crowd", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.95355, "cvss_severity": "CRITICAL", "epss_percentile": 0.99858, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a0a22285-9f57-4215-b44b-e737ad4c1484", "vulnerability": {"vulnId": "CVE-2019-3396", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a0a22285-9f57-4215-b44b-e737ad4c1484", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3... | Affected: Atlassian / Confluence Server | CVSS: 9.8 (CRITICAL) | EPSS: 0.99913 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-3396", "url": "https://www.cve.org/CVERecord?id=CVE-2019-3396"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-3396"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3...", "vendor": "Atlassian", "product": "Confluence Server", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99913, "cvss_severity": "CRITICAL", "epss_percentile": 0.99965, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "19fb8060-3d04-4d9a-b3ad-5c9e55f2228b", "vulnerability": {"vulnId": "CVE-2021-21220", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "19fb8060-3d04-4d9a-b3ad-5c9e55f2228b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-21220", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21220"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-21220"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap...", "vendor": "Google", "product": "Chrome", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f14977d1-f957-4d6c-9419-014786bad2b8", "vulnerability": {"vulnId": "CVE-2019-0604", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "f14977d1-f957-4d6c-9419-014786bad2b8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package,... | Affected: Microsoft / Microsoft SharePoint Server, Microsoft SharePoint Foundation, Microsoft SharePoint Enterprise Server | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-0604", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0604"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-0604"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package,...", "vendor": "Microsoft", "product": "Microsoft SharePoint Server, Microsoft SharePoint Foundation, Microsoft SharePoint Enterprise Server", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a61ab916-7598-43f2-ac94-7b51f882167f", "vulnerability": {"vulnId": "CVE-2020-1380", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a61ab916-7598-43f2-ac94-7b51f882167f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Scripting Engine Memory Corruption Vulnerability | Affected: Microsoft / Internet Explorer 11 | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-1380", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1380"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-1380"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Scripting Engine Memory Corruption Vulnerability", "vendor": "Microsoft", "product": "Internet Explorer 11", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "350025bc-3e58-4d36-b769-5e3d97ca072e", "vulnerability": {"vulnId": "CVE-2020-17144", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "350025bc-3e58-4d36-b769-5e3d97ca072e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Exchange Remote Code Execution Vulnerability | Affected: Microsoft / Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 31 | CVSS: 8.4 (HIGH) | EPSS: 0.36514 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-17144", "url": "https://www.cve.org/CVERecord?id=CVE-2020-17144"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-17144"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Exchange Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 31", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.4, "epss_score": 0.36514, "cvss_severity": "HIGH", "epss_percentile": 0.98291, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0d613219-a448-4dc9-a70d-ac3bafb66ee9", "vulnerability": {"vulnId": "CVE-2021-31201", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "0d613219-a448-4dc9-a70d-ac3bafb66ee9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 5.2 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-31201", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31201"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-31201"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 5.2, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ace71f88-1d9b-4f88-a50f-3061353e819c", "vulnerability": {"vulnId": "CVE-2020-14882", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "ace71f88-1d9b-4f88-a50f-3061353e819c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are... | Affected: Oracle Corporation / WebLogic Server | CVSS: 9.8 (CRITICAL) | EPSS: 0.99997 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-14882", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14882"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-14882"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are...", "vendor": "Oracle Corporation", "product": "WebLogic Server", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99997, "cvss_severity": "CRITICAL", "epss_percentile": 0.99988, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "24c93a1b-27a6-477f-8d1d-0a7090690c01", "vulnerability": {"vulnId": "CVE-2021-30563", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "24c93a1b-27a6-477f-8d1d-0a7090690c01", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-30563", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30563"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-30563"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "vendor": "Google", "product": "Chrome", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "90cc8525-1896-482d-83e1-85c9558b5add", "vulnerability": {"vulnId": "CVE-2019-13608", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "90cc8525-1896-482d-83e1-85c9558b5add", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks. | Affected: Citrix / StoreFront Server | CVSS: 7.5 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-13608", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13608"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-13608"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks.", "vendor": "Citrix", "product": "StoreFront Server", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "13b2f0ad-2527-4d4a-baed-2d1113f9d4b4", "vulnerability": {"vulnId": "CVE-2020-4430", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "13b2f0ad-2527-4d4a-baed-2d1113f9d4b4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker... | Affected: IBM / Data Risk Manager | CVSS: 4.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-4430", "url": "https://www.cve.org/CVERecord?id=CVE-2020-4430"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-4430"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker...", "vendor": "IBM", "product": "Data Risk Manager", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 4.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "1585093a-22ac-4431-9f8b-5a640d910195", "vulnerability": {"vulnId": "CVE-2020-4427", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "1585093a-22ac-4431-9f8b-5a640d910195", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured... | Affected: IBM / Data Risk Manager | CVSS: 9.8 (CRITICAL) | EPSS: 0.70031 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-4427", "url": "https://www.cve.org/CVERecord?id=CVE-2020-4427"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-4427"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured...", "vendor": "IBM", "product": "Data Risk Manager", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.70031, "cvss_severity": "CRITICAL", "epss_percentile": 0.99293, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "1ecf58c9-da06-4f16-9e9e-85f3c11b9007", "vulnerability": {"vulnId": "CVE-2020-4428", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "1ecf58c9-da06-4f16-9e9e-85f3c11b9007", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM... | Affected: IBM / Data Risk Manager | CVSS: 9.1 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-4428", "url": "https://www.cve.org/CVERecord?id=CVE-2020-4428"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-4428"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM...", "vendor": "IBM", "product": "Data Risk Manager", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.1, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b0d66861-2cbf-45c5-bfc4-2d87dd1b5f23", "vulnerability": {"vulnId": "CVE-2015-4852", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "b0d66861-2cbf-45c5-bfc4-2d87dd1b5f23", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary... | Affected: Oracle / WebLogic Server | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-4852", "url": "https://www.cve.org/CVERecord?id=CVE-2015-4852"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-4852"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary...", "vendor": "Oracle", "product": "WebLogic Server", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "949655b0-fe63-4160-8169-b7a308e377ab", "vulnerability": {"vulnId": "CVE-2020-14871", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "949655b0-fe63-4160-8169-b7a308e377ab", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected... | Affected: Oracle Corporation / Solaris Operating System | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-14871", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14871"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-14871"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected...", "vendor": "Oracle Corporation", "product": "Solaris Operating System", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "387818d9-edb4-4b5b-a58a-dc03eadff9d9", "vulnerability": {"vulnId": "CVE-2020-2555", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "387818d9-edb4-4b5b-a58a-dc03eadff9d9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are... | Affected: Oracle Corporation / WebCenter Portal, Utilities Framework | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-2555", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2555"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-2555"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are...", "vendor": "Oracle Corporation", "product": "WebCenter Portal, Utilities Framework", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8e9e98af-340f-4ca9-a207-4d02419eab4f", "vulnerability": {"vulnId": "CVE-2019-17026", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "8e9e98af-340f-4ca9-a207-4d02419eab4f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks... | Affected: Mozilla / Firefox ESR, Thunderbird, Firefox | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-17026", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17026"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-17026"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks...", "vendor": "Mozilla", "product": "Firefox ESR, Thunderbird, Firefox", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "70398e11-b07c-48b8-b766-35af2129466d", "vulnerability": {"vulnId": "CVE-2021-36955", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "70398e11-b07c-48b8-b766-35af2129466d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Common Log File System Driver Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-36955", "url": "https://www.cve.org/CVERecord?id=CVE-2021-36955"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-36955"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "11afaa24-ba83-434c-bc5e-8c66ffe30bb0", "vulnerability": {"vulnId": "CVE-2020-1054", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "11afaa24-ba83-434c-bc5e-8c66ffe30bb0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka... | Affected: Microsoft / Windows, Windows Server, Windows 10 Version 1909 for 32-bit Systems, Windows 10 Version 1909 for x64-based Systems, Windows 10 Version 1909 for ARM64-based Systems, Windows Server, version 1909 (Server Core installation), Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-1054", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1054"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-1054"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka...", "vendor": "Microsoft", "product": "Windows, Windows Server, Windows 10 Version 1909 for 32-bit Systems, Windows 10 Version 1909 for x64-based Systems, Windows 10 Version 1909 for ARM64-based Systems, Windows Server, version 1909 (Server Core installation), Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3fe5c198-b6a3-43aa-8a16-a14a941ec88c", "vulnerability": {"vulnId": "CVE-2016-3718", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "3fe5c198-b6a3-43aa-8a16-a14a941ec88c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery... | Affected: ImageMagick / ImageMagick | CVSS: 5.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-3718", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3718"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-3718"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery...", "vendor": "ImageMagick", "product": "ImageMagick", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 5.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ab7f2ccd-b901-4a53-87c0-df3d6891a173", "vulnerability": {"vulnId": "CVE-2021-27104", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "ab7f2ccd-b901-4a53-87c0-df3d6891a173", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is... | Affected: Accellion / FTA | CVSS: 9.8 (CRITICAL) | EPSS: 0.56686 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-27104", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27104"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-27104"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is...", "vendor": "Accellion", "product": "FTA", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.56686, "cvss_severity": "CRITICAL", "epss_percentile": 0.98935, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "64314c1a-90ec-464c-bb57-3fb9e6cbbaff", "vulnerability": {"vulnId": "CVE-2018-4939", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "64314c1a-90ec-464c-bb57-3fb9e6cbbaff", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data... | Affected: Adobe / Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-4939", "url": "https://www.cve.org/CVERecord?id=CVE-2018-4939"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-4939"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data...", "vendor": "Adobe", "product": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "83e673cc-4ffa-4b18-9343-2732ed7ca1fd", "vulnerability": {"vulnId": "CVE-2019-2215", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "83e673cc-4ffa-4b18-9343-2732ed7ca1fd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit... | Affected: Google / Android | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-2215", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2215"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-2215"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit...", "vendor": "Google", "product": "Android", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e2246cd8-3f01-4d37-abd1-a54867abafae", "vulnerability": {"vulnId": "CVE-2019-17558", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e2246cd8-3f01-4d37-abd1-a54867abafae", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be... | Affected: Apache / Apache Solr | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-17558", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17558"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-17558"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be...", "vendor": "Apache", "product": "Apache Solr", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "114d076f-b7f6-4c5e-b39a-4c5d93c3c79d", "vulnerability": {"vulnId": "CVE-2021-30807", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "114d076f-b7f6-4c5e-b39a-4c5d93c3c79d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS 14.7.1,... | Affected: Apple / macOS | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-30807", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30807"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-30807"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS 14.7.1,...", "vendor": "Apple", "product": "macOS", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3b34672b-4e75-44e2-9ada-de80167882dc", "vulnerability": {"vulnId": "CVE-2019-4716", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "3b34672b-4e75-44e2-9ada-de80167882dc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as \"admin\", and... | Affected: IBM / Planning Analytics | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-4716", "url": "https://www.cve.org/CVERecord?id=CVE-2019-4716"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-4716"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as \"admin\", and...", "vendor": "IBM", "product": "Planning Analytics", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "0317391a-bd5a-4b85-8664-71add0df184f", "vulnerability": {"vulnId": "CVE-2016-3715", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "0317391a-bd5a-4b85-8664-71add0df184f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. | Affected: ImageMagick / ImageMagick | CVSS: 5.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-3715", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3715"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-3715"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.", "vendor": "ImageMagick", "product": "ImageMagick", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 5.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c0072351-9b7a-4f23-b458-10440be21b2c", "vulnerability": {"vulnId": "CVE-2021-30116", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "c0072351-9b7a-4f23-b458-10440be21b2c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unauthenticated credential leak and business logic flaw in Kaseya VSA <= v9.5.6 | Affected: Kaseya / VSA | CVSS: 10.0 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-30116", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30116"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-30116"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unauthenticated credential leak and business logic flaw in Kaseya VSA <= v9.5.6", "vendor": "Kaseya", "product": "VSA", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "dbca1806-d96a-4c73-b00f-ac82a57f35c4", "vulnerability": {"vulnId": "CVE-2021-28550", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "dbca1806-d96a-4c73-b00f-ac82a57f35c4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe Acrobat Reader use after free vulnerability could lead to arbitrary code execution | Affected: Adobe / Acrobat Reader | CVSS: 9.6 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-28550", "url": "https://www.cve.org/CVERecord?id=CVE-2021-28550"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-28550"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe Acrobat Reader use after free vulnerability could lead to arbitrary code execution", "vendor": "Adobe", "product": "Acrobat Reader", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.6, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b0520b2b-b57b-41f6-ad81-28fed72fbb37", "vulnerability": {"vulnId": "CVE-2020-17530", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "b0520b2b-b57b-41f6-ad81-28fed72fbb37", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts... | Affected: Apache Software Foundation / Apache Struts | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-17530", "url": "https://www.cve.org/CVERecord?id=CVE-2020-17530"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-17530"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts...", "vendor": "Apache Software Foundation", "product": "Apache Struts", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "bf440472-184f-4110-b69c-79b57baa1ae2", "vulnerability": {"vulnId": "CVE-2020-15505", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "bf440472-184f-4110-b69c-79b57baa1ae2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3,... | Affected: MobileIron / Core & Connector, Sentry, Monitor and Reporting Database (RDB) | CVSS: 9.8 (CRITICAL) | EPSS: 0.99737 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-15505", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15505"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-15505"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3,...", "vendor": "MobileIron", "product": "Core & Connector, Sentry, Monitor and Reporting Database (RDB)", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.99737, "cvss_severity": "CRITICAL", "epss_percentile": 0.99953, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "47671da9-79a8-4469-939b-e602abe3dd8c", "vulnerability": {"vulnId": "CVE-2020-7961", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "47671da9-79a8-4469-939b-e602abe3dd8c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services... | Affected: Liferay / Liferay Portal | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-7961", "url": "https://www.cve.org/CVERecord?id=CVE-2020-7961"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-7961"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services...", "vendor": "Liferay", "product": "Liferay Portal", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "33ab70f2-640e-4c87-8f21-2f01b479f9e3", "vulnerability": {"vulnId": "CVE-2021-23874", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "33ab70f2-640e-4c87-8f21-2f01b479f9e3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: McAfee Total Protection (MTP) privilege escalation vulnerability | Affected: McAfee,LLC / McAfee Total Protection (MTP) | CVSS: 8.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-23874", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23874"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-23874"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "McAfee Total Protection (MTP) privilege escalation vulnerability", "vendor": "McAfee,LLC", "product": "McAfee Total Protection (MTP)", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e7f3998d-f5f2-493c-b756-4be4b224f27f", "vulnerability": {"vulnId": "CVE-2021-22502", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e7f3998d-f5f2-493c-b756-4be4b224f27f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be... | Affected: Micro Focus / Operation Bridge Reporter. | CVSS: 9.8 (CRITICAL) | EPSS: 0.9674 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-22502", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22502"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-22502"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be...", "vendor": "Micro Focus", "product": "Operation Bridge Reporter.", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.9674, "cvss_severity": "CRITICAL", "epss_percentile": 0.99879, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "32f69748-0d25-4fa5-8ad6-b12f4366c72f", "vulnerability": {"vulnId": "CVE-2021-38647", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "32f69748-0d25-4fa5-8ad6-b12f4366c72f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Open Management Infrastructure Remote Code Execution Vulnerability | Affected: Microsoft / Open Management Infrastructure, System Center Operations Manager (SCOM), Azure Automation State Configuration, DSC Extension, Azure Automation Update Management, Log Analytics Agent, Azure Diagnostics (LAD), Container Monitoring Solution, Azure Security Center, Azure Sentinel, Azure Stack Hub | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-38647", "url": "https://www.cve.org/CVERecord?id=CVE-2021-38647"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-38647"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Open Management Infrastructure Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Open Management Infrastructure, System Center Operations Manager (SCOM), Azure Automation State Configuration, DSC Extension, Azure Automation Update Management, Log Analytics Agent, Azure Diagnostics (LAD), Container Monitoring Solution, Azure Security Center, Azure Sentinel, Azure Stack Hub", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b34abc30-2386-4f9e-aeaa-ae3aabd6e29d", "vulnerability": {"vulnId": "CVE-2020-0878", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "b34abc30-2386-4f9e-aeaa-ae3aabd6e29d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Browser Memory Corruption Vulnerability | Affected: Microsoft / ChakraCore, Microsoft Edge (EdgeHTML-based), Internet Explorer 9, Internet Explorer 11 | CVSS: 4.2 (MEDIUM) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-0878", "url": "https://www.cve.org/CVERecord?id=CVE-2020-0878"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-0878"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Browser Memory Corruption Vulnerability", "vendor": "Microsoft", "product": "ChakraCore, Microsoft Edge (EdgeHTML-based), Internet Explorer 9, Internet Explorer 11", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 4.2, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2f79c7ec-e6fe-411d-9585-7fe759b8547f", "vulnerability": {"vulnId": "CVE-2021-22506", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2f79c7ec-e6fe-411d-9585-7fe759b8547f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0.... | Affected: Micro Focus / Access Manager. | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-22506", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22506"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-22506"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0....", "vendor": "Micro Focus", "product": "Access Manager.", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "02eb3edc-eeb7-4e6b-a94a-8f14a3d5bbad", "vulnerability": {"vulnId": "CVE-2016-0167", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "02eb3edc-eeb7-4e6b-a94a-8f14a3d5bbad", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and... | Affected: Microsoft / Windows | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-0167", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0167"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-0167"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and...", "vendor": "Microsoft", "product": "Windows", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "bb5d77fd-b5fa-4105-a2d2-b6303bb8890f", "vulnerability": {"vulnId": "CVE-2021-33739", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "bb5d77fd-b5fa-4105-a2d2-b6303bb8890f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft DWM Core Library Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2 | CVSS: 8.4 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-33739", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33739"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-33739"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft DWM Core Library Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.4, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "57db2ca2-7d39-455b-a493-ddd06b200884", "vulnerability": {"vulnId": "CVE-2021-1647", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "57db2ca2-7d39-455b-a493-ddd06b200884", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Defender Remote Code Execution Vulnerability | Affected: Microsoft / Microsoft System Center Endpoint Protection, Microsoft System Center 2012 R2 Endpoint Protection, Microsoft Security Essentials, Microsoft System Center 2012 Endpoint Protection, Windows Defender | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-1647", "url": "https://www.cve.org/CVERecord?id=CVE-2021-1647"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-1647"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Defender Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Microsoft System Center Endpoint Protection, Microsoft System Center 2012 R2 Endpoint Protection, Microsoft Security Essentials, Microsoft System Center 2012 Endpoint Protection, Windows Defender", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "eb1ba62e-90ed-4cb0-bf32-ed76d5656088", "vulnerability": {"vulnId": "CVE-2016-0185", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "eb1ba62e-90ed-4cb0-bf32-ed76d5656088", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, and Windows 8.1 allows remote attackers to execute arbitrary code via a crafted Media... | Affected: Microsoft / Windows | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-0185", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0185"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-0185"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, and Windows 8.1 allows remote attackers to execute arbitrary code via a crafted Media...", "vendor": "Microsoft", "product": "Windows", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "21eac2a9-e5c9-4976-a553-7cfb0f7573dc", "vulnerability": {"vulnId": "CVE-2020-0683", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "21eac2a9-e5c9-4976-a553-7cfb0f7573dc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation... | Affected: Microsoft / Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation), Windows 10 Version 1909 for 32-bit Systems, Windows 10 Version 1909 for x64-based Systems, Windows 10 Version 1909 for ARM64-based Systems, Windows Server, version 1909 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-0683", "url": "https://www.cve.org/CVERecord?id=CVE-2020-0683"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-0683"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation...", "vendor": "Microsoft", "product": "Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation), Windows 10 Version 1909 for 32-bit Systems, Windows 10 Version 1909 for x64-based Systems, Windows 10 Version 1909 for ARM64-based Systems, Windows Server, version 1909 (Server Core installation)", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2226acf3-075f-402f-ad13-27e848db8bcc", "vulnerability": {"vulnId": "CVE-2021-33771", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2226acf3-075f-402f-ad13-27e848db8bcc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Kernel Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 8.1, Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-33771", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33771"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-33771"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Kernel Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 8.1, Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3f45197b-8239-4833-8c43-05db1437abf7", "vulnerability": {"vulnId": "CVE-2021-31956", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "3f45197b-8239-4833-8c43-05db1437abf7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows NTFS Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-31956", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31956"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-31956"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows NTFS Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "424c4175-bdc0-4c62-8e87-aacb83d440dc", "vulnerability": {"vulnId": "CVE-2021-31979", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "424c4175-bdc0-4c62-8e87-aacb83d440dc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Kernel Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-31979", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31979"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-31979"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Kernel Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8ffdd04a-9426-4e80-b341-c3a81ef315b4", "vulnerability": {"vulnId": "CVE-2020-0938", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "8ffdd04a-9426-4e80-b341-c3a81ef315b4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a... | Affected: Microsoft / Windows, Windows Server, Windows 10 Version 1909 for 32-bit Systems, Windows 10 Version 1909 for x64-based Systems, Windows 10 Version 1909 for ARM64-based Systems, Windows Server, version 1909 (Server Core installation), Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-0938", "url": "https://www.cve.org/CVERecord?id=CVE-2020-0938"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-0938"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a...", "vendor": "Microsoft", "product": "Windows, Windows Server, Windows 10 Version 1909 for 32-bit Systems, Windows 10 Version 1909 for x64-based Systems, Windows 10 Version 1909 for ARM64-based Systems, Windows Server, version 1909 (Server Core installation), Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "66ee1a72-6f32-46e5-900b-aff926c28739", "vulnerability": {"vulnId": "CVE-2020-17087", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "66ee1a72-6f32-46e5-900b-aff926c28739", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Kernel Local Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1803, Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows Server, version 1909 (Server Core installation), Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation), Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-17087", "url": "https://www.cve.org/CVERecord?id=CVE-2020-17087"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-17087"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Kernel Local Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1803, Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows Server, version 1909 (Server Core installation), Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation), Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d7874dd6-1823-4859-80ad-4368ef00d817", "vulnerability": {"vulnId": "CVE-2021-31199", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "d7874dd6-1823-4859-80ad-4368ef00d817", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 5.2 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-31199", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31199"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-31199"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 5.2, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "00bb9db9-c7e0-483f-8c69-99a7520e6b8c", "vulnerability": {"vulnId": "CVE-2020-1020", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "00bb9db9-c7e0-483f-8c69-99a7520e6b8c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a... | Affected: Microsoft / Windows, Windows Server, Windows 10 Version 1909 for 32-bit Systems, Windows 10 Version 1909 for x64-based Systems, Windows 10 Version 1909 for ARM64-based Systems, Windows Server, version 1909 (Server Core installation), Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation) | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-1020", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1020"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-1020"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a...", "vendor": "Microsoft", "product": "Windows, Windows Server, Windows 10 Version 1909 for 32-bit Systems, Windows 10 Version 1909 for x64-based Systems, Windows 10 Version 1909 for ARM64-based Systems, Windows Server, version 1909 (Server Core installation), Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d056e958-09f1-442d-b75f-ae30a106b789", "vulnerability": {"vulnId": "CVE-2021-38645", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "d056e958-09f1-442d-b75f-ae30a106b789", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Open Management Infrastructure Elevation of Privilege Vulnerability | Affected: Microsoft / Open Management Infrastructure, System Center Operations Manager (SCOM), Azure Automation State Configuration, DSC Extension, Azure Automation Update Management, Log Analytics Agent, Azure Diagnostics (LAD), Container Monitoring Solution, Azure Security Center, Azure Sentinel, Azure Stack Hub | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-38645", "url": "https://www.cve.org/CVERecord?id=CVE-2021-38645"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-38645"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Open Management Infrastructure Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Open Management Infrastructure, System Center Operations Manager (SCOM), Azure Automation State Configuration, DSC Extension, Azure Automation Update Management, Log Analytics Agent, Azure Diagnostics (LAD), Container Monitoring Solution, Azure Security Center, Azure Sentinel, Azure Stack Hub", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "cd71cd49-a8b5-4f5f-81e8-6131880233f0", "vulnerability": {"vulnId": "CVE-2021-36948", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "cd71cd49-a8b5-4f5f-81e8-6131880233f0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Update Medic Service Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2 | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-36948", "url": "https://www.cve.org/CVERecord?id=CVE-2021-36948"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-36948"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Update Medic Service Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "f0155e27-c9fc-4d5a-b18b-bf8423907904", "vulnerability": {"vulnId": "CVE-2014-1812", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "f0155e27-c9fc-4d5a-b18b-bf8423907904", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Group Policy implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and... | Affected: Microsoft / Windows | CVSS: 8.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2014-1812", "url": "https://www.cve.org/CVERecord?id=CVE-2014-1812"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-1812"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Group Policy implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and...", "vendor": "Microsoft", "product": "Windows", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "954de635-c34b-4ecf-9c58-e922c82bdd87", "vulnerability": {"vulnId": "CVE-2021-31955", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "954de635-c34b-4ecf-9c58-e922c82bdd87", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Kernel Information Disclosure Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2 | CVSS: 5.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-31955", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31955"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-31955"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Kernel Information Disclosure Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 5.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6ad4d684-6303-4e68-96ba-b5a8d1d73d84", "vulnerability": {"vulnId": "CVE-2017-7269", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "6ad4d684-6303-4e68-96ba-b5a8d1d73d84", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server... | Affected: Microsoft / Internet Information Services (IIS) | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-7269", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7269"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-7269"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server...", "vendor": "Microsoft", "product": "Internet Information Services (IIS)", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b3406ea8-a7da-4648-852f-380d4f0977fb", "vulnerability": {"vulnId": "CVE-2021-38649", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "b3406ea8-a7da-4648-852f-380d4f0977fb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Open Management Infrastructure Elevation of Privilege Vulnerability | Affected: Microsoft / Open Management Infrastructure, System Center Operations Manager (SCOM), Azure Automation State Configuration, DSC Extension, Azure Automation Update Management, Log Analytics Agent, Azure Diagnostics (LAD), Container Monitoring Solution, Azure Security Center, Azure Sentinel, Azure Stack Hub | CVSS: 7.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-38649", "url": "https://www.cve.org/CVERecord?id=CVE-2021-38649"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-38649"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Open Management Infrastructure Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Open Management Infrastructure, System Center Operations Manager (SCOM), Azure Automation State Configuration, DSC Extension, Azure Automation Update Management, Log Analytics Agent, Azure Diagnostics (LAD), Container Monitoring Solution, Azure Security Center, Azure Sentinel, Azure Stack Hub", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "614ff712-14a7-4067-8bb7-bda214624b73", "vulnerability": {"vulnId": "CVE-2020-0688", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "614ff712-14a7-4067-8bb7-bda214624b73", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka... | Affected: Microsoft / Microsoft Exchange Server 2013, Microsoft Exchange Server 2019 Cumulative Update 3, Microsoft Exchange Server 2016 Cumulative Update 14, Microsoft Exchange Server 2016 Cumulative Update 15, Microsoft Exchange Server 2019 Cumulative Update 4, Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 30 | CVSS: 8.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-0688", "url": "https://www.cve.org/CVERecord?id=CVE-2020-0688"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-0688"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka...", "vendor": "Microsoft", "product": "Microsoft Exchange Server 2013, Microsoft Exchange Server 2019 Cumulative Update 3, Microsoft Exchange Server 2016 Cumulative Update 14, Microsoft Exchange Server 2016 Cumulative Update 15, Microsoft Exchange Server 2019 Cumulative Update 4, Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 30", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b7f2db8d-8384-485b-b049-2a3ca61380d1", "vulnerability": {"vulnId": "CVE-2017-0143", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "b7f2db8d-8384-485b-b049-2a3ca61380d1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2;... | Affected: Microsoft Corporation / Windows SMB | CVSS: 8.8 (HIGH) | EPSS: 0.93307 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-0143", "url": "https://www.cve.org/CVERecord?id=CVE-2017-0143"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-0143"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2;...", "vendor": "Microsoft Corporation", "product": "Windows SMB", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": 0.93307, "cvss_severity": "HIGH", "epss_percentile": 0.99823, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e3bb30ce-4014-414c-8e96-eeaea00c7d3a", "vulnerability": {"vulnId": "CVE-2016-7255", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e3bb30ce-4014-414c-8e96-eeaea00c7d3a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold... | Affected: Microsoft / Windows | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2016-7255", "url": "https://www.cve.org/CVERecord?id=CVE-2016-7255"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-7255"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold...", "vendor": "Microsoft", "product": "Windows", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ae903245-b003-426c-aa0a-1c198f3afa72", "vulnerability": {"vulnId": "CVE-2021-34473", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "ae903245-b003-426c-aa0a-1c198f3afa72", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Exchange Server Remote Code Execution Vulnerability | Affected: Microsoft / Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 9, Microsoft Exchange Server 2016 Cumulative Update 20, Microsoft Exchange Server 2016 Cumulative Update 19, Microsoft Exchange Server 2019 Cumulative Update 8 | CVSS: 9.1 (CRITICAL) | EPSS: 0.99999 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-34473", "url": "https://www.cve.org/CVERecord?id=CVE-2021-34473"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-34473"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Exchange Server Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 9, Microsoft Exchange Server 2016 Cumulative Update 20, Microsoft Exchange Server 2016 Cumulative Update 19, Microsoft Exchange Server 2019 Cumulative Update 8", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.1, "epss_score": 0.99999, "cvss_severity": "CRITICAL", "epss_percentile": 0.99998, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "751f5027-b3f6-47ac-ad5f-6a4e09ee1cc0", "vulnerability": {"vulnId": "CVE-2021-1732", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "751f5027-b3f6-47ac-ad5f-6a4e09ee1cc0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Win32k Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1803, Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows Server, version 1909 (Server Core installation), Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2 | CVSS: 7.8 (HIGH) | EPSS: 0.78376 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-1732", "url": "https://www.cve.org/CVERecord?id=CVE-2021-1732"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-1732"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Win32k Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1803, Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows Server, version 1909 (Server Core installation), Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": 0.78376, "cvss_severity": "HIGH", "epss_percentile": 0.99526, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "dd5280bb-c330-4a92-9147-d6c585b9e728", "vulnerability": {"vulnId": "CVE-2021-34527", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "dd5280bb-c330-4a92-9147-d6c585b9e728", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Print Spooler Remote Code Execution Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 8.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-34527", "url": "https://www.cve.org/CVERecord?id=CVE-2021-34527"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-34527"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Print Spooler Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "237007b4-dc26-45db-85cf-526a8531d040", "vulnerability": {"vulnId": "CVE-2021-33742", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "237007b4-dc26-45db-85cf-526a8531d040", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows MSHTML Platform Remote Code Execution Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows 10 Version 20H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2012, Windows Server 2012 R2 | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-33742", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33742"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-33742"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows MSHTML Platform Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows 10 Version 20H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2012, Windows Server 2012 R2", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "db34291a-580f-4d32-8d76-5da74bb01115", "vulnerability": {"vulnId": "CVE-2021-28310", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "db34291a-580f-4d32-8d76-5da74bb01115", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Win32k Elevation of Privilege Vulnerability | Affected: Microsoft / Windows 10 Version 1803, Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows Server, version 1909 (Server Core installation), Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2 | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-28310", "url": "https://www.cve.org/CVERecord?id=CVE-2021-28310"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-28310"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Win32k Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1803, Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows Server, version 1909 (Server Core installation), Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b754d60e-067f-4106-b270-c6393b9a6bad", "vulnerability": {"vulnId": "CVE-2020-1350", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "b754d60e-067f-4106-b270-c6393b9a6bad", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS... | Affected: Microsoft / Windows Server, Windows Server, version 1909 (Server Core installation), Windows Server, version 1903 (Server Core installation), Windows Server, version 2004 (Server Core installation) | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-1350", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1350"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-1350"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS...", "vendor": "Microsoft", "product": "Windows Server, Windows Server, version 1909 (Server Core installation), Windows Server, version 1903 (Server Core installation), Windows Server, version 2004 (Server Core installation)", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "333a11c1-209f-4289-a818-a3e66892e8b3", "vulnerability": {"vulnId": "CVE-2021-26411", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "333a11c1-209f-4289-a818-a3e66892e8b3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Internet Explorer Memory Corruption Vulnerability | Affected: Microsoft / Internet Explorer 9, Internet Explorer 11, Microsoft Edge (EdgeHTML-based) | CVSS: 8.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-26411", "url": "https://www.cve.org/CVERecord?id=CVE-2021-26411"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-26411"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Internet Explorer Memory Corruption Vulnerability", "vendor": "Microsoft", "product": "Internet Explorer 9, Internet Explorer 11, Microsoft Edge (EdgeHTML-based)", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "6a4eea75-27dc-4af8-8d30-13dab6ae53da", "vulnerability": {"vulnId": "CVE-2021-34523", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "6a4eea75-27dc-4af8-8d30-13dab6ae53da", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Exchange Server Elevation of Privilege Vulnerability | Affected: Microsoft / Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 9, Microsoft Exchange Server 2016 Cumulative Update 20, Microsoft Exchange Server 2016 Cumulative Update 19, Microsoft Exchange Server 2019 Cumulative Update 8 | CVSS: 9.0 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-34523", "url": "https://www.cve.org/CVERecord?id=CVE-2021-34523"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-34523"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Exchange Server Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 9, Microsoft Exchange Server 2016 Cumulative Update 20, Microsoft Exchange Server 2016 Cumulative Update 19, Microsoft Exchange Server 2019 Cumulative Update 8", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e7025658-a458-4ff0-84a9-c135495e86b1", "vulnerability": {"vulnId": "CVE-2020-8193", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e7025658-a458-4ff0-84a9-c135495e86b1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix... | Affected: Citrix / Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP | CVSS: 6.5 (MEDIUM) | EPSS: 0.88411 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-8193", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8193"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-8193"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix...", "vendor": "Citrix", "product": "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 6.5, "epss_score": 0.88411, "cvss_severity": "MEDIUM", "epss_percentile": 0.99751, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "a13133f8-8c70-4a10-a540-8a6cb57d7ecd", "vulnerability": {"vulnId": "CVE-2021-40444", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a13133f8-8c70-4a10-a540-8a6cb57d7ecd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft MSHTML Remote Code Execution Vulnerability | Affected: Microsoft / Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 8.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-40444", "url": "https://www.cve.org/CVERecord?id=CVE-2021-40444"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-40444"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft MSHTML Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2c42efb4-9e13-46c6-be3e-1f1a2143fc62", "vulnerability": {"vulnId": "CVE-2020-0986", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2c42efb4-9e13-46c6-be3e-1f1a2143fc62", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of... | Affected: Microsoft / Windows, Windows Server, Windows 10 Version 1909 for 32-bit Systems, Windows 10 Version 1909 for x64-based Systems, Windows 10 Version 1909 for ARM64-based Systems, Windows Server, version 1909 (Server Core installation), Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation), Windows 10 Version 2004 for 32-bit Systems, Windows Server, version 2004 (Server Core installation), Windows 10 Version 2004 for ARM64-based Systems, Windows 10 Version 2004 for x64-based Systems | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-0986", "url": "https://www.cve.org/CVERecord?id=CVE-2020-0986"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-0986"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of...", "vendor": "Microsoft", "product": "Windows, Windows Server, Windows 10 Version 1909 for 32-bit Systems, Windows 10 Version 1909 for x64-based Systems, Windows 10 Version 1909 for ARM64-based Systems, Windows Server, version 1909 (Server Core installation), Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation), Windows 10 Version 2004 for 32-bit Systems, Windows Server, version 2004 (Server Core installation), Windows 10 Version 2004 for ARM64-based Systems, Windows 10 Version 2004 for x64-based Systems", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "5e3d18f4-92f5-40d3-a936-ca23ff6893fd", "vulnerability": {"vulnId": "CVE-2021-38648", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "5e3d18f4-92f5-40d3-a936-ca23ff6893fd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Open Management Infrastructure Elevation of Privilege Vulnerability | Affected: Microsoft / Open Management Infrastructure, System Center Operations Manager (SCOM), Azure Automation State Configuration, DSC Extension, Azure Automation Update Management, Log Analytics Agent, Azure Diagnostics (LAD), Container Monitoring Solution, Azure Security Center, Azure Sentinel, Azure Stack Hub | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-38648", "url": "https://www.cve.org/CVERecord?id=CVE-2021-38648"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-38648"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Open Management Infrastructure Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Open Management Infrastructure, System Center Operations Manager (SCOM), Azure Automation State Configuration, DSC Extension, Azure Automation Update Management, Log Analytics Agent, Azure Diagnostics (LAD), Container Monitoring Solution, Azure Security Center, Azure Sentinel, Azure Stack Hub", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "fde2b36b-8fdd-47b2-b438-95aa0c2cf1f9", "vulnerability": {"vulnId": "CVE-2018-8653", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "fde2b36b-8fdd-47b2-b438-95aa0c2cf1f9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka \"Scripting... | Affected: Microsoft / Internet Explorer 9, Internet Explorer 11, Internet Explorer 10 | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-8653", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8653"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-8653"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka \"Scripting...", "vendor": "Microsoft", "product": "Internet Explorer 9, Internet Explorer 11, Internet Explorer 10", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b443a13c-9ae5-4bd8-8fdf-428517b6f296", "vulnerability": {"vulnId": "CVE-2019-0708", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "b443a13c-9ae5-4bd8-8fdf-428517b6f296", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker... | Affected: Microsoft / Windows, Windows Server | CVSS: 9.8 (CRITICAL) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-0708", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0708"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-0708"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker...", "vendor": "Microsoft", "product": "Windows, Windows Server", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "99110d3f-4bc9-4bf0-a99d-cbbfeb78e5d1", "vulnerability": {"vulnId": "CVE-2020-1464", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "99110d3f-4bc9-4bf0-a99d-cbbfeb78e5d1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Spoofing Vulnerability | Affected: Microsoft / Windows 10 Version 1803, Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows Server, version 1909 (Server Core installation), Windows 10 Version 1709 for 32-bit Systems, Windows 10 Version 1709, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation), Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2020-1464", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1464"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-1464"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Spoofing Vulnerability", "vendor": "Microsoft", "product": "Windows 10 Version 1803, Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows Server, version 1909 (Server Core installation), Windows 10 Version 1709 for 32-bit Systems, Windows 10 Version 1709, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation), Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "66a4179e-fbfc-4815-a99a-93fb1fec1d6b", "vulnerability": {"vulnId": "CVE-2021-31207", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "66a4179e-fbfc-4815-a99a-93fb1fec1d6b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Exchange Server Security Feature Bypass Vulnerability | Affected: Microsoft / Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 9, Microsoft Exchange Server 2016 Cumulative Update 20, Microsoft Exchange Server 2016 Cumulative Update 19, Microsoft Exchange Server 2019 Cumulative Update 8 | CVSS: 6.6 (MEDIUM) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-31207", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31207"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-31207"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Exchange Server Security Feature Bypass Vulnerability", "vendor": "Microsoft", "product": "Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 9, Microsoft Exchange Server 2016 Cumulative Update 20, Microsoft Exchange Server 2016 Cumulative Update 19, Microsoft Exchange Server 2019 Cumulative Update 8", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 6.6, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "01fb8930-8930-47b8-a78d-1df6dd519b88", "vulnerability": {"vulnId": "CVE-2019-0797", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "01fb8930-8930-47b8-a78d-1df6dd519b88", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k... | Affected: Microsoft / Windows Server, Windows | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-0797", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0797"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-0797"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k...", "vendor": "Microsoft", "product": "Windows Server, Windows", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "9dfdd8ae-3efe-4514-9bcb-9cd1219abbe3", "vulnerability": {"vulnId": "CVE-2021-36942", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "9dfdd8ae-3efe-4514-9bcb-9cd1219abbe3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows LSA Spoofing Vulnerability | Affected: Microsoft / Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server version 2004, Windows Server version 20H2, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.5 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-36942", "url": "https://www.cve.org/CVERecord?id=CVE-2021-36942"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-36942"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows LSA Spoofing Vulnerability", "vendor": "Microsoft", "product": "Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server version 2004, Windows Server version 20H2, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008  Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "2e7aa594-966c-4dbe-a0f8-a69c577826e3", "vulnerability": {"vulnId": "CVE-2018-0798", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2e7aa594-966c-4dbe-a0f8-a69c577826e3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution... | Affected: Microsoft Corporation / Equation Editor | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2018-0798", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0798"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-0798"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution...", "vendor": "Microsoft Corporation", "product": "Equation Editor", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c964776d-5253-4d60-a0b3-0a1d36bd1e28", "vulnerability": {"vulnId": "CVE-2015-1641", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "c964776d-5253-4d60-a0b3-0a1d36bd1e28", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word... | Affected: Microsoft / Word | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2015-1641", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1641"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-1641"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word...", "vendor": "Microsoft", "product": "Word", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d040e061-3da9-4467-8798-eee1344f6638", "vulnerability": {"vulnId": "CVE-2021-27085", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "d040e061-3da9-4467-8798-eee1344f6638", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Internet Explorer Remote Code Execution Vulnerability | Affected: Microsoft / Internet Explorer 11 | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-27085", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27085"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-27085"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Internet Explorer Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Internet Explorer 11", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "19db005a-a429-4563-840b-c723f4492920", "vulnerability": {"vulnId": "CVE-2019-0541", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "19db005a-a429-4563-840b-c723f4492920", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka \"MSHTML Engine Remote Code Execution... | Affected: Microsoft / Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-0541", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0541"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-0541"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka \"MSHTML Engine Remote Code Execution...", "vendor": "Microsoft", "product": "Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "48a6c264-3e1b-4cd2-a312-ccb4689908ee", "vulnerability": {"vulnId": "CVE-2019-0859", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "48a6c264-3e1b-4cd2-a312-ccb4689908ee", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k... | Affected: Microsoft / Windows, Windows Server | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-0859", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0859"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-0859"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k...", "vendor": "Microsoft", "product": "Windows, Windows Server", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "74f3a06f-045c-40d9-88eb-40c6cdf7fdde", "vulnerability": {"vulnId": "CVE-2017-8759", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "74f3a06f-045c-40d9-88eb-40c6cdf7fdde", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or... | Affected: Microsoft Corporation / Microsoft .NET Framework | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-8759", "url": "https://www.cve.org/CVERecord?id=CVE-2017-8759"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-8759"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or...", "vendor": "Microsoft Corporation", "product": "Microsoft .NET Framework", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "894b705e-81af-4b97-8182-5822aa874554", "vulnerability": {"vulnId": "CVE-2019-1215", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "894b705e-81af-4b97-8182-5822aa874554", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege... | Affected: Microsoft / Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation) | CVSS: 7.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2019-1215", "url": "https://www.cve.org/CVERecord?id=CVE-2019-1215"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-1215"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege...", "vendor": "Microsoft", "product": "Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "3f1e4b32-638e-4f3f-9ea6-9b48b356faea", "vulnerability": {"vulnId": "CVE-2012-0158", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "3f1e4b32-638e-4f3f-9ea6-9b48b356faea", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003... | Affected: Microsoft / Office | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2012-0158", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0158"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2012-0158"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003...", "vendor": "Microsoft", "product": "Office", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "d631fd8b-5048-4232-aa33-03fc1b5c2478", "vulnerability": {"vulnId": "CVE-2017-11882", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "d631fd8b-5048-4232-aa33-03fc1b5c2478", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow... | Affected: Microsoft Corporation / Microsoft Office | CVSS: 7.8 (HIGH) | EPSS: 0.99945 | Used in malware: yes | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2017-11882", "url": "https://www.cve.org/CVERecord?id=CVE-2017-11882"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-11882"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow...", "vendor": "Microsoft Corporation", "product": "Microsoft Office", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.8, "epss_score": 0.99945, "cvss_severity": "HIGH", "epss_percentile": 0.99971, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "54fbc4f2-346f-4542-bcc5-70f868f0f26a", "vulnerability": {"vulnId": "CVE-2021-27059", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "54fbc4f2-346f-4542-bcc5-70f868f0f26a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Office Remote Code Execution Vulnerability | Affected: Microsoft / Microsoft Office 2016, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1 | CVSS: 7.6 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2021-27059", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27059"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-27059"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Office Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Microsoft Office 2016, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1", "added_date": "2021-11-03T00:00:00.000Z", "cvss_score": 7.6, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}]}
{"uuid": "7cee50ce-98a0-4d3c-9ef4-a7d3862c35d0", "vulnerability": {"vulnId": "CVE-2021-42359", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-02T07:04:17+00:00"}, "gcve": {"object_uuid": "7cee50ce-98a0-4d3c-9ef4-a7d3862c35d0", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-02T07:04:17+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-11-02T07:04:17+00:00"}, "scope": {"notes": "KEVIntel entry: WP DSGVO Tools (GDPR) <= 3.1.23 Unauthenticated Arbitrary Post Deletion | Affected: legalweb / WP DSGVO Tools (GDPR) | CVSS: 7.5 (HIGH) | EPSS: 0.01446 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-42359", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42359"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-42359"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WP DSGVO Tools (GDPR) <= 3.1.23 Unauthenticated Arbitrary Post Deletion", "vendor": "legalweb", "product": "WP DSGVO Tools (GDPR)", "added_date": "2021-11-02T07:04:17.000Z", "cvss_score": 7.5, "epss_score": 0.01446, "cvss_severity": "HIGH", "epss_percentile": 0.79679, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "6122d383-7a21-406b-a736-b4b396db25f9", "vulnerability": {"vulnId": "CVE-2021-38154", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-08-29T04:59:18+00:00"}, "gcve": {"object_uuid": "6122d383-7a21-406b-a736-b4b396db25f9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-08-29T04:59:18+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-08-29T04:59:18+00:00"}, "scope": {"notes": "KEVIntel entry: Certain Canon devices manufactured in 2012 through 2020 (such as imageRUNNER ADVANCE iR-ADV C5250), when Catwalk Server is enabled for HTTP access,... | Affected: Canon / imageRUNNER ADVANCE iR-ADV C5250 | CVSS: 7.5 (HIGH) | EPSS: 0.04 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-38154", "url": "https://www.cve.org/CVERecord?id=CVE-2021-38154"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-38154"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Certain Canon devices manufactured in 2012 through 2020 (such as imageRUNNER ADVANCE iR-ADV C5250), when Catwalk Server is enabled for HTTP access,...", "vendor": "Canon", "product": "imageRUNNER ADVANCE iR-ADV C5250", "added_date": "2021-08-29T04:59:18.000Z", "cvss_score": 7.5, "epss_score": 0.04, "cvss_severity": "HIGH", "epss_percentile": 0.89198, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "bbe52935-d14e-47f1-a820-e6c84a186a4a", "vulnerability": {"vulnId": "CVE-2021-34621", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-06-28T11:22:25+00:00"}, "gcve": {"object_uuid": "bbe52935-d14e-47f1-a820-e6c84a186a4a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-06-28T11:22:25+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-06-28T11:22:25+00:00"}, "scope": {"notes": "KEVIntel entry: ProfilePress 3.0 - 3.1.3 - Unauthenticated Privilege Escalation | Affected: ProfilePress / ProfilePress | CVSS: 9.8 (CRITICAL) | EPSS: 0.91153 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-34621", "url": "https://www.cve.org/CVERecord?id=CVE-2021-34621"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-34621"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "ProfilePress 3.0 - 3.1.3 - Unauthenticated Privilege Escalation", "vendor": "ProfilePress", "product": "ProfilePress", "added_date": "2021-06-28T11:22:25.000Z", "cvss_score": 9.8, "epss_score": 0.91153, "cvss_severity": "CRITICAL", "epss_percentile": 0.99609, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "42858fed-e84f-437d-bced-406cecc14c32", "vulnerability": {"vulnId": "CVE-2021-34619", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-06-14T08:23:03+00:00"}, "gcve": {"object_uuid": "42858fed-e84f-437d-bced-406cecc14c32", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-06-14T08:23:03+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-06-14T08:23:03+00:00"}, "scope": {"notes": "KEVIntel entry: Cross-Site Request Forgery in WooCommerce Stock Manager WordPress Plugin | Affected: StoreApps / WooCommerce Stock Manager | CVSS: 8.8 (HIGH) | EPSS: 0.00109 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-34619", "url": "https://www.cve.org/CVERecord?id=CVE-2021-34619"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-34619"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cross-Site Request Forgery in WooCommerce Stock Manager WordPress Plugin", "vendor": "StoreApps", "product": "WooCommerce Stock Manager", "added_date": "2021-06-14T08:23:03.000Z", "cvss_score": 8.8, "epss_score": 0.00109, "cvss_severity": "HIGH", "epss_percentile": 0.30543, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "9a80909e-63d5-4c2c-8387-110c8c61c56c", "vulnerability": {"vulnId": "CVE-2021-24370", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-06-01T08:59:19+00:00"}, "gcve": {"object_uuid": "9a80909e-63d5-4c2c-8387-110c8c61c56c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-06-01T08:59:19+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-06-01T08:59:19+00:00"}, "scope": {"notes": "KEVIntel entry: Fancy Product Designer < 4.6.9 - Unauthenticated Arbitrary File Upload and RCE | Affected: Unknown / Fancy Product Designer | CVSS: 9.8 (CRITICAL) | EPSS: 0.8345 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-24370", "url": "https://www.cve.org/CVERecord?id=CVE-2021-24370"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-24370"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Fancy Product Designer < 4.6.9 - Unauthenticated Arbitrary File Upload and RCE", "vendor": "Unknown", "product": "Fancy Product Designer", "added_date": "2021-06-01T08:59:19.000Z", "cvss_score": 9.8, "epss_score": 0.8345, "cvss_severity": "CRITICAL", "epss_percentile": 0.99209, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "6758b60d-b2cd-4ecb-8850-b96254059040", "vulnerability": {"vulnId": "CVE-2021-24217", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-03-25T07:17:45+00:00"}, "gcve": {"object_uuid": "6758b60d-b2cd-4ecb-8850-b96254059040", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-03-25T07:17:45+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-03-25T07:17:45+00:00"}, "scope": {"notes": "KEVIntel entry: Facebook for WordPress < 3.0.0 - PHP Object Injection with POP Chain | Affected: Unknown / Facebook for WordPress | CVSS: 8.1 (HIGH) | EPSS: 0.06505 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-24217", "url": "https://www.cve.org/CVERecord?id=CVE-2021-24217"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-24217"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Facebook for WordPress < 3.0.0 - PHP Object Injection with POP Chain", "vendor": "Unknown", "product": "Facebook for WordPress", "added_date": "2021-03-25T07:17:45.000Z", "cvss_score": 8.1, "epss_score": 0.06505, "cvss_severity": "HIGH", "epss_percentile": 0.90578, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "41badb06-51a8-4217-8909-a131e83394a9", "vulnerability": {"vulnId": "CVE-2021-24219", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-03-24T10:36:04+00:00"}, "gcve": {"object_uuid": "41badb06-51a8-4217-8909-a131e83394a9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-03-24T10:36:04+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-03-24T10:36:04+00:00"}, "scope": {"notes": "KEVIntel entry: All Thrive Themes and Plugins - Unauthenticated Option Update | Affected: Thrive Themes / Thrive Optimize, Thrive Comments, Thrive Headline Optimizer, Thrive Leads, Thrive Ultimatum, Thrive Quiz Builder, Thrive Apprentice, Thrive Visual Editor, Thrive Dashboard, Thrive Ovation, Thrive Clever Widgets, Rise by Thrive Themes, Ignition by Thrive Themes, Luxe by Thrive Themes, FocusBlog by Thrive Themes, Minus by Thrive Themes, Squared by Thrive Themes, Voice, Performag by Thrive Themes, Pressive by Thrive Themes, Storied by Thrive Themes, Thrive Themes Builder | CVSS: 5.3 (MEDIUM) | EPSS: 0.00178 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-24219", "url": "https://www.cve.org/CVERecord?id=CVE-2021-24219"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-24219"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "All Thrive Themes and Plugins - Unauthenticated Option Update", "vendor": "Thrive Themes", "product": "Thrive Optimize, Thrive Comments, Thrive Headline Optimizer, Thrive Leads, Thrive Ultimatum, Thrive Quiz Builder, Thrive Apprentice, Thrive Visual Editor, Thrive Dashboard, Thrive Ovation, Thrive Clever Widgets, Rise by Thrive Themes, Ignition by Thrive Themes, Luxe by Thrive Themes, FocusBlog by Thrive Themes, Minus by Thrive Themes, Squared by Thrive Themes, Voice, Performag by Thrive Themes, Pressive by Thrive Themes, Storied by Thrive Themes, Thrive Themes Builder", "added_date": "2021-03-24T10:36:04.000Z", "cvss_score": 5.3, "epss_score": 0.00178, "cvss_severity": "MEDIUM", "epss_percentile": 0.40013, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "fcc25767-312d-4378-86e4-9985836972e1", "vulnerability": {"vulnId": "CVE-2021-24170", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-03-03T06:33:07+00:00"}, "gcve": {"object_uuid": "fcc25767-312d-4378-86e4-9985836972e1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-03-03T06:33:07+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2021-03-03T06:33:07+00:00"}, "scope": {"notes": "KEVIntel entry: User Profile Picture < 2.5.0 - Sensitive Information Disclosure | Affected: Unknown / User Profile Picture | CVSS: 7.5 (HIGH) | EPSS: 0.00554 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2021-24170", "url": "https://www.cve.org/CVERecord?id=CVE-2021-24170"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-24170"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "User Profile Picture < 2.5.0 - Sensitive Information Disclosure", "vendor": "Unknown", "product": "User Profile Picture", "added_date": "2021-03-03T06:33:07.000Z", "cvss_score": 7.5, "epss_score": 0.00554, "cvss_severity": "HIGH", "epss_percentile": 0.66821, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "8c933597-3184-468f-a2e5-34d31c8ace97", "vulnerability": {"vulnId": "CVE-2020-26876", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2020-10-07T16:56:25+00:00"}, "gcve": {"object_uuid": "8c933597-3184-468f-a2e5-34d31c8ace97", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2020-10-07T16:56:25+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2020-10-07T16:56:25+00:00"}, "scope": {"notes": "KEVIntel entry: The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step (for course videos and materials) by... | Affected: WordPress / wp-courses plugin | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-26876", "url": "https://www.cve.org/CVERecord?id=CVE-2020-26876"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-26876"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step (for course videos and materials) by...", "vendor": "WordPress", "product": "wp-courses plugin", "added_date": "2020-10-07T16:56:25.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "f5d902ca-868d-4026-ac49-71b718590212", "vulnerability": {"vulnId": "CVE-2020-35948", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2020-09-22T13:28:02+00:00"}, "gcve": {"object_uuid": "f5d902ca-868d-4026-ac49-71b718590212", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2020-09-22T13:28:02+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2020-09-22T13:28:02+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify... | Affected: watchful.li / XCloner Backup and Restore | CVSS: 9.9 (CRITICAL) | EPSS: 0.49962 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-35948", "url": "https://www.cve.org/CVERecord?id=CVE-2020-35948"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-35948"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify...", "vendor": "watchful.li", "product": "XCloner Backup and Restore", "added_date": "2020-09-22T13:28:02.000Z", "cvss_score": 9.9, "epss_score": 0.49962, "cvss_severity": "CRITICAL", "epss_percentile": 0.9765, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "07ce1cf2-febe-4e9a-95cd-d0d125c2bda1", "vulnerability": {"vulnId": "CVE-2020-35949", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2020-08-13T12:09:59+00:00"}, "gcve": {"object_uuid": "07ce1cf2-febe-4e9a-95cd-d0d125c2bda1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2020-08-13T12:09:59+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2020-08-13T12:09:59+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers to... | Affected: WordPress / Quiz and Survey Master plugin | CVSS: 10.0 (CRITICAL) | EPSS: 0.13311 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-35949", "url": "https://www.cve.org/CVERecord?id=CVE-2020-35949"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-35949"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers to...", "vendor": "WordPress", "product": "Quiz and Survey Master plugin", "added_date": "2020-08-13T12:09:59.000Z", "cvss_score": 10.0, "epss_score": 0.13311, "cvss_severity": "CRITICAL", "epss_percentile": 0.93758, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "99505461-d6cc-4afb-9ef7-95471a9cc583", "vulnerability": {"vulnId": "CVE-2020-35945", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2020-08-04T05:57:42+00:00"}, "gcve": {"object_uuid": "99505461-d6cc-4afb-9ef7-95471a9cc583", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2020-08-04T05:57:42+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2020-08-04T05:57:42+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with... | Affected: Elegant Themes / Divi | CVSS: 9.9 (CRITICAL) | EPSS: 0.01667 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-35945", "url": "https://www.cve.org/CVERecord?id=CVE-2020-35945"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-35945"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with...", "vendor": "Elegant Themes", "product": "Divi", "added_date": "2020-08-04T05:57:42.000Z", "cvss_score": 9.9, "epss_score": 0.01667, "cvss_severity": "CRITICAL", "epss_percentile": 0.81078, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "3447e596-f2a7-4f84-a524-e595e7ce191d", "vulnerability": {"vulnId": "CVE-2020-24186", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2020-07-28T14:15:03+00:00"}, "gcve": {"object_uuid": "3447e596-f2a7-4f84-a524-e595e7ce191d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2020-07-28T14:15:03+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2020-07-28T14:15:03+00:00"}, "scope": {"notes": "KEVIntel entry: A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to... | Affected: gVectors / wpDiscuz | CVSS: 10.0 (CRITICAL) | EPSS: 0.93857 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-24186", "url": "https://www.cve.org/CVERecord?id=CVE-2020-24186"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-24186"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to...", "vendor": "gVectors", "product": "wpDiscuz", "added_date": "2020-07-28T14:15:03.000Z", "cvss_score": 10.0, "epss_score": 0.93857, "cvss_severity": "CRITICAL", "epss_percentile": 0.99855, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "cd9c4712-1cbd-4028-9f06-dff3f23d4703", "vulnerability": {"vulnId": "CVE-2020-12075", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2020-03-24T07:10:05+00:00"}, "gcve": {"object_uuid": "cd9c4712-1cbd-4028-9f06-dff3f23d4703", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2020-03-24T07:10:05+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2020-03-24T07:10:05+00:00"}, "scope": {"notes": "KEVIntel entry: The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks capability checks for AJAX actions. | Affected: supsystic.com / data-tables-generator-by-supsystic | CVSS: 8.8 (HIGH) | EPSS: 0.00423 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-12075", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12075"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-12075"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks capability checks for AJAX actions.", "vendor": "supsystic.com", "product": "data-tables-generator-by-supsystic", "added_date": "2020-03-24T07:10:05.000Z", "cvss_score": 8.8, "epss_score": 0.00423, "cvss_severity": "HIGH", "epss_percentile": 0.61029, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "4bad2ad5-4d8f-44c8-a81a-8a274bf320ec", "vulnerability": {"vulnId": "CVE-2014-8739", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2020-02-08T17:21:54+00:00"}, "gcve": {"object_uuid": "4bad2ad5-4d8f-44c8-a81a-8a274bf320ec", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2020-02-08T17:21:54+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2020-02-08T17:21:54+00:00"}, "scope": {"notes": "KEVIntel entry: Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative... | Affected: jQuery / File Upload Plugin | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2014-8739", "url": "https://www.cve.org/CVERecord?id=CVE-2014-8739"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-8739"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative...", "vendor": "jQuery", "product": "File Upload Plugin", "added_date": "2020-02-08T17:21:54.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a8a778f9-d0d6-4a9f-8daf-521154751b45", "vulnerability": {"vulnId": "CVE-2020-8417", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2020-01-28T14:27:48+00:00"}, "gcve": {"object_uuid": "a8a778f9-d0d6-4a9f-8daf-521154751b45", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2020-01-28T14:27:48+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2020-01-28T14:27:48+00:00"}, "scope": {"notes": "KEVIntel entry: The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu. | Affected: Code Snippets / Code Snippets plugin for WordPress | CVSS: 8.8 (HIGH) | EPSS: 0.50314 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-8417", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8417"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-8417"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu.", "vendor": "Code Snippets", "product": "Code Snippets plugin for WordPress", "added_date": "2020-01-28T14:27:48.000Z", "cvss_score": 8.8, "epss_score": 0.50314, "cvss_severity": "HIGH", "epss_percentile": 0.97664, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "50781bdd-01be-4a04-9500-13392f900bf4", "vulnerability": {"vulnId": "CVE-2020-6167", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2020-01-08T11:25:14+00:00"}, "gcve": {"object_uuid": "50781bdd-01be-4a04-9500-13392f900bf4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2020-01-08T11:25:14+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2020-01-08T11:25:14+00:00"}, "scope": {"notes": "KEVIntel entry: A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows a CSRF attack to enable maintenance mode, inject... | Affected: WordPress / Minimal Coming Soon & Maintenance Mode plugin | CVSS: 8.8 (HIGH) | EPSS: 0.0073 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2020-6167", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6167"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-6167"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows a CSRF attack to enable maintenance mode, inject...", "vendor": "WordPress", "product": "Minimal Coming Soon & Maintenance Mode plugin", "added_date": "2020-01-08T11:25:14.000Z", "cvss_score": 8.8, "epss_score": 0.0073, "cvss_severity": "HIGH", "epss_percentile": 0.71439, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "d7a5d432-f5a7-4b65-9eb9-f2b2209ac9ab", "vulnerability": {"vulnId": "CVE-2019-19915", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2019-12-19T10:20:28+00:00"}, "gcve": {"object_uuid": "d7a5d432-f5a7-4b65-9eb9-f2b2209ac9ab", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2019-12-19T10:20:28+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2019-12-19T10:20:28+00:00"}, "scope": {"notes": "KEVIntel entry: The \"301 Redirects - Easy Redirect Manager\" plugin before 2.45 for WordPress allows users (with subscriber or greater access) to modify, delete, or... | Affected: WordPress / 301 Redirects - Easy Redirect Manager | CVSS: 9.0 (CRITICAL) | EPSS: 0.00181 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2019-19915", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19915"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-19915"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The \"301 Redirects - Easy Redirect Manager\" plugin before 2.45 for WordPress allows users (with subscriber or greater access) to modify, delete, or...", "vendor": "WordPress", "product": "301 Redirects - Easy Redirect Manager", "added_date": "2019-12-19T10:20:28.000Z", "cvss_score": 9.0, "epss_score": 0.00181, "cvss_severity": "CRITICAL", "epss_percentile": 0.40448, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "8958da4f-eb67-46a8-a746-8a9b26987a61", "vulnerability": {"vulnId": "CVE-2018-18852", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2019-06-18T15:00:32+00:00"}, "gcve": {"object_uuid": "8958da4f-eb67-46a8-a746-8a9b26987a61", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2019-06-18T15:00:32+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2019-06-18T15:00:32+00:00"}, "scope": {"notes": "KEVIntel entry: Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use... | Affected: Cerio / DT-300N | CVSS: 8.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-18852", "url": "https://www.cve.org/CVERecord?id=CVE-2018-18852"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-18852"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use...", "vendor": "Cerio", "product": "DT-300N", "added_date": "2019-06-18T15:00:32.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "0df83150-ccb0-48a3-a36e-a5216c2e0b04", "vulnerability": {"vulnId": "CVE-2019-6703", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2019-01-25T12:23:06+00:00"}, "gcve": {"object_uuid": "0df83150-ccb0-48a3-a36e-a5216c2e0b04", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2019-01-25T12:23:06+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2019-01-25T12:23:06+00:00"}, "scope": {"notes": "KEVIntel entry: Incorrect access control in migla_ajax_functions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows... | Affected: Calmar Webmedia / Total Donations plugin for WordPress | CVSS: 9.8 (CRITICAL) | EPSS: 0.05645 | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2019-6703", "url": "https://www.cve.org/CVERecord?id=CVE-2019-6703"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2019-6703"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Incorrect access control in migla_ajax_functions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows...", "vendor": "Calmar Webmedia", "product": "Total Donations plugin for WordPress", "added_date": "2019-01-25T12:23:06.000Z", "cvss_score": 9.8, "epss_score": 0.05645, "cvss_severity": "CRITICAL", "epss_percentile": 0.89839, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "49020340-7422-47a9-b195-7d9650cc6fb9", "vulnerability": {"vulnId": "CVE-2018-19207", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2018-11-12T17:00:00+00:00"}, "gcve": {"object_uuid": "49020340-7422-47a9-b195-7d9650cc6fb9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2018-11-12T17:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2018-11-12T17:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because... | Affected: Van Ons / WP GDPR Compliance | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-19207", "url": "https://www.cve.org/CVERecord?id=CVE-2018-19207"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-19207"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because...", "vendor": "Van Ons", "product": "WP GDPR Compliance", "added_date": "2018-11-12T17:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "07ede5da-f655-48d3-abbf-74f190412b60", "vulnerability": {"vulnId": "CVE-2018-18956", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2018-11-05T21:00:00+00:00"}, "gcve": {"object_uuid": "07ede5da-f655-48d3-abbf-74f190412b60", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2018-11-05T21:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2018-11-05T21:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6 allows remote attackers to cause a denial of service (segfault... | Affected: Suricata / Suricata | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-18956", "url": "https://www.cve.org/CVERecord?id=CVE-2018-18956"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-18956"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6 allows remote attackers to cause a denial of service (segfault...", "vendor": "Suricata", "product": "Suricata", "added_date": "2018-11-05T21:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a676186c-74a2-4322-85fd-af7ea226efc8", "vulnerability": {"vulnId": "CVE-2018-11329", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2018-05-22T05:00:00+00:00"}, "gcve": {"object_uuid": "a676186c-74a2-4322-85fd-af7ea226efc8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2018-05-22T05:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2018-05-22T05:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The DrugDealer function of a smart contract implementation for Ether Cartel, an Ethereum game, allows attackers to take over the contract's... | Affected: Ether Cartel / Ether Cartel | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-11329", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11329"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-11329"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The DrugDealer function of a smart contract implementation for Ether Cartel, an Ethereum game, allows attackers to take over the contract's...", "vendor": "Ether Cartel", "product": "Ether Cartel", "added_date": "2018-05-22T05:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "9032e396-07ca-4ff5-a8de-9d42034c65eb", "vulnerability": {"vulnId": "CVE-2018-11239", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2018-05-19T18:00:00+00:00"}, "gcve": {"object_uuid": "9032e396-07ca-4ff5-a8de-9d42034c65eb", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2018-05-19T18:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2018-05-19T18:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An integer overflow in the _transfer function of a smart contract implementation for Hexagon (HXG), an Ethereum ERC20 token, allows attackers to... | Affected: Hexagon / HXG (Ethereum ERC20 token) | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-11239", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11239"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-11239"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An integer overflow in the _transfer function of a smart contract implementation for Hexagon (HXG), an Ethereum ERC20 token, allows attackers to...", "vendor": "Hexagon", "product": "HXG (Ethereum ERC20 token)", "added_date": "2018-05-19T18:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "0f816d65-0e90-4b1f-9134-692e58fa2367", "vulnerability": {"vulnId": "CVE-2018-10657", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2018-05-02T16:00:00+00:00"}, "gcve": {"object_uuid": "0f816d65-0e90-4b1f-9134-692e58fa2367", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2018-05-02T16:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2018-05-02T16:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable,... | Affected: Matrix / Synapse | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-10657", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10657"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-10657"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable,...", "vendor": "Matrix", "product": "Synapse", "added_date": "2018-05-02T16:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "2bb8f7b6-7c6e-4436-88d5-2cfa914415ce", "vulnerability": {"vulnId": "CVE-2018-10468", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2018-04-28T13:00:00+00:00"}, "gcve": {"object_uuid": "2bb8f7b6-7c6e-4436-88d5-2cfa914415ce", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2018-04-28T13:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2018-04-28T13:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The transferFrom function of a smart contract implementation for Useless Ethereum Token (UET), an Ethereum ERC20 token, allows attackers to steal... | Affected: Useless Ethereum Token / UET | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-10468", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10468"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-10468"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The transferFrom function of a smart contract implementation for Useless Ethereum Token (UET), an Ethereum ERC20 token, allows attackers to steal...", "vendor": "Useless Ethereum Token", "product": "UET", "added_date": "2018-04-28T13:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a303add1-01b0-4b97-94da-06e0fb79e483", "vulnerability": {"vulnId": "CVE-2018-10376", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2018-04-25T09:00:00+00:00"}, "gcve": {"object_uuid": "a303add1-01b0-4b97-94da-06e0fb79e483", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2018-04-25T09:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2018-04-25T09:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An integer overflow in the transferProxy function of a smart contract implementation for SmartMesh (aka SMT), an Ethereum ERC20 token, allows... | Affected: SmartMesh / SmartMesh | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-10376", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10376"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-10376"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An integer overflow in the transferProxy function of a smart contract implementation for SmartMesh (aka SMT), an Ethereum ERC20 token, allows...", "vendor": "SmartMesh", "product": "SmartMesh", "added_date": "2018-04-25T09:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "64ebe7f4-3fbc-4e0c-a4aa-69da815e5f7c", "vulnerability": {"vulnId": "CVE-2018-10299", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2018-04-23T04:00:00+00:00"}, "gcve": {"object_uuid": "64ebe7f4-3fbc-4e0c-a4aa-69da815e5f7c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2018-04-23T04:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2018-04-23T04:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An integer overflow in the batchTransfer function of a smart contract implementation for Beauty Ecosystem Coin (BEC), the Ethereum ERC20 token used... | Affected: Beauty Chain / Beauty Ecosystem Coin (BEC) | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2018-10299", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10299"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2018-10299"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An integer overflow in the batchTransfer function of a smart contract implementation for Beauty Ecosystem Coin (BEC), the Ethereum ERC20 token used...", "vendor": "Beauty Chain", "product": "Beauty Ecosystem Coin (BEC)", "added_date": "2018-04-23T04:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "539ab405-a286-4a95-be82-153e67eba791", "vulnerability": {"vulnId": "CVE-2016-6195", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2016-08-30T19:00:00+00:00"}, "gcve": {"object_uuid": "539ab405-a286-4a95-be82-153e67eba791", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2016-08-30T19:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2016-08-30T19:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows... | Affected: vBulletin / vBulletin | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2016-6195", "url": "https://www.cve.org/CVERecord?id=CVE-2016-6195"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2016-6195"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows...", "vendor": "vBulletin", "product": "vBulletin", "added_date": "2016-08-30T19:00:00.000Z", "cvss_score": 9.8, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "f6920af6-8647-4644-9e84-78be790ec3ef", "vulnerability": {"vulnId": "CVE-2015-8562", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2015-12-16T21:00:00+00:00"}, "gcve": {"object_uuid": "f6920af6-8647-4644-9e84-78be790ec3ef", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2015-12-16T21:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2015-12-16T21:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP... | Affected: Joomla! / Joomla! | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2015-8562", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8562"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-8562"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP...", "vendor": "Joomla!", "product": "Joomla!", "added_date": "2015-12-16T21:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "2a0d6c9b-8372-463f-8929-f7efad04a522", "vulnerability": {"vulnId": "CVE-2015-2945", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2015-05-25T17:00:00+00:00"}, "gcve": {"object_uuid": "2a0d6c9b-8372-463f-8929-f7efad04a522", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2015-05-25T17:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2015-05-25T17:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does not properly restrict URLs, which allows remote attackers to conduct PHP... | Affected: Hajime Fujimoto / mt-phpincgi | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2015-2945", "url": "https://www.cve.org/CVERecord?id=CVE-2015-2945"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-2945"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does not properly restrict URLs, which allows remote attackers to conduct PHP...", "vendor": "Hajime Fujimoto", "product": "mt-phpincgi", "added_date": "2015-05-25T17:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "1d376471-db4a-4e43-a340-422e9c57b923", "vulnerability": {"vulnId": "CVE-2015-1494", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2015-02-17T15:00:00+00:00"}, "gcve": {"object_uuid": "1d376471-db4a-4e43-a340-422e9c57b923", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2015-02-17T15:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2015-02-17T15:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The FancyBox for WordPress plugin before 3.0.3 for WordPress does not properly restrict access, which allows remote attackers to conduct cross-site... | Affected: WordPress / FancyBox for WordPress plugin | CVSS: 4.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2015-1494", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1494"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2015-1494"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The FancyBox for WordPress plugin before 3.0.3 for WordPress does not properly restrict access, which allows remote attackers to conduct cross-site...", "vendor": "WordPress", "product": "FancyBox for WordPress plugin", "added_date": "2015-02-17T15:00:00.000Z", "cvss_score": 4.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "c7954223-b27a-4b62-b672-43f91d483fd9", "vulnerability": {"vulnId": "CVE-2014-7235", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2014-10-07T14:00:00+00:00"}, "gcve": {"object_uuid": "c7954223-b27a-4b62-b672-43f91d483fd9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2014-10-07T14:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2014-10-07T14:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before... | Affected: FreePBX / ARI Framework module/Asterisk Recording Interface (ARI) | CVSS: 10.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2014-7235", "url": "https://www.cve.org/CVERecord?id=CVE-2014-7235"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-7235"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before...", "vendor": "FreePBX", "product": "ARI Framework module/Asterisk Recording Interface (ARI)", "added_date": "2014-10-07T14:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "90126152-4c63-4b7d-86fd-c8b80ad88860", "vulnerability": {"vulnId": "CVE-2014-6293", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2014-10-03T14:00:00+00:00"}, "gcve": {"object_uuid": "90126152-4c63-4b7d-86fd-c8b80ad88860", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2014-10-03T14:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2014-10-03T14:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands... | Affected: TYPO3 / ke_stats | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2014-6293", "url": "https://www.cve.org/CVERecord?id=CVE-2014-6293"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-6293"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands...", "vendor": "TYPO3", "product": "ke_stats", "added_date": "2014-10-03T14:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "0c9993f2-b390-45bd-b77b-04bac6de2717", "vulnerability": {"vulnId": "CVE-2014-1809", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2014-05-14T10:00:00+00:00"}, "gcve": {"object_uuid": "0c9993f2-b390-45bd-b77b-04bac6de2717", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2014-05-14T10:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2014-05-14T10:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1 makes it easier for remote attackers to... | Affected: Microsoft / Office | CVSS: 6.8 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2014-1809", "url": "https://www.cve.org/CVERecord?id=CVE-2014-1809"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-1809"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1 makes it easier for remote attackers to...", "vendor": "Microsoft", "product": "Office", "added_date": "2014-05-14T10:00:00.000Z", "cvss_score": 6.8, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "8542ca35-9f84-41e9-a410-7905442b89f6", "vulnerability": {"vulnId": "CVE-2014-1807", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2014-05-14T10:00:00+00:00"}, "gcve": {"object_uuid": "8542ca35-9f84-41e9-a410-7905442b89f6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2014-05-14T10:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2014-05-14T10:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The ShellExecute API in Windows Shell in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1,... | Affected: Microsoft / Windows | CVSS: 7.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2014-1807", "url": "https://www.cve.org/CVERecord?id=CVE-2014-1807"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-1807"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The ShellExecute API in Windows Shell in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1,...", "vendor": "Microsoft", "product": "Windows", "added_date": "2014-05-14T10:00:00.000Z", "cvss_score": 7.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "68f45a07-ad23-4e10-b56a-7fa31ae60447", "vulnerability": {"vulnId": "CVE-2014-0515", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2014-04-29T10:00:00+00:00"}, "gcve": {"object_uuid": "68f45a07-ad23-4e10-b56a-7fa31ae60447", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2014-04-29T10:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2014-04-29T10:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356... | Affected: Adobe / Flash Player | CVSS: 10.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2014-0515", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0515"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-0515"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2014-04-29T10:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "59d1fad4-3a15-4ec3-9b0d-ca615dd1bed2", "vulnerability": {"vulnId": "CVE-2014-0295", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2014-02-12T02:00:00+00:00"}, "gcve": {"object_uuid": "59d1fad4-3a15-4ec3-9b0d-ca615dd1bed2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2014-02-12T02:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2014-02-12T02:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not implement the ASLR protection mechanism, which makes it easier for remote... | Affected: Microsoft / .NET Framework | CVSS: 4.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2014-0295", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0295"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-0295"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not implement the ASLR protection mechanism, which makes it easier for remote...", "vendor": "Microsoft", "product": ".NET Framework", "added_date": "2014-02-12T02:00:00.000Z", "cvss_score": 4.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "72e84712-6302-4410-917e-e49b026c655e", "vulnerability": {"vulnId": "CVE-2014-0253", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2014-02-12T02:00:00+00:00"}, "gcve": {"object_uuid": "72e84712-6302-4410-917e-e49b026c655e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2014-02-12T02:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2014-02-12T02:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote... | Affected: Microsoft / .NET Framework | CVSS: 5.0 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2014-0253", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0253"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2014-0253"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote...", "vendor": "Microsoft", "product": ".NET Framework", "added_date": "2014-02-12T02:00:00.000Z", "cvss_score": 5.0, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "84b6065c-3c16-47f2-8506-9f5afb7374af", "vulnerability": {"vulnId": "CVE-2013-1904", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2014-02-08T00:00:00+00:00"}, "gcve": {"object_uuid": "84b6065c-3c16-47f2-8506-9f5afb7374af", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2014-02-08T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2014-02-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Absolute path traversal vulnerability in steps/mail/sendmail.inc in Roundcube Webmail before 0.7.3 and 0.8.x before 0.8.6 allows remote attackers... | Affected: Roundcube / Webmail | CVSS: 5.0 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2013-1904", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1904"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-1904"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Absolute path traversal vulnerability in steps/mail/sendmail.inc in Roundcube Webmail before 0.7.3 and 0.8.x before 0.8.6 allows remote attackers...", "vendor": "Roundcube", "product": "Webmail", "added_date": "2014-02-08T00:00:00.000Z", "cvss_score": 5.0, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "bd5a85f8-6a85-4619-a1c9-8c3d61a5e559", "vulnerability": {"vulnId": "CVE-2013-7246", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2014-01-30T18:00:00+00:00"}, "gcve": {"object_uuid": "bd5a85f8-6a85-4619-a1c9-8c3d61a5e559", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2014-01-30T18:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2014-01-30T18:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Buffer overflow in the IconCreate method in an ActiveX control in the DaumGame ActiveX plugin 1.1.0.4 and 1.1.0.5 allows remote attackers to... | Affected: Daum / DaumGame ActiveX plugin | CVSS: 9.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2013-7246", "url": "https://www.cve.org/CVERecord?id=CVE-2013-7246"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-7246"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Buffer overflow in the IconCreate method in an ActiveX control in the DaumGame ActiveX plugin 1.1.0.4 and 1.1.0.5 allows remote attackers to...", "vendor": "Daum", "product": "DaumGame ActiveX plugin", "added_date": "2014-01-30T18:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "ad364bb9-ccb4-417c-9465-abfe5ad76734", "vulnerability": {"vulnId": "CVE-2013-5211", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2014-01-02T11:00:00+00:00"}, "gcve": {"object_uuid": "ad364bb9-ccb4-417c-9465-abfe5ad76734", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2014-01-02T11:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2014-01-02T11:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification)... | Affected: NTP / NTP | CVSS: 5.0 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2013-5211", "url": "https://www.cve.org/CVERecord?id=CVE-2013-5211"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-5211"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification)...", "vendor": "NTP", "product": "NTP", "added_date": "2014-01-02T11:00:00.000Z", "cvss_score": 5.0, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "42662210-c05f-4cdf-9929-005e491a19c1", "vulnerability": {"vulnId": "CVE-2013-7102", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2013-12-23T23:00:00+00:00"}, "gcve": {"object_uuid": "42662210-c05f-4cdf-9929-005e491a19c1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2013-12-23T23:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2013-12-23T23:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Multiple unrestricted file upload vulnerabilities in (1) media-upload.php, (2) media-upload-lncthumb.php, and (3) media-upload-sq_button.php in... | Affected: OptimizePress / OptimizePress theme for WordPress | CVSS: 6.8 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2013-7102", "url": "https://www.cve.org/CVERecord?id=CVE-2013-7102"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-7102"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Multiple unrestricted file upload vulnerabilities in (1) media-upload.php, (2) media-upload-lncthumb.php, and (3) media-upload-sq_button.php in...", "vendor": "OptimizePress", "product": "OptimizePress theme for WordPress", "added_date": "2013-12-23T23:00:00.000Z", "cvss_score": 6.8, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "9100647f-42fe-4d01-bc93-285126cb11e4", "vulnerability": {"vulnId": "CVE-2013-5331", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2013-12-11T15:00:00+00:00"}, "gcve": {"object_uuid": "9100647f-42fe-4d01-bc93-285126cb11e4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2013-12-11T15:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2013-12-11T15:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe... | Affected: Adobe / Flash Player | CVSS: 9.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2013-5331", "url": "https://www.cve.org/CVERecord?id=CVE-2013-5331"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-5331"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2013-12-11T15:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "12721f35-ae53-4f3a-a7a8-685705fce51c", "vulnerability": {"vulnId": "CVE-2013-5057", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2013-12-11T00:00:00+00:00"}, "gcve": {"object_uuid": "12721f35-ae53-4f3a-a7a8-685705fce51c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2013-12-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2013-12-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not implement the ASLR protection mechanism, which makes it easier for remote... | Affected: Microsoft / Office | CVSS: 4.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2013-5057", "url": "https://www.cve.org/CVERecord?id=CVE-2013-5057"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-5057"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not implement the ASLR protection mechanism, which makes it easier for remote...", "vendor": "Microsoft", "product": "Office", "added_date": "2013-12-11T00:00:00.000Z", "cvss_score": 4.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "020060ac-921a-4f21-afe0-857c676d19d6", "vulnerability": {"vulnId": "CVE-2013-5054", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2013-12-11T00:00:00+00:00"}, "gcve": {"object_uuid": "020060ac-921a-4f21-afe0-857c676d19d6", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2013-12-11T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2013-12-11T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Office 2013 and 2013 RT allows remote attackers to discover authentication tokens via a crafted response to a file-open request for an... | Affected: Microsoft / Office 2013 | CVSS: 4.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2013-5054", "url": "https://www.cve.org/CVERecord?id=CVE-2013-5054"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-5054"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Office 2013 and 2013 RT allows remote attackers to discover authentication tokens via a crafted response to a file-open request for an...", "vendor": "Microsoft", "product": "Office 2013", "added_date": "2013-12-11T00:00:00.000Z", "cvss_score": 4.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "54fb1328-0b1b-48ff-94de-73e67decb86e", "vulnerability": {"vulnId": "CVE-2013-3918", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2013-11-12T01:00:00+00:00"}, "gcve": {"object_uuid": "54fb1328-0b1b-48ff-94de-73e67decb86e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2013-11-12T01:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2013-11-12T01:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista... | Affected: Microsoft / Windows | CVSS: 8.8 (HIGH) | EPSS: 0.73872 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2013-3918", "url": "https://www.cve.org/CVERecord?id=CVE-2013-3918"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-3918"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista...", "vendor": "Microsoft", "product": "Windows", "added_date": "2013-11-12T01:00:00.000Z", "cvss_score": 8.8, "epss_score": 0.73872, "cvss_severity": "HIGH", "epss_percentile": 0.99412, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 4585}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "8f190980-aa33-4dbd-904a-3068362b6229", "vulnerability": {"vulnId": "CVE-2011-4106", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2013-10-26T16:00:00+00:00"}, "gcve": {"object_uuid": "8f190980-aa33-4dbd-904a-3068362b6229", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2013-10-26T16:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2013-10-26T16:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: TimThumb (timthumb.php) before 2.0 does not validate the entire source with the domain white list, which allows remote attackers to upload and... | Affected: TimThumb / timthumb.php | CVSS: 6.8 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2011-4106", "url": "https://www.cve.org/CVERecord?id=CVE-2011-4106"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2011-4106"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "TimThumb (timthumb.php) before 2.0 does not validate the entire source with the domain white list, which allows remote attackers to upload and...", "vendor": "TimThumb", "product": "timthumb.php", "added_date": "2013-10-26T16:00:00.000Z", "cvss_score": 6.8, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "87fa5e1a-7792-4110-a465-a4d971116b3e", "vulnerability": {"vulnId": "CVE-2013-6026", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2013-10-19T10:00:00+00:00"}, "gcve": {"object_uuid": "87fa5e1a-7792-4110-a465-a4d971116b3e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2013-10-19T10:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2013-10-19T10:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and... | Affected: [\"D-Link\", \"Planex\", \"Alpha Networks\"] / [\"DIR-100\", \"DIR-120\", \"DI-624S\", \"DI-524UP\", \"DI-604S\", \"DI-604UP\", \"DI-604+\", \"TM-G5240\", \"BRL-04R\", \"BRL-04UR\", \"BRL-04CW\"] | CVSS: 10.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2013-6026", "url": "https://www.cve.org/CVERecord?id=CVE-2013-6026"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-6026"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and...", "vendor": "[\"D-Link\", \"Planex\", \"Alpha Networks\"]", "product": "[\"DIR-100\", \"DIR-120\", \"DI-624S\", \"DI-524UP\", \"DI-604S\", \"DI-604UP\", \"DI-604+\", \"TM-G5240\", \"BRL-04R\", \"BRL-04UR\", \"BRL-04CW\"]", "added_date": "2013-10-19T10:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "be93d10e-19e1-411f-b26e-af18e0b96125", "vulnerability": {"vulnId": "CVE-2013-6129", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2013-10-19T10:00:00+00:00"}, "gcve": {"object_uuid": "be93d10e-19e1-411f-b26e-af18e0b96125", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2013-10-19T10:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2013-10-19T10:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid,... | Affected: vBulletin / vBulletin | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2013-6129", "url": "https://www.cve.org/CVERecord?id=CVE-2013-6129"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-6129"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid,...", "vendor": "vBulletin", "product": "vBulletin", "added_date": "2013-10-19T10:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "eb1008e3-054a-4d25-a0d9-98c035211bd1", "vulnerability": {"vulnId": "CVE-2013-5576", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2013-10-09T14:44:00+00:00"}, "gcve": {"object_uuid": "eb1008e3-054a-4d25-a0d9-98c035211bd1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2013-10-09T14:44:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2013-10-09T14:44:00+00:00"}, "scope": {"notes": "KEVIntel entry: administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote... | Affected: Joomla! / Joomla! | CVSS: 6.8 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2013-5576", "url": "https://www.cve.org/CVERecord?id=CVE-2013-5576"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-5576"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote...", "vendor": "Joomla!", "product": "Joomla!", "added_date": "2013-10-09T14:44:00.000Z", "cvss_score": 6.8, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a624e98a-f057-456b-9bbe-4f176edab99f", "vulnerability": {"vulnId": "CVE-2013-4854", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2013-07-26T23:00:00+00:00"}, "gcve": {"object_uuid": "a624e98a-f057-456b-9bbe-4f176edab99f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2013-07-26T23:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2013-07-26T23:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND... | Affected: ISC / BIND | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2013-4854", "url": "https://www.cve.org/CVERecord?id=CVE-2013-4854"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-4854"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND...", "vendor": "ISC", "product": "BIND", "added_date": "2013-07-26T23:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "de7895c1-fae2-4d10-a563-9c50ebac5c3a", "vulnerability": {"vulnId": "CVE-2013-1493", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2013-03-04T16:00:00+00:00"}, "gcve": {"object_uuid": "de7895c1-fae2-4d10-a563-9c50ebac5c3a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2013-03-04T16:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2013-03-04T16:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40... | Affected: Oracle / Java SE | CVSS: 10.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2013-1493", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1493"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-1493"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40...", "vendor": "Oracle", "product": "Java SE", "added_date": "2013-03-04T16:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "922c9304-4ebf-407f-9f2d-79c21b74feff", "vulnerability": {"vulnId": "CVE-2013-0634", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2013-02-08T11:00:00+00:00"}, "gcve": {"object_uuid": "922c9304-4ebf-407f-9f2d-79c21b74feff", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2013-02-08T11:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2013-02-08T11:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on... | Affected: Adobe / Flash Player | CVSS: 9.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2013-0634", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0634"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-0634"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2013-02-08T11:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "d83ebcbb-2b0e-4089-84ad-4f79e1f1b2bd", "vulnerability": {"vulnId": "CVE-2013-0633", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2013-02-08T11:00:00+00:00"}, "gcve": {"object_uuid": "d83ebcbb-2b0e-4089-84ad-4f79e1f1b2bd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2013-02-08T11:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2013-02-08T11:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before... | Affected: Adobe / Flash Player | CVSS: 9.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2013-0633", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0633"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2013-0633"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2013-02-08T11:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "cd4d5bb6-f29d-471e-b09d-0d6b9029077a", "vulnerability": {"vulnId": "CVE-2012-6498", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2013-01-08T15:00:00+00:00"}, "gcve": {"object_uuid": "cd4d5bb6-f29d-471e-b09d-0d6b9029077a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2013-01-08T15:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2013-01-08T15:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unrestricted file upload vulnerability in index.php in Atomymaxsite 2.5 and earlier allows remote attackers to execute arbitrary code by uploading... | Affected: Atomymaxsite / Atomymaxsite | CVSS: 6.8 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2012-6498", "url": "https://www.cve.org/CVERecord?id=CVE-2012-6498"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2012-6498"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unrestricted file upload vulnerability in index.php in Atomymaxsite 2.5 and earlier allows remote attackers to execute arbitrary code by uploading...", "vendor": "Atomymaxsite", "product": "Atomymaxsite", "added_date": "2013-01-08T15:00:00.000Z", "cvss_score": 6.8, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "3eb56684-e3d9-41a1-b7ed-4144e7d99eba", "vulnerability": {"vulnId": "CVE-2012-6467", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2013-01-02T11:00:00+00:00"}, "gcve": {"object_uuid": "3eb56684-e3d9-41a1-b7ed-4144e7d99eba", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2013-01-02T11:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2013-01-02T11:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Opera before 12.10 follows Internet shortcuts that are referenced by a (1) IMG element or (2) other inline element, which makes it easier for... | Affected: Opera / Opera Browser | CVSS: 4.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2012-6467", "url": "https://www.cve.org/CVERecord?id=CVE-2012-6467"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2012-6467"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Opera before 12.10 follows Internet shortcuts that are referenced by a (1) IMG element or (2) other inline element, which makes it easier for...", "vendor": "Opera", "product": "Opera Browser", "added_date": "2013-01-02T11:00:00.000Z", "cvss_score": 4.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "388e2e2c-9d11-4017-bef7-f78945ef78ff", "vulnerability": {"vulnId": "CVE-2011-5148", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2012-08-31T21:00:00+00:00"}, "gcve": {"object_uuid": "388e2e2c-9d11-4017-bef7-f78945ef78ff", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2012-08-31T21:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2012-08-31T21:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote... | Affected: Joomla! / Simple File Upload | CVSS: 6.8 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2011-5148", "url": "https://www.cve.org/CVERecord?id=CVE-2011-5148"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2011-5148"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote...", "vendor": "Joomla!", "product": "Simple File Upload", "added_date": "2012-08-31T21:00:00.000Z", "cvss_score": 6.8, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "982ae5c2-fc4c-4978-b4d7-e9890cd45d5e", "vulnerability": {"vulnId": "CVE-2012-1854", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2012-07-10T21:00:00+00:00"}, "gcve": {"object_uuid": "982ae5c2-fc4c-4978-b4d7-e9890cd45d5e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2012-07-10T21:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2012-07-10T21:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for... | Affected: Microsoft / Office | CVSS: 7.8 (HIGH) | EPSS: 0.21028 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2012-1854", "url": "https://www.cve.org/CVERecord?id=CVE-2012-1854"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2012-1854"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for...", "vendor": "Microsoft", "product": "Office", "added_date": "2012-07-10T21:00:00.000Z", "cvss_score": 7.8, "epss_score": 0.21028, "cvss_severity": "HIGH", "epss_percentile": 0.97251, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 5075}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "e5beb7c7-6685-4083-be38-5536f54812a7", "vulnerability": {"vulnId": "CVE-2012-2376", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2012-05-21T15:00:00+00:00"}, "gcve": {"object_uuid": "e5beb7c7-6685-4083-be38-5536f54812a7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2012-05-21T15:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2012-05-21T15:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via... | Affected: PHP / PHP | CVSS: 10.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2012-2376", "url": "https://www.cve.org/CVERecord?id=CVE-2012-2376"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2012-2376"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via...", "vendor": "PHP", "product": "PHP", "added_date": "2012-05-21T15:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "c91c9d9e-d0fc-4d41-bc0f-245b12b79a77", "vulnerability": {"vulnId": "CVE-2012-0779", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2012-05-04T19:00:00+00:00"}, "gcve": {"object_uuid": "c91c9d9e-d0fc-4d41-bc0f-245b12b79a77", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2012-05-04T19:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2012-05-04T19:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux; before 11.1.111.9 on Android 2.x and 3.x; and... | Affected: Adobe / Flash Player | CVSS: 9.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2012-0779", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0779"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2012-0779"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux; before 11.1.111.9 on Android 2.x and 3.x; and...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2012-05-04T19:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "585974ef-089d-4836-bf22-b7d4f540655a", "vulnerability": {"vulnId": "CVE-2012-1795", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2012-03-20T18:00:00+00:00"}, "gcve": {"object_uuid": "585974ef-089d-4836-bf22-b7d4f540655a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2012-03-20T18:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2012-03-20T18:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: webglimpse.cgi in Webglimpse before 2.20.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter,... | Affected: Webglimpse / Webglimpse | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2012-1795", "url": "https://www.cve.org/CVERecord?id=CVE-2012-1795"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2012-1795"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "webglimpse.cgi in Webglimpse before 2.20.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter,...", "vendor": "Webglimpse", "product": "Webglimpse", "added_date": "2012-03-20T18:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "e82fe0a2-3618-42dd-b45b-cf8bc35c2054", "vulnerability": {"vulnId": "CVE-2012-1557", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2012-03-12T19:00:00+00:00"}, "gcve": {"object_uuid": "e82fe0a2-3618-42dd-b45b-cf8bc35c2054", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2012-03-12T19:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2012-03-12T19:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x... | Affected: Parallels / Plesk Panel | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2012-1557", "url": "https://www.cve.org/CVERecord?id=CVE-2012-1557"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2012-1557"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x...", "vendor": "Parallels", "product": "Plesk Panel", "added_date": "2012-03-12T19:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "bf67b023-5861-46f2-a8dd-27b33de499f4", "vulnerability": {"vulnId": "CVE-2012-1071", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2012-02-14T17:00:00+00:00"}, "gcve": {"object_uuid": "bf67b023-5861-46f2-a8dd-27b33de499f4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2012-02-14T17:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2012-02-14T17:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SQL injection vulnerability in the Kitchen recipe (mv_cooking) extension before 0.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL... | Affected: TYPO3 / mv_cooking extension | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2012-1071", "url": "https://www.cve.org/CVERecord?id=CVE-2012-1071"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2012-1071"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SQL injection vulnerability in the Kitchen recipe (mv_cooking) extension before 0.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL...", "vendor": "TYPO3", "product": "mv_cooking extension", "added_date": "2012-02-14T17:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "0073a0ff-e970-44db-ba92-634af21e1336", "vulnerability": {"vulnId": "CVE-2011-4862", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2011-12-25T01:00:00+00:00"}, "gcve": {"object_uuid": "0073a0ff-e970-44db-ba92-634af21e1336", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2011-12-25T01:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2011-12-25T01:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and... | Affected: FreeBSD / FreeBSD | CVSS: 10.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2011-4862", "url": "https://www.cve.org/CVERecord?id=CVE-2011-4862"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2011-4862"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and...", "vendor": "FreeBSD", "product": "FreeBSD", "added_date": "2011-12-25T01:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "80b7b72a-097f-46b0-92f1-c7ae01ac54a2", "vulnerability": {"vulnId": "CVE-2011-4369", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2011-12-16T19:00:00+00:00"}, "gcve": {"object_uuid": "80b7b72a-097f-46b0-92f1-c7ae01ac54a2", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2011-12-16T19:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2011-12-16T19:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6... | Affected: Adobe / Reader and Acrobat | CVSS: 10.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2011-4369", "url": "https://www.cve.org/CVERecord?id=CVE-2011-4369"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2011-4369"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6...", "vendor": "Adobe", "product": "Reader and Acrobat", "added_date": "2011-12-16T19:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "d8e56fff-34f2-4e50-b085-461998fd0914", "vulnerability": {"vulnId": "CVE-2011-3402", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2011-11-04T21:00:00+00:00"}, "gcve": {"object_uuid": "d8e56fff-34f2-4e50-b085-461998fd0914", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2011-11-04T21:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2011-11-04T21:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows... | Affected: Microsoft / Windows | CVSS: 8.8 (HIGH) | EPSS: 0.78285 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2011-3402", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3402"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2011-3402"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows...", "vendor": "Microsoft", "product": "Windows", "added_date": "2011-11-04T21:00:00.000Z", "cvss_score": 8.8, "epss_score": 0.78285, "cvss_severity": "HIGH", "epss_percentile": 0.99524, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 5324}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "222d9c5d-3c06-4c1b-a287-8f20aa1bfacd", "vulnerability": {"vulnId": "CVE-2011-4075", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2011-11-02T17:00:00+00:00"}, "gcve": {"object_uuid": "222d9c5d-3c06-4c1b-a287-8f20aa1bfacd", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2011-11-02T17:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2011-11-02T17:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby... | Affected: phpLDAPadmin / phpLDAPadmin | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2011-4075", "url": "https://www.cve.org/CVERecord?id=CVE-2011-4075"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2011-4075"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby...", "vendor": "phpLDAPadmin", "product": "phpLDAPadmin", "added_date": "2011-11-02T17:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "7709dff6-e941-4060-b068-edcab7dd02ce", "vulnerability": {"vulnId": "CVE-2011-2444", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2011-09-22T01:00:00+00:00"}, "gcve": {"object_uuid": "7709dff6-e941-4060-b068-edcab7dd02ce", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2011-09-22T01:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2011-09-22T01:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7... | Affected: Adobe / Flash Player | CVSS: 4.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2011-2444", "url": "https://www.cve.org/CVERecord?id=CVE-2011-2444"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2011-2444"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2011-09-22T01:00:00.000Z", "cvss_score": 4.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "e36f44e0-c6c6-4a9d-b106-e77fff3c6258", "vulnerability": {"vulnId": "CVE-2011-1968", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2011-08-10T21:16:00+00:00"}, "gcve": {"object_uuid": "e36f44e0-c6c6-4a9d-b106-e77fff3c6258", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2011-08-10T21:16:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2011-08-10T21:16:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets... | Affected: Microsoft / Windows | CVSS: 7.1 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2011-1968", "url": "https://www.cve.org/CVERecord?id=CVE-2011-1968"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2011-1968"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets...", "vendor": "Microsoft", "product": "Windows", "added_date": "2011-08-10T21:16:00.000Z", "cvss_score": 7.1, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "5d0175b8-0fba-47a6-9a5b-438d817d0832", "vulnerability": {"vulnId": "CVE-2011-2900", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2011-08-05T21:00:00+00:00"}, "gcve": {"object_uuid": "5d0175b8-0fba-47a6-9a5b-438d817d0832", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2011-08-05T21:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2011-08-05T21:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Stack-based buffer overflow in the (1) put_dir function in mongoose.c in Mongoose 3.0, (2) put_dir function in yasslEWS.c in yaSSL Embedded Web... | Affected: Mongoose / Mongoose | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2011-2900", "url": "https://www.cve.org/CVERecord?id=CVE-2011-2900"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2011-2900"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Stack-based buffer overflow in the (1) put_dir function in mongoose.c in Mongoose 3.0, (2) put_dir function in yasslEWS.c in yaSSL Embedded Web...", "vendor": "Mongoose", "product": "Mongoose", "added_date": "2011-08-05T21:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "c3d8a291-b727-4c84-9dd3-ded53c882f9c", "vulnerability": {"vulnId": "CVE-2011-0226", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2011-07-19T22:00:00+00:00"}, "gcve": {"object_uuid": "c3d8a291-b727-4c84-9dd3-ded53c882f9c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2011-07-19T22:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2011-07-19T22:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and... | Affected: Apple / iOS | CVSS: 9.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2011-0226", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0226"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2011-0226"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and...", "vendor": "Apple", "product": "iOS", "added_date": "2011-07-19T22:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "1410a3fd-99c8-413b-a994-dcc08529e0ca", "vulnerability": {"vulnId": "CVE-2011-1331", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2011-07-18T22:00:00+00:00"}, "gcve": {"object_uuid": "1410a3fd-99c8-413b-a994-dcc08529e0ca", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2011-07-18T22:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2011-07-18T22:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: JustSystems Ichitaro 2005 through 2011, Ichitaro Government 6, Ichitaro Government 2006 through 2010, Ichitaro Portable, Ichitaro Pro, and Ichitaro... | Affected: JustSystems / Ichitaro | CVSS: 9.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2011-1331", "url": "https://www.cve.org/CVERecord?id=CVE-2011-1331"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2011-1331"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "JustSystems Ichitaro 2005 through 2011, Ichitaro Government 6, Ichitaro Government 2006 through 2010, Ichitaro Portable, Ichitaro Pro, and Ichitaro...", "vendor": "JustSystems", "product": "Ichitaro", "added_date": "2011-07-18T22:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "41301474-48d1-4953-8b02-4773e30d70e3", "vulnerability": {"vulnId": "CVE-2011-2110", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2011-06-16T23:00:00+00:00"}, "gcve": {"object_uuid": "41301474-48d1-4953-8b02-4773e30d70e3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2011-06-16T23:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2011-06-16T23:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android, allows remote attackers to... | Affected: Adobe / Flash Player | CVSS: 10.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2011-2110", "url": "https://www.cve.org/CVERecord?id=CVE-2011-2110"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2011-2110"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android, allows remote attackers to...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2011-06-16T23:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "a5d19a9d-ff20-4e62-ac2f-525b1c474b65", "vulnerability": {"vulnId": "CVE-2009-5076", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2011-06-08T10:00:00+00:00"}, "gcve": {"object_uuid": "a5d19a9d-ff20-4e62-ac2f-525b1c474b65", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2011-06-08T10:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2011-06-08T10:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: CRE Loaded before 6.2.14, and possibly other versions before 6.3.x, allows remote attackers to bypass authentication and gain administrator... | Affected: CRE Loaded / CRE Loaded | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2009-5076", "url": "https://www.cve.org/CVERecord?id=CVE-2009-5076"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2009-5076"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "CRE Loaded before 6.2.14, and possibly other versions before 6.3.x, allows remote attackers to bypass authentication and gain administrator...", "vendor": "CRE Loaded", "product": "CRE Loaded", "added_date": "2011-06-08T10:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "fe4e665f-7298-4d9b-a7e7-af3767576a1f", "vulnerability": {"vulnId": "CVE-2011-1950", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2011-06-06T19:00:00+00:00"}, "gcve": {"object_uuid": "fe4e665f-7298-4d9b-a7e7-af3767576a1f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2011-06-06T19:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2011-06-06T19:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as... | Affected: Plone / Plone | CVSS: 5.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2011-1950", "url": "https://www.cve.org/CVERecord?id=CVE-2011-1950"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2011-1950"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as...", "vendor": "Plone", "product": "Plone", "added_date": "2011-06-06T19:00:00.000Z", "cvss_score": 5.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "9916ceab-b780-4083-a34b-c286c4ef2bc8", "vulnerability": {"vulnId": "CVE-2011-1752", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2011-06-06T19:00:00+00:00"}, "gcve": {"object_uuid": "9916ceab-b780-4083-a34b-c286c4ef2bc8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2011-06-06T19:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2011-06-06T19:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of... | Affected: Apache / Subversion | CVSS: 5.0 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2011-1752", "url": "https://www.cve.org/CVERecord?id=CVE-2011-1752"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2011-1752"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of...", "vendor": "Apache", "product": "Subversion", "added_date": "2011-06-06T19:00:00.000Z", "cvss_score": 5.0, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "1dee0279-9585-4e9e-89b1-d3c6c091bad3", "vulnerability": {"vulnId": "CVE-2011-0627", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2011-05-13T22:00:00+00:00"}, "gcve": {"object_uuid": "1dee0279-9585-4e9e-89b1-d3c6c091bad3", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2011-05-13T22:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2011-05-13T22:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute... | Affected: Adobe / Flash Player | CVSS: 9.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2011-0627", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0627"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2011-0627"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2011-05-13T22:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "2cafb3e4-bd2d-4bb4-9ca7-70a48e294aba", "vulnerability": {"vulnId": "CVE-2011-1722", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2011-04-19T19:00:00+00:00"}, "gcve": {"object_uuid": "2cafb3e4-bd2d-4bb4-9ca7-70a48e294aba", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2011-04-19T19:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2011-04-19T19:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Multiple SQL injection vulnerabilities in WEC Discussion Forum (wec_discussion) extension 2.1.0 and earlier for TYPO3 allow remote attackers to... | Affected: TYPO3 / WEC Discussion Forum | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2011-1722", "url": "https://www.cve.org/CVERecord?id=CVE-2011-1722"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2011-1722"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Multiple SQL injection vulnerabilities in WEC Discussion Forum (wec_discussion) extension 2.1.0 and earlier for TYPO3 allow remote attackers to...", "vendor": "TYPO3", "product": "WEC Discussion Forum", "added_date": "2011-04-19T19:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "ac80e2a0-b1d6-4866-a3a0-f4b15492b7a7", "vulnerability": {"vulnId": "CVE-2010-4270", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2010-11-16T23:00:00+00:00"}, "gcve": {"object_uuid": "ac80e2a0-b1d6-4866-a3a0-f4b15492b7a7", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2010-11-16T23:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2010-11-16T23:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for... | Affected: nBill / nBill | CVSS: 5.0 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2010-4270", "url": "https://www.cve.org/CVERecord?id=CVE-2010-4270"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2010-4270"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for...", "vendor": "nBill", "product": "nBill", "added_date": "2010-11-16T23:00:00.000Z", "cvss_score": 5.0, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "529a7880-c402-4d96-a5fc-e013a49f2153", "vulnerability": {"vulnId": "CVE-2010-3962", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2010-11-05T16:28:00+00:00"}, "gcve": {"object_uuid": "529a7880-c402-4d96-a5fc-e013a49f2153", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2010-11-05T16:28:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2010-11-05T16:28:00+00:00"}, "scope": {"notes": "KEVIntel entry: Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to... | Affected: Microsoft / Internet Explorer | CVSS: 8.1 (HIGH) | EPSS: 0.96889 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2010-3962", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3962"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2010-3962"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to...", "vendor": "Microsoft", "product": "Internet Explorer", "added_date": "2010-11-05T16:28:00.000Z", "cvss_score": 8.1, "epss_score": 0.96889, "cvss_severity": "HIGH", "epss_percentile": 0.99881, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 5688}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "1db0d3c7-c678-435f-af5b-a803e8a8f469", "vulnerability": {"vulnId": "CVE-2010-3654", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2010-10-29T18:00:00+00:00"}, "gcve": {"object_uuid": "1db0d3c7-c678-435f-af5b-a803e8a8f469", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2010-10-29T18:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2010-10-29T18:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll... | Affected: Adobe / Flash Player | CVSS: 9.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2010-3654", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3654"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2010-3654"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2010-10-29T18:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "f6090a94-4ee6-4ecc-8073-6ab1657ed232", "vulnerability": {"vulnId": "CVE-2010-3765", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2010-10-27T22:00:00+00:00"}, "gcve": {"object_uuid": "f6090a94-4ee6-4ecc-8073-6ab1657ed232", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2010-10-27T22:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2010-10-27T22:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before... | Affected: Mozilla / Firefox, Thunderbird, SeaMonkey | CVSS: 9.8 (CRITICAL) | EPSS: 0.83279 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2010-3765", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3765"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2010-3765"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before...", "vendor": "Mozilla", "product": "Firefox, Thunderbird, SeaMonkey", "added_date": "2010-10-27T22:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.83279, "cvss_severity": "CRITICAL", "epss_percentile": 0.9964, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 5697}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b1d48dd8-5132-4ada-96d4-e7196d6a4876", "vulnerability": {"vulnId": "CVE-2010-3653", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2010-10-26T17:00:00+00:00"}, "gcve": {"object_uuid": "b1d48dd8-5132-4ada-96d4-e7196d6a4876", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2010-10-26T17:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2010-10-26T17:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of... | Affected: Adobe / Shockwave Player | CVSS: 9.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2010-3653", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3653"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2010-3653"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of...", "vendor": "Adobe", "product": "Shockwave Player", "added_date": "2010-10-26T17:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "4e4fe3ca-d949-4298-8145-1a97fae54021", "vulnerability": {"vulnId": "CVE-2010-3889", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2010-10-08T21:00:00+00:00"}, "gcve": {"object_uuid": "4e4fe3ca-d949-4298-8145-1a97fae54021", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2010-10-08T21:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2010-10-08T21:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the... | Affected: Microsoft / Windows | CVSS: 7.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2010-3889", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3889"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2010-3889"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the...", "vendor": "Microsoft", "product": "Windows", "added_date": "2010-10-08T21:00:00.000Z", "cvss_score": 7.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "9462f7fa-6ff8-4bc0-9759-2278c8b246bc", "vulnerability": {"vulnId": "CVE-2010-3888", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2010-10-08T21:00:00+00:00"}, "gcve": {"object_uuid": "9462f7fa-6ff8-4bc0-9759-2278c8b246bc", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2010-10-08T21:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2010-10-08T21:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the... | Affected: Microsoft / Windows | CVSS: 7.2 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2010-3888", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3888"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2010-3888"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the...", "vendor": "Microsoft", "product": "Windows", "added_date": "2010-10-08T21:00:00.000Z", "cvss_score": 7.2, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "597da602-70c7-439f-a157-2e3378f7393b", "vulnerability": {"vulnId": "CVE-2010-3081", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2010-09-24T19:00:00+00:00"}, "gcve": {"object_uuid": "597da602-70c7-439f-a157-2e3378f7393b", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2010-09-24T19:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2010-09-24T19:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly... | Affected: Linux / Linux Kernel | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2010-3081", "url": "https://www.cve.org/CVERecord?id=CVE-2010-3081"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2010-3081"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly...", "vendor": "Linux", "product": "Linux Kernel", "added_date": "2010-09-24T19:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "9451268b-c545-404d-b5bd-223667ce415c", "vulnerability": {"vulnId": "CVE-2010-2729", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2010-09-15T18:00:00+00:00"}, "gcve": {"object_uuid": "9451268b-c545-404d-b5bd-223667ce415c", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2010-09-15T18:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2010-09-15T18:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2,... | Affected: Microsoft / Windows | CVSS: 9.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2010-2729", "url": "https://www.cve.org/CVERecord?id=CVE-2010-2729"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2010-2729"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2,...", "vendor": "Microsoft", "product": "Windows", "added_date": "2010-09-15T18:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "d79c0982-7676-4d35-9e7f-2d05e17de689", "vulnerability": {"vulnId": "CVE-2010-2884", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2010-09-15T17:26:00+00:00"}, "gcve": {"object_uuid": "d79c0982-7676-4d35-9e7f-2d05e17de689", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2010-09-15T17:26:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2010-09-15T17:26:00+00:00"}, "scope": {"notes": "KEVIntel entry: Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and... | Affected: Adobe / Flash Player, Reader, Acrobat | CVSS: 9.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2010-2884", "url": "https://www.cve.org/CVERecord?id=CVE-2010-2884"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2010-2884"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and...", "vendor": "Adobe", "product": "Flash Player, Reader, Acrobat", "added_date": "2010-09-15T17:26:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "bebb67ba-57b0-4002-b0d5-f1b741555c8e", "vulnerability": {"vulnId": "CVE-2010-1165", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2010-04-20T15:00:00+00:00"}, "gcve": {"object_uuid": "bebb67ba-57b0-4002-b0d5-f1b741555c8e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2010-04-20T15:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2010-04-20T15:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka... | Affected: Atlassian / JIRA | CVSS: 9.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2010-1165", "url": "https://www.cve.org/CVERecord?id=CVE-2010-1165"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2010-1165"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka...", "vendor": "Atlassian", "product": "JIRA", "added_date": "2010-04-20T15:00:00.000Z", "cvss_score": 9.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "3792ec71-fc07-4b41-bf2b-1e44c674deae", "vulnerability": {"vulnId": "CVE-2010-1164", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2010-04-20T15:00:00+00:00"}, "gcve": {"object_uuid": "3792ec71-fc07-4b41-bf2b-1e44c674deae", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2010-04-20T15:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2010-04-20T15:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA 3.12 through 4.1 allow remote attackers to inject arbitrary web script or... | Affected: Atlassian / JIRA | CVSS: 4.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2010-1164", "url": "https://www.cve.org/CVERecord?id=CVE-2010-1164"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2010-1164"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA 3.12 through 4.1 allow remote attackers to inject arbitrary web script or...", "vendor": "Atlassian", "product": "JIRA", "added_date": "2010-04-20T15:00:00.000Z", "cvss_score": 4.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "b76e17b1-dd0e-472e-a23f-5484fd7e9494", "vulnerability": {"vulnId": "CVE-2010-0806", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2010-03-10T22:00:00+00:00"}, "gcve": {"object_uuid": "b76e17b1-dd0e-472e-a23f-5484fd7e9494", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2010-03-10T22:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2010-03-10T22:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers... | Affected: Microsoft / Internet Explorer | CVSS: 8.8 (HIGH) | EPSS: 0.82045 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2010-0806", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0806"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2010-0806"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers...", "vendor": "Microsoft", "product": "Internet Explorer", "added_date": "2010-03-10T22:00:00.000Z", "cvss_score": 8.8, "epss_score": 0.82045, "cvss_severity": "HIGH", "epss_percentile": 0.9961, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 5928}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "b83e9bc6-9a06-47b2-9d46-18ccbc03747d", "vulnerability": {"vulnId": "CVE-2010-0249", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2010-01-15T17:00:00+00:00"}, "gcve": {"object_uuid": "b83e9bc6-9a06-47b2-9d46-18ccbc03747d", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2010-01-15T17:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2010-01-15T17:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003... | Affected: Microsoft / Internet Explorer | CVSS: 8.8 (HIGH) | EPSS: 0.91885 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2010-0249", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0249"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2010-0249"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003...", "vendor": "Microsoft", "product": "Internet Explorer", "added_date": "2010-01-15T17:00:00.000Z", "cvss_score": 8.8, "epss_score": 0.91885, "cvss_severity": "HIGH", "epss_percentile": 0.99804, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 5982}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "462f3f08-3c7c-4cca-a4d3-ba1e8f1ad704", "vulnerability": {"vulnId": "CVE-2009-3459", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2009-10-13T10:00:00+00:00"}, "gcve": {"object_uuid": "462f3f08-3c7c-4cca-a4d3-ba1e8f1ad704", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2009-10-13T10:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2009-10-13T10:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute... | Affected: Adobe / Reader and Acrobat | CVSS: 8.8 (HIGH) | EPSS: 0.86468 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2009-3459", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3459"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2009-3459"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute...", "vendor": "Adobe", "product": "Reader and Acrobat", "added_date": "2009-10-13T10:00:00.000Z", "cvss_score": 8.8, "epss_score": 0.86468, "cvss_severity": "HIGH", "epss_percentile": 0.99711, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 6076}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "1f620fb5-5aa4-4df3-830e-c21a06c019e4", "vulnerability": {"vulnId": "CVE-2008-7168", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2009-09-08T10:00:00+00:00"}, "gcve": {"object_uuid": "1f620fb5-5aa4-4df3-830e-c21a06c019e4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2009-09-08T10:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2009-09-08T10:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Insecure method vulnerability in the UUSee UUUpgrade ActiveX control (UUUpgrade.ocx 3.0.2.12) allows remote attackers to force the download and... | Affected: UUSee / UUUpgrade ActiveX control | CVSS: 9.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2008-7168", "url": "https://www.cve.org/CVERecord?id=CVE-2008-7168"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2008-7168"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Insecure method vulnerability in the UUSee UUUpgrade ActiveX control (UUUpgrade.ocx 3.0.2.12) allows remote attackers to force the download and...", "vendor": "UUSee", "product": "UUUpgrade ActiveX control", "added_date": "2009-09-08T10:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "af810362-d85f-4363-abbc-d373576472a8", "vulnerability": {"vulnId": "CVE-2009-3041", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2009-09-01T18:04:00+00:00"}, "gcve": {"object_uuid": "af810362-d85f-4363-abbc-d373576472a8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2009-09-01T18:04:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2009-09-01T18:04:00+00:00"}, "scope": {"notes": "KEVIntel entry: SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which... | Affected: SPIP / SPIP | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2009-3041", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3041"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2009-3041"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which...", "vendor": "SPIP", "product": "SPIP", "added_date": "2009-09-01T18:04:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "58cc7b53-06b4-4bfe-998f-a15d2e46eb4e", "vulnerability": {"vulnId": "CVE-2009-1136", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2009-07-15T15:00:00+00:00"}, "gcve": {"object_uuid": "58cc7b53-06b4-4bfe-998f-a15d2e46eb4e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2009-07-15T15:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2009-07-15T15:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office... | Affected: Microsoft / Office Web Components | CVSS: 9.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2009-1136", "url": "https://www.cve.org/CVERecord?id=CVE-2009-1136"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2009-1136"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office...", "vendor": "Microsoft", "product": "Office Web Components", "added_date": "2009-07-15T15:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "074904ab-4e26-4c11-baa0-51a5f0c126ff", "vulnerability": {"vulnId": "CVE-2008-0015", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2009-07-07T23:00:00+00:00"}, "gcve": {"object_uuid": "074904ab-4e26-4c11-baa0-51a5f0c126ff", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2009-07-07T23:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2009-07-07T23:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest... | Affected: Microsoft / Windows | CVSS: 8.8 (HIGH) | EPSS: 0.76647 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2008-0015", "url": "https://www.cve.org/CVERecord?id=CVE-2008-0015"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2008-0015"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest...", "vendor": "Microsoft", "product": "Windows", "added_date": "2009-07-07T23:00:00.000Z", "cvss_score": 8.8, "epss_score": 0.76647, "cvss_severity": "HIGH", "epss_percentile": 0.99483, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 6174}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "fa1efba1-0cc1-453a-985f-9e44c1f54f09", "vulnerability": {"vulnId": "CVE-2009-2265", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2009-07-05T16:00:00+00:00"}, "gcve": {"object_uuid": "fa1efba1-0cc1-453a-985f-9e44c1f54f09", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2009-07-05T16:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2009-07-05T16:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories... | Affected: FCKeditor / FCKeditor | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2009-2265", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2265"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2009-2265"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories...", "vendor": "FCKeditor", "product": "FCKeditor", "added_date": "2009-07-05T16:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "afe43e19-6afb-45e7-ba0d-e2c8a09206aa", "vulnerability": {"vulnId": "CVE-2009-1391", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2009-06-16T23:00:00+00:00"}, "gcve": {"object_uuid": "afe43e19-6afb-45e7-ba0d-e2c8a09206aa", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2009-06-16T23:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2009-06-16T23:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly... | Affected: Perl / Compress::Raw::Zlib | CVSS: 6.8 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2009-1391", "url": "https://www.cve.org/CVERecord?id=CVE-2009-1391"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2009-1391"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly...", "vendor": "Perl", "product": "Compress::Raw::Zlib", "added_date": "2009-06-16T23:00:00.000Z", "cvss_score": 6.8, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "8cf81a63-baec-4169-8d31-52ea8db95f12", "vulnerability": {"vulnId": "CVE-2009-1537", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2009-05-29T18:00:00+00:00"}, "gcve": {"object_uuid": "8cf81a63-baec-4169-8d31-52ea8db95f12", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2009-05-29T18:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2009-05-29T18:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000... | Affected: Microsoft / DirectX | CVSS: 8.8 (HIGH) | EPSS: 0.50926 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2009-1537", "url": "https://www.cve.org/CVERecord?id=CVE-2009-1537"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2009-1537"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000...", "vendor": "Microsoft", "product": "DirectX", "added_date": "2009-05-29T18:00:00.000Z", "cvss_score": 8.8, "epss_score": 0.50926, "cvss_severity": "HIGH", "epss_percentile": 0.98784, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 6213}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "038390b6-f148-430a-9578-91117aaacf85", "vulnerability": {"vulnId": "CVE-2009-1807", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2009-05-28T20:14:00+00:00"}, "gcve": {"object_uuid": "038390b6-f148-430a-9578-91117aaacf85", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2009-05-28T20:14:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2009-05-28T20:14:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 and earlier allows remote attackers to execute arbitrary code by calling the... | Affected: Baofeng / Baofeng products | CVSS: 9.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2009-1807", "url": "https://www.cve.org/CVERecord?id=CVE-2009-1807"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2009-1807"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 and earlier allows remote attackers to execute arbitrary code by calling the...", "vendor": "Baofeng", "product": "Baofeng products", "added_date": "2009-05-28T20:14:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "5d7c28b6-473d-4f41-abc0-78615cacfe90", "vulnerability": {"vulnId": "CVE-2009-1800", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2009-05-28T14:00:00+00:00"}, "gcve": {"object_uuid": "5d7c28b6-473d-4f41-abc0-78615cacfe90", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2009-05-28T14:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2009-05-28T14:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Stack-based buffer overflow in the Chinagames CGAgent ActiveX control 1.x in CGAgent.dll, as distributed in Chinagames iGame 2009, allows remote... | Affected: Chinagames / iGame | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2009-1800", "url": "https://www.cve.org/CVERecord?id=CVE-2009-1800"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2009-1800"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Stack-based buffer overflow in the Chinagames CGAgent ActiveX control 1.x in CGAgent.dll, as distributed in Chinagames iGame 2009, allows remote...", "vendor": "Chinagames", "product": "iGame", "added_date": "2009-05-28T14:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "e1d18f11-6869-4fd2-9399-7cf3f50dcf45", "vulnerability": {"vulnId": "CVE-2009-1612", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2009-05-11T20:00:00+00:00"}, "gcve": {"object_uuid": "e1d18f11-6869-4fd2-9399-7cf3f50dcf45", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2009-05-11T20:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2009-05-11T20:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX control in mps.dll 3.9.4.27 in Baofeng Storm allows remote attackers to execute... | Affected: Baofeng / Storm | CVSS: 9.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2009-1612", "url": "https://www.cve.org/CVERecord?id=CVE-2009-1612"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2009-1612"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX control in mps.dll 3.9.4.27 in Baofeng Storm allows remote attackers to execute...", "vendor": "Baofeng", "product": "Storm", "added_date": "2009-05-11T20:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "dca0181a-21a8-4787-9653-26e329e462b1", "vulnerability": {"vulnId": "CVE-2009-1481", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2009-04-29T18:06:00+00:00"}, "gcve": {"object_uuid": "dca0181a-21a8-4787-9653-26e329e462b1", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2009-04-29T18:06:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2009-04-29T18:06:00+00:00"}, "scope": {"notes": "KEVIntel entry: SQL injection vulnerability in action.asp in PuterJam's Blog (PJBlog3) 3.0.6.170 allows remote attackers to execute arbitrary SQL commands via the... | Affected: PuterJam / PJBlog3 | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2009-1481", "url": "https://www.cve.org/CVERecord?id=CVE-2009-1481"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2009-1481"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SQL injection vulnerability in action.asp in PuterJam's Blog (PJBlog3) 3.0.6.170 allows remote attackers to execute arbitrary SQL commands via the...", "vendor": "PuterJam", "product": "PJBlog3", "added_date": "2009-04-29T18:06:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "17b8d2db-d205-4b0c-b93d-62cda0d92b26", "vulnerability": {"vulnId": "CVE-2009-1308", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2009-04-22T18:00:00+00:00"}, "gcve": {"object_uuid": "17b8d2db-d205-4b0c-b93d-62cda0d92b26", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2009-04-22T18:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2009-04-22T18:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary... | Affected: Mozilla / Firefox, Thunderbird, SeaMonkey | CVSS: 4.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2009-1308", "url": "https://www.cve.org/CVERecord?id=CVE-2009-1308"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2009-1308"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary...", "vendor": "Mozilla", "product": "Firefox, Thunderbird, SeaMonkey", "added_date": "2009-04-22T18:00:00.000Z", "cvss_score": 4.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "e430e16a-9f96-47ca-8fc7-18d754f01ebe", "vulnerability": {"vulnId": "CVE-2009-0556", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2009-04-03T18:00:00+00:00"}, "gcve": {"object_uuid": "e430e16a-9f96-47ca-8fc7-18d754f01ebe", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2009-04-03T18:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2009-04-03T18:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute... | Affected: Microsoft / Office PowerPoint | CVSS: 8.8 (HIGH) | EPSS: 0.67539 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2009-0556", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0556"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2009-0556"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute...", "vendor": "Microsoft", "product": "Office PowerPoint", "added_date": "2009-04-03T18:00:00.000Z", "cvss_score": 8.8, "epss_score": 0.67539, "cvss_severity": "HIGH", "epss_percentile": 0.99218, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 6269}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "c3d9ba87-d396-40c1-acc7-56a867e73fac", "vulnerability": {"vulnId": "CVE-2009-1054", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2009-03-24T14:00:00+00:00"}, "gcve": {"object_uuid": "c3d9ba87-d396-40c1-acc7-56a867e73fac", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2009-03-24T14:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2009-03-24T14:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unspecified vulnerability in JustSystems Ichitaro 13, 2004 through 2008, Lite2, and Ichitaro viewer 5.1.5.0 and earlier allows remote attackers to... | Affected: JustSystems / Ichitaro | CVSS: 9.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2009-1054", "url": "https://www.cve.org/CVERecord?id=CVE-2009-1054"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2009-1054"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unspecified vulnerability in JustSystems Ichitaro 13, 2004 through 2008, Lite2, and Ichitaro viewer 5.1.5.0 and earlier allows remote attackers to...", "vendor": "JustSystems", "product": "Ichitaro", "added_date": "2009-03-24T14:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "3c2ee2ce-277a-48cf-9b46-26086938845a", "vulnerability": {"vulnId": "CVE-2009-0238", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2009-02-25T16:00:00+00:00"}, "gcve": {"object_uuid": "3c2ee2ce-277a-48cf-9b46-26086938845a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2009-02-25T16:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2009-02-25T16:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word,... | Affected: Microsoft / Office Excel | CVSS: 8.8 (HIGH) | EPSS: 0.43063 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2009-0238", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0238"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2009-0238"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word,...", "vendor": "Microsoft", "product": "Office Excel", "added_date": "2009-02-25T16:00:00.000Z", "cvss_score": 8.8, "epss_score": 0.43063, "cvss_severity": "HIGH", "epss_percentile": 0.98554, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 6306}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "4a32687b-3337-442f-ab16-7ba6d9b21584", "vulnerability": {"vulnId": "CVE-2009-0658", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2009-02-20T19:00:00+00:00"}, "gcve": {"object_uuid": "4a32687b-3337-442f-ab16-7ba6d9b21584", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2009-02-20T19:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2009-02-20T19:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF... | Affected: Adobe / Reader | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2009-0658", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0658"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2009-0658"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF...", "vendor": "Adobe", "product": "Reader", "added_date": "2009-02-20T19:00:00.000Z", "cvss_score": 7.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "f65cb32d-9e93-41b9-8ec5-33f243ba81a4", "vulnerability": {"vulnId": "CVE-2008-4844", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2008-12-11T15:00:00+00:00"}, "gcve": {"object_uuid": "f65cb32d-9e93-41b9-8ec5-33f243ba81a4", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2008-12-11T15:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2008-12-11T15:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1,... | Affected: Microsoft / Internet Explorer | CVSS: 9.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2008-4844", "url": "https://www.cve.org/CVERecord?id=CVE-2008-4844"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2008-4844"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1,...", "vendor": "Microsoft", "product": "Internet Explorer", "added_date": "2008-12-11T15:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "8317f82a-9984-4647-a6b3-754c36bf649e", "vulnerability": {"vulnId": "CVE-2008-4841", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2008-12-10T13:33:00+00:00"}, "gcve": {"object_uuid": "8317f82a-9984-4647-a6b3-754c36bf649e", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2008-12-10T13:33:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2008-12-10T13:33:00+00:00"}, "scope": {"notes": "KEVIntel entry: The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute... | Affected: Microsoft / Windows | CVSS: 9.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2008-4841", "url": "https://www.cve.org/CVERecord?id=CVE-2008-4841"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2008-4841"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute...", "vendor": "Microsoft", "product": "Windows", "added_date": "2008-12-10T13:33:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "01e05973-d93d-4a67-bc4a-384da8aed88a", "vulnerability": {"vulnId": "CVE-2008-5227", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2008-11-25T23:00:00+00:00"}, "gcve": {"object_uuid": "01e05973-d93d-4a67-bc4a-384da8aed88a", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2008-11-25T23:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2008-11-25T23:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unspecified vulnerability in PHPCow allows remote attackers to execute arbitrary code via unknown vectors, related to a \"file inclusion... | Affected: PHPCow / PHPCow | CVSS: 10.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2008-5227", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5227"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2008-5227"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unspecified vulnerability in PHPCow allows remote attackers to execute arbitrary code via unknown vectors, related to a \"file inclusion...", "vendor": "PHPCow", "product": "PHPCow", "added_date": "2008-11-25T23:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "952ce08c-c218-46da-94a3-395a36e30cf5", "vulnerability": {"vulnId": "CVE-2008-4250", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2008-10-23T21:00:00+00:00"}, "gcve": {"object_uuid": "952ce08c-c218-46da-94a3-395a36e30cf5", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2008-10-23T21:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2008-10-23T21:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows... | Affected: Microsoft / Windows | CVSS: 9.8 (CRITICAL) | EPSS: 0.98751 | Used in malware: unknown | Not yet in CISA KEV: False"}, "references": [{"id": "CVE-2008-4250", "url": "https://www.cve.org/CVERecord?id=CVE-2008-4250"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2008-4250"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows...", "vendor": "Microsoft", "product": "Windows", "added_date": "2008-10-23T21:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.98751, "cvss_severity": "CRITICAL", "epss_percentile": 0.99919, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 6431}, "not_yet_in_cisa_kev": false}}]}
{"uuid": "ce607e8b-d5d2-4cd5-afa4-51f7d8af9387", "vulnerability": {"vulnId": "CVE-2008-3919", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2008-09-04T18:00:00+00:00"}, "gcve": {"object_uuid": "ce607e8b-d5d2-4cd5-afa4-51f7d8af9387", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2008-09-04T18:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2008-09-04T18:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Unspecified vulnerability in multiple JustSystems Ichitaro products allows remote attackers to execute arbitrary code via a crafted JTD document,... | Affected: JustSystems / Ichitaro | CVSS: 9.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2008-3919", "url": "https://www.cve.org/CVERecord?id=CVE-2008-3919"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2008-3919"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unspecified vulnerability in multiple JustSystems Ichitaro products allows remote attackers to execute arbitrary code via a crafted JTD document,...", "vendor": "JustSystems", "product": "Ichitaro", "added_date": "2008-09-04T18:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "39fd178f-18e1-4e19-9d6d-f1691a154f07", "vulnerability": {"vulnId": "CVE-2008-3873", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2008-08-29T17:00:00+00:00"}, "gcve": {"object_uuid": "39fd178f-18e1-4e19-9d6d-f1691a154f07", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2008-08-29T17:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2008-08-29T17:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a... | Affected: Adobe / Flash Player | CVSS: 4.3 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2008-3873", "url": "https://www.cve.org/CVERecord?id=CVE-2008-3873"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2008-3873"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a...", "vendor": "Adobe", "product": "Flash Player", "added_date": "2008-08-29T17:00:00.000Z", "cvss_score": 4.3, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "340b791a-58a2-406f-8083-1d38394515ea", "vulnerability": {"vulnId": "CVE-2008-3704", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2008-08-18T19:00:00+00:00"}, "gcve": {"object_uuid": "340b791a-58a2-406f-8083-1d38394515ea", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2008-08-18T19:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2008-08-18T19:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft... | Affected: Microsoft / Visual Studio | CVSS: 9.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2008-3704", "url": "https://www.cve.org/CVERecord?id=CVE-2008-3704"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2008-3704"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft...", "vendor": "Microsoft", "product": "Visual Studio", "added_date": "2008-08-18T19:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "e4c42399-8cb6-40e6-8cea-5b54b01beb14", "vulnerability": {"vulnId": "CVE-2008-3648", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2008-08-12T23:00:00+00:00"}, "gcve": {"object_uuid": "e4c42399-8cb6-40e6-8cea-5b54b01beb14", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2008-08-12T23:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2008-08-12T23:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone... | Affected: Microsoft / Windows XP SP2 | CVSS: 9.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2008-3648", "url": "https://www.cve.org/CVERecord?id=CVE-2008-3648"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2008-3648"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone...", "vendor": "Microsoft", "product": "Windows XP SP2", "added_date": "2008-08-12T23:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "c0e7456a-69e4-4135-910b-0cc60d071585", "vulnerability": {"vulnId": "CVE-2008-2244", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2008-07-09T22:00:00+00:00"}, "gcve": {"object_uuid": "c0e7456a-69e4-4135-910b-0cc60d071585", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2008-07-09T22:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2008-07-09T22:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the... | Affected: Microsoft / Office Word 2002 SP3 | CVSS: 9.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2008-2244", "url": "https://www.cve.org/CVERecord?id=CVE-2008-2244"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2008-2244"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the...", "vendor": "Microsoft", "product": "Office Word 2002 SP3", "added_date": "2008-07-09T22:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "da951099-fb9e-40fd-9f46-65f541e000fe", "vulnerability": {"vulnId": "CVE-2008-1841", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2008-04-16T17:00:00+00:00"}, "gcve": {"object_uuid": "da951099-fb9e-40fd-9f46-65f541e000fe", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2008-04-16T17:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2008-04-16T17:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier... | Affected: Coppermine / Photo Gallery | CVSS: 6.8 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2008-1841", "url": "https://www.cve.org/CVERecord?id=CVE-2008-1841"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2008-1841"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier...", "vendor": "Coppermine", "product": "Photo Gallery", "added_date": "2008-04-16T17:00:00.000Z", "cvss_score": 6.8, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "abaa9d40-f31c-402c-b691-402484f9cbe9", "vulnerability": {"vulnId": "CVE-2008-1092", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2008-03-25T16:00:00+00:00"}, "gcve": {"object_uuid": "abaa9d40-f31c-402c-b691-402484f9cbe9", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2008-03-25T16:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2008-03-25T16:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted... | Affected: Microsoft / Jet Database Engine | CVSS: 9.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2008-1092", "url": "https://www.cve.org/CVERecord?id=CVE-2008-1092"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2008-1092"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted...", "vendor": "Microsoft", "product": "Jet Database Engine", "added_date": "2008-03-25T16:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "faab11bc-88b5-4256-b4fa-a6e42c7c2def", "vulnerability": {"vulnId": "CVE-2008-0647", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2008-02-07T20:00:00+00:00"}, "gcve": {"object_uuid": "faab11bc-88b5-4256-b4fa-a6e42c7c2def", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2008-02-07T20:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2008-02-07T20:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Multiple stack-based buffer overflows in the HanGamePluginCn18.HanGamePluginCn18.1 ActiveX control in HanGamePluginCn18.dll in Ourgame GLWorld... | Affected: Ourgame / GLWorld | CVSS: 10.0 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2008-0647", "url": "https://www.cve.org/CVERecord?id=CVE-2008-0647"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2008-0647"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Multiple stack-based buffer overflows in the HanGamePluginCn18.HanGamePluginCn18.1 ActiveX control in HanGamePluginCn18.dll in Ourgame GLWorld...", "vendor": "Ourgame", "product": "GLWorld", "added_date": "2008-02-07T20:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "83405f7f-f684-427c-b08c-d0fb4aa79d58", "vulnerability": {"vulnId": "CVE-2007-6436", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2007-12-18T20:00:00+00:00"}, "gcve": {"object_uuid": "83405f7f-f684-427c-b08c-d0fb4aa79d58", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2007-12-18T20:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2007-12-18T20:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, 2006, and 2007 allows user-assisted remote attackers to execute arbitrary... | Affected: JustSystems / Ichitaro | CVSS: 9.3 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2007-6436", "url": "https://www.cve.org/CVERecord?id=CVE-2007-6436"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2007-6436"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, 2006, and 2007 allows user-assisted remote attackers to execute arbitrary...", "vendor": "JustSystems", "product": "Ichitaro", "added_date": "2007-12-18T20:00:00.000Z", "cvss_score": 9.3, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "bb549dc9-6060-4eb2-9d12-66b07f339ee8", "vulnerability": {"vulnId": "CVE-2007-5807", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2007-11-05T17:00:00+00:00"}, "gcve": {"object_uuid": "bb549dc9-6060-4eb2-9d12-66b07f339ee8", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2007-11-05T17:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2007-11-05T17:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Buffer overflow in the register function in Ultra Star Reader ActiveX control in SSReader allows remote attackers to execute arbitrary code via... | Affected: SSReader / Ultra Star Reader ActiveX control | CVSS: 6.8 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2007-5807", "url": "https://www.cve.org/CVERecord?id=CVE-2007-5807"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2007-5807"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Buffer overflow in the register function in Ultra Star Reader ActiveX control in SSReader allows remote attackers to execute arbitrary code via...", "vendor": "SSReader", "product": "Ultra Star Reader ActiveX control", "added_date": "2007-11-05T17:00:00.000Z", "cvss_score": 6.8, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "84030c41-5f78-4707-9810-7d354978261f", "vulnerability": {"vulnId": "CVE-2007-5722", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2007-10-30T21:00:00+00:00"}, "gcve": {"object_uuid": "84030c41-5f78-4707-9810-7d354978261f", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2007-10-30T21:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2007-10-30T21:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Stack-based buffer overflow in a certain ActiveX control in GLChat.ocx 2.5.1.32 in GlobalLink 2.7.0.8, as used in Ourgame GLWorld and possibly... | Affected: Ourgame / GLWorld | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2007-5722", "url": "https://www.cve.org/CVERecord?id=CVE-2007-5722"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2007-5722"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Stack-based buffer overflow in a certain ActiveX control in GLChat.ocx 2.5.1.32 in GlobalLink 2.7.0.8, as used in Ourgame GLWorld and possibly...", "vendor": "Ourgame", "product": "GLWorld", "added_date": "2007-10-30T21:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
{"uuid": "90b23eae-d9ec-4225-8807-8f7ae8611d96", "vulnerability": {"vulnId": "CVE-2006-4326", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2006-08-24T01:00:00+00:00"}, "gcve": {"object_uuid": "90b23eae-d9ec-4225-8807-8f7ae8611d96", "origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3"}, "characteristics": {}, "timestamps": {"asserted_at": "2006-08-24T01:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2006-08-24T01:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Stack-based buffer overflow in Justsystem Ichitaro 9.x through 13.x, Ichitaro 2004, 2005, 2006, and Government 2006; Ichitaro for Linux; and... | Affected: Justsystem / Ichitaro | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True"}, "references": [{"id": "CVE-2006-4326", "url": "https://www.cve.org/CVERecord?id=CVE-2006-4326"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2006-4326"}], "evidence": [{"source": "kevintel", "type": "public_report", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Stack-based buffer overflow in Justsystem Ichitaro 9.x through 13.x, Ichitaro 2004, 2005, 2006, and Government 2006; Ichitaro for Linux; and...", "vendor": "Justsystem", "product": "Ichitaro", "added_date": "2006-08-24T01:00:00.000Z", "cvss_score": 7.5, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}]}
