TOP-100 known vulnerabilities exploited in the wild (KEV)

Cybersecurity Help has compiled a list of TOP-100 vulnerabilities that are known to be exploited in the wild. This page is being updated in real time to reflect all changes in our vulnerability database.

Updated: 15 hours ago

# EUVDB-ID CVE-ID Vendor Software Vulnerability type Public exploit
1 #VU101038
Path traversal
CVE-2024-11667 ZyXEL Communications Corp. USG FLEX series
Antivirus software/Personal firewalls
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
No
2 #VU101094
Cross-site scripting
CVE-2014-2120 Cisco Systems, Inc Cisco Adaptive Security Appliance (ASA)
Security hardware applicances
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
No
3 #VU99287
Missing authentication for critical function
CVE-2024-47575 Fortinet, Inc FortiManager
IDS/IPS systems, Firewalls and proxy servers
CWE-306
Missing Authentication for Critical Function
Yes
4 #VU94353
Code Injection
CVE-2024-36401 geoserver geoserver
Other software solutions
CWE-94
Improper Control of Generation of Code ('Code Injection')
Yes
5 #VU100213
OS Command Injection
CVE-2024-10914 D-Link D-Link DNS-320
Firmware
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Yes
6 #VU99595
Improper authentication
CVE-2024-51567 CyberPanel CyberPanel
Remote management & hosting panels
CWE-287
Improper Authentication
Yes
7 #VU98333
Use-after-free
CVE-2024-9680 Mozilla Firefox for Android
Apps for mobile phones
CWE-416
Use After Free
Yes
8 #VU82065
Improper Privilege Management
CVE-2023-20198 Cisco Systems, Inc Cisco IOS XE
Operating system
CWE-269
Improper Privilege Management
Yes
9 #VU100597
Improper authentication
CVE-2024-1212 Progress Software Corporation LoadMaster
Other server solutions
CWE-287
Improper Authentication
Yes
10 #VU85886
Path traversal
CVE-2024-23334 aio-libs aiohttp
Other software solutions
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Yes
11 #VU91106
OS Command Injection
CVE-2024-4577 PHP Group PHP
Scripting languages
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Yes
12 #VU101016
Improper Authentication
CVE-2024-11680 ProjectSend ProjectSend
Other software
CWE-287
Improper Authentication
No
13 #VU100669
Input validation error
CVE-2024-44308 WebKitGTK WebKitGTK+
Frameworks for developing and running applications
CWE-20
Improper input validation
No
14 #VU100668
Universal cross-site scripting
CVE-2024-44309 WebKitGTK WebKitGTK+
Frameworks for developing and running applications
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
No
15 #VU82199
XML External Entity injection
CVE-2023-45727 North Grid Corporation Proself Enterprise Edition
Database software
CWE-611
Improper Restriction of XML External Entity Reference ('XXE')
No
16 #VU100948
Improper Authentication
CVE-2023-28461 Array Networks ArrayOS
Routers for home users
CWE-287
Improper Authentication
No
17 #VU96722
OS Command Injection
CVE-2024-42057 ZyXEL Communications Corp. USG FLEX series
Antivirus software/Personal firewalls
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
No
18 #VU100596
Improper authentication
CVE-2024-0012 Palo Alto Networks, Inc. Palo Alto PAN-OS
Operating system
CWE-287
Improper Authentication
Yes
19 #VU100528
OS Command Injection
CVE-2024-9474 Palo Alto Networks, Inc. Palo Alto PAN-OS
Operating system
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Yes
20 #VU80954
Improper access control
CVE-2021-22941 Citrix ShareFile storage zones controller
File servers (FTP/HTTP)
CWE-284
Improper Access Control
Yes
21 #VU100270
Improper Authentication
CVE-2024-49039 Microsoft Windows
Operating system
CWE-287
Improper Authentication
Yes
22 #VU63784
OS Command Injection
CVE-2022-30190 Microsoft Windows
Operating system
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Yes
23 #VU73511
Information disclosure
CVE-2023-23397 Microsoft Microsoft Office
Office applications
CWE-200
Information exposure
Yes
24 #VU72192
Buffer overflow
CVE-2023-21716 Microsoft Microsoft Office
Office applications
CWE-119
Memory corruption
Yes
25 #VU95833
Use-after-free
CVE-2024-38193 Microsoft Windows
Operating system
CWE-416
Use After Free
Yes
26 #VU85166
Insecure default initialization of resource
CVE-2023-27524 Apache Foundation Apache Superset
Other software
CWE-1188
Insecure Default Initialization of Resource
Yes
27 #VU81631
Improper Authentication
CVE-2023-22515 Atlassian Confluence Data Center
Other server solutions
CWE-287
Improper Authentication
Yes
28 #VU89637
Incorrect authorization
CVE-2021-40655 D-Link DIR-605
Routers & switches, VoIP, GSM, etc
CWE-863
Incorrect Authorization
No
29 #VU89636
Cross-site request forgery
CVE-2014-100005 D-Link Dir-600
Routers & switches, VoIP, GSM, etc
CWE-352
Cross-Site Request Forgery (CSRF)
No
30 #VU97446
Heap-based buffer overflow
CVE-2024-38812 VMware, Inc vCenter Server
Virtualization software
CWE-122
Heap-based Buffer Overflow
No
31 #VU97447
Input validation error
CVE-2024-38813 VMware, Inc vCenter Server
Virtualization software
CWE-20
Improper input validation
No
32 #VU100691
Missing Authorization
CVE-2024-21287 Oracle Oracle Agile PLM Framework
Software for developers
CWE-862
Missing Authorization
No
33 #VU100580
OS Command Injection
CVE-2024-11120 GeoVision GV-VS12
Office equipment, IP-phones, print servers
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
No
34 #VU100575
Unprotected storage of credentials
N/A Fortinet, Inc Fortinet FortiClient for Windows
Other server solutions
CWE-256
Unprotected Storage of Credentials
No
35 #VU77175
Heap-based buffer overflow
CVE-2023-27997 Fortinet, Inc FortiOS
Operating system
CWE-122
Heap-based Buffer Overflow
Yes
36 #VU89681
Cross-site scripting
CVE-2024-37383 Roundcube Roundcube
Webmail solutions
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Yes
37 #VU97617
Path traversal
CVE-2024-8963 Ivanti Ivanti Cloud Services Appliance (CSA)
Server solutions for antivurus protection
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Yes
38 #VU98383
OS Command Injection
CVE-2024-9463 Palo Alto Networks, Inc. Expedition
Other client software
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
No
39 #VU98385
SQL injection
CVE-2024-9465 Palo Alto Networks, Inc. Expedition
Other client software
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Yes
40 #VU94368
Missing Authentication for Critical Function
CVE-2024-5910 Palo Alto Networks, Inc. Expedition
Other client software
CWE-306
Missing Authentication for Critical Function
Yes
41 #VU100276
Information disclosure
CVE-2024-43451 Microsoft Microsoft Internet Explorer
Web browsers
CWE-200
Information exposure
No
42 #VU99973
Improper privilege management
CVE-2020-14979 EVGA Precision X1
Drivers
CWE-269
Improper Privilege Management
No
43 #VU99974
Improper privilege management
CVE-2021-41285 Micron Technology Ballistix MOD Utility
Software for system administration
CWE-269
Improper Privilege Management
No
44 #VU82544
Authentication bypass using an alternate path or channel
CVE-2023-46747 F5 Networks BIG-IP
Firmware
CWE-288
Authentication Bypass Using an Alternate Path or Channel
Yes
45 #VU82690
Deserialization of Untrusted Data
CVE-2023-46604 Apache Foundation ActiveMQ
Mail servers
CWE-502
Deserialization of Untrusted Data
Yes
46 #VU81437
Buffer overflow
CVE-2023-4911 GNU Glibc
Libraries used by multiple products
CWE-119
Memory corruption
Yes
47 #VU99699
Improper input validation
CVE-2024-43093 Google Google Android
Operating system
CWE-20
Improper input validation
No
48 #VU99597
Improper Authentication
CVE-2024-51378 CyberPanel CyberPanel
Remote management & hosting panels
CWE-287
Improper Authentication
Yes
49 #VU99606
Improper Authentication
CVE-2024-8956 PTZOptics PT30X-SDI/NDI-xx
Office equipment, IP-phones, print servers
CWE-287
Improper Authentication
No
50 #VU99607
OS Command Injection
CVE-2024-8957 PTZOptics PT30X-SDI/NDI-xx
Office equipment, IP-phones, print servers
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
No
51 #VU96465
Use of hard-coded credentials
CVE-2024-28987 SolarWinds Web Help Desk
Other software
CWE-798
Use of Hard-coded Credentials
Yes
52 #VU80950
Authentication bypass using an alternate path or channel
CVE-2023-42793 JetBrains s.r.o. TeamCity
CRM systems
CWE-288
Authentication Bypass Using an Alternate Path or Channel
Yes
53 #VU86279
Format string error
CVE-2024-23113 Fortinet, Inc FortiOS
Operating system
CWE-134
Use of Externally-Controlled Format String
Yes
54 #VU85786
Improper access control
CVE-2024-23897 Jenkins Jenkins
Application servers
CWE-284
Improper Access Control
Yes
55 #VU80463
Type Confusion
CVE-2023-4762 Google Google Chromium
Web browsers
CWE-843
Type confusion
Yes
56 #VU75418
Improper access control
CVE-2023-27350 PaperCut Software PaperCut MF
Other software solutions
CWE-284
Improper Access Control
Yes
57 #VU86914
Code Injection
CVE-2024-25600 bricksbuilder.io Bricks Builder
Modules and components for CMS
CWE-94
Improper Control of Generation of Code ('Code Injection')
Yes
58 #VU89894
Path traversal
CVE-2024-24919 Check Point Software Technologies Gaia
Operating system
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Yes
59 #VU73718
Command Injection
CVE-2023-1389 TP-Link Archer AX21
Routers & switches, VoIP, GSM, etc
CWE-77
Command injection
Yes
60 #VU71411
OS Command Injection
CVE-2022-44877 CWP - Control Web Panel CWP Panel
Other software solutions
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Yes
61 #VU88506
Command Injection
CVE-2024-3400 Palo Alto Networks, Inc. Palo Alto PAN-OS
Operating system
CWE-77
Command injection
Yes
62 #VU61754
Code Injection
CVE-2022-22963 VMware, Inc Spring Cloud Function
Other software
CWE-94
Improper Control of Generation of Code ('Code Injection')
Yes
63 #VU85319
Improper access control
CVE-2023-7028 GitLab, Inc GitLab Enterprise Edition
Software for developers
CWE-284
Improper Access Control
Yes
64 #VU71774
Deserialization of Untrusted Data
CVE-2023-0669 Fortra GoAnywhere MFT
Remote access servers, VPN
CWE-502
Deserialization of Untrusted Data
Yes
65 #VU85413
Template injection
CVE-2023-22527 Atlassian Atlassian Confluence Server
Web servers
CWE-94
Improper Control of Generation of Code ('Code Injection')
Yes
66 #VU72081
Deserialization of Untrusted Data
CVE-2022-47986 IBM Corporation IBM Aspera Faspex for Windows
Other software
CWE-502
Deserialization of Untrusted Data
Yes
67 #VU68070
Authentication bypass using an alternate path or channel
CVE-2022-40684 Fortinet, Inc FortiOS
Operating system
CWE-288
Authentication Bypass Using an Alternate Path or Channel
Yes
68 #VU73597
Improper access control
CVE-2023-26360 Adobe ColdFusion
Application servers
CWE-284
Improper Access Control
Yes
69 #VU70426
Improper Authorization
CVE-2022-46169 The Cacti Group, Inc. Cacti
Other software
CWE-285
Improper Authorization
Yes
70 #VU79688
Input validation error
CVE-2023-36845 Juniper Networks, Inc. Juniper Junos OS
Operating system
CWE-20
Improper input validation
Yes
71 #VU72065
Code Injection
CVE-2022-35914 glpi-project GLPI
CRM systems
CWE-94
Improper Control of Generation of Code ('Code Injection')
Yes
72 #VU72333
Improper access control
CVE-2023-23752 Joomla! Joomla!
CMS
CWE-284
Improper Access Control
Yes
73 #VU74450
OS Command Injection
CVE-2023-1671 Sophos Sophos Web Appliance (SWA)
Server solutions for antivurus protection
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Yes
74 #VU59392
Buffer overflow
CVE-2022-21907 Microsoft Windows
Web servers
CWE-119
Memory corruption
Yes
75 #VU70999
Permissions, Privileges, and Access Controls
CVE-2023-21752 Microsoft Windows
Operating system
CWE-264
Permissions, Privileges, and Access Controls
Yes
76 #VU86459
Buffer overflow
CVE-2024-21338 Microsoft Windows
Operating system
CWE-119
Memory corruption
Yes
77 #VU79925
Input validation error
CVE-2023-38831 RARLAB WinRAR
Software for archiving
CWE-20
Improper input validation
Yes
78 #VU66798
OS Command Injection
CVE-2022-36804 Atlassian Bitbucket Data Center
Other server solutions
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Yes
79 #VU99291
Missing Release of Resource after Effective Lifetime
CVE-2024-20481 Cisco Systems, Inc Cisco Adaptive Security Appliance (ASA)
Security hardware applicances
CWE-772
Missing Release of Resource after Effective Lifetime
No
80 #VU99260
Use-after-free
CVE-2024-44068 Samsung Exynos 980
Firmware
CWE-416
Use After Free
No
81 #VU93998
Deserialization of Untrusted Data
CVE-2024-38094 Microsoft Microsoft SharePoint Server
Application servers
CWE-502
Deserialization of Untrusted Data
No
82 #VU99246
Input validation error
CVE-2024-9537 ScienceLogic SL1
Other server solutions
CWE-20
Improper input validation
No
83 #VU86688
Authentication bypass using an alternate path or channel
CVE-2024-1709 ConnectWise ScreenConnect
Software for system administration
CWE-288
Authentication Bypass Using an Alternate Path or Channel
Yes
84 #VU88210
OS Command Injection
CVE-2024-3273 D-Link D-Link DNS-320L
Routers for home users
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Yes
85 #VU91983
XML External Entity injection
CVE-2024-34102 Magento, Inc Adobe Commerce (formerly Magento Commerce)
E-Commerce systems
CWE-611
Improper Restriction of XML External Entity Reference ('XXE')
Yes
86 #VU96908
Input validation error
CVE-2024-40711 Veeam Backup & Replication
Other server solutions
CWE-20
Improper input validation
Yes
87 #VU78978
Buffer overflow
CVE-2023-3824 PHP Group PHP
Scripting languages
CWE-119
Memory corruption
Yes
88 #VU95992
Incorrect Implementation of Authentication Algorithm
CVE-2024-7593 Ivanti Virtual Traffic Manager
Other software solutions
CWE-303
Incorrect Implementation of Authentication Algorithm
Yes
89 #VU91709
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2024-30088 Microsoft Windows
Operating system
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
Yes
90 #VU96803
OS Command Injection
CVE-2024-45519 Synacor Inc. Zimbra Collaboration
Webmail solutions
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Yes
91 #VU95165
Command Injection
CVE-2024-7029 AVTECH Corporation AVM1203
Security hardware applicances
CWE-77
Command injection
Yes
92 #VU83960
Path traversal
CVE-2023-50164 Apache Foundation Apache Struts
Frameworks for developing and running applications
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Yes
93 #VU87116
Improper Authentication
CVE-2024-27198 JetBrains s.r.o. TeamCity
CRM systems
CWE-287
Improper Authentication
Yes
94 #VU88869
External Control of File Name or Path
CVE-2024-4040 CrushFTP CrushFTP
File servers (FTP/HTTP)
CWE-73
External Control of File Name or Path
Yes
95 #VU81042
Buffer overflow
CVE-2023-41993 WebKitGTK WebKitGTK+
Frameworks for developing and running applications
CWE-119
Memory corruption
Yes
96 #VU94373
OS Command Injection
CVE-2024-27348 Apache Foundation HugeGraph-Server
Other server solutions
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Yes
97 #VU98158
Input validation error
CVE-2024-43572 Microsoft Windows
Operating system
CWE-20
Improper input validation
No
98 #VU98154
Universal cross-site scripting
CVE-2024-43573 Microsoft Microsoft Internet Explorer
Web browsers
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
No
99 #VU98151
SQL injection
CVE-2024-9379 Ivanti Ivanti Cloud Services Appliance (CSA)
Server solutions for antivurus protection
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
No
100 #VU98152
OS Command Injection
CVE-2024-9380 Ivanti Ivanti Cloud Services Appliance (CSA)
Server solutions for antivurus protection
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
No