Cybersecurity Help has compiled a list of TOP-100 vulnerabilities that are known to be exploited in the wild. This page is being updated in real time to reflect all changes in our vulnerability database.
| # | EUVDB-ID | CVE-ID | Vendor | Software | Vulnerability type | Public exploit |
| 1 | #VU96380 Improperly implemented security check for standard |
CVE-2024-7965 |
Google Chromium
Web browsers |
CWE-358 Improperly Implemented Security Check for Standard |
No | |
| 2 | #VU89791 Type Confusion |
CVE-2024-5274 |
Google Chromium
Web browsers |
CWE-843 Type confusion |
Yes | |
| 3 | #VU73511 Information disclosure |
CVE-2023-23397 | Microsoft |
Microsoft Office
Office applications |
CWE-200 Information exposure |
Yes |
| 4 | #VU85786 Improper access control |
CVE-2024-23897 | Jenkins |
Jenkins
Application servers |
CWE-284 Improper Access Control |
Yes |
| 5 | #VU94758 Input validation error |
CVE-2024-4879 | ServiceNow |
ServiceNow
Other server solutions |
CWE-20 Improper input validation |
Yes |
| 6 | #VU95407 Improper Authorization |
CVE-2024-38856 | Apache Foundation |
OFBiz
Other software solutions |
CWE-285 Improper Authorization |
Yes |
| 7 | #VU81631 Improper Authentication |
CVE-2023-22515 | Atlassian |
Confluence Data Center
Other server solutions |
CWE-287 Improper Authentication |
Yes |
| 8 | #VU94353 Code Injection |
CVE-2024-36401 | geoserver |
geoserver
Other software solutions |
CWE-94 Improper Control of Generation of Code ('Code Injection') |
Yes |
| 9 | #VU91592 Authentication Bypass by Spoofing |
CVE-2024-4358 | Progress Telerik |
Report Server
Other server solutions |
CWE-290 Authentication Bypass by Spoofing |
Yes |
| 10 | #VU82104 Arbitrary file upload |
CVE-2023-5360 | WP Royal |
Royal Elementor Addons
Modules and components for CMS |
CWE-434 Unrestricted Upload of File with Dangerous Type |
Yes |
| 11 | #VU80196 Path traversal |
CVE-2023-41266 | Qlik Community |
Qlik Sense Enterprise for Windows
Other software solutions |
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
Yes |
| 12 | #VU80193 Inconsistent interpretation of HTTP requests |
CVE-2023-41265 | Qlik Community |
Qlik Sense Enterprise for Windows
Other software solutions |
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') |
Yes |
| 13 | #VU95165 Command Injection |
CVE-2024-7029 | AVTECH Corporation |
AVM1203
Security hardware applicances |
CWE-77 Command injection |
No |
| 14 | #VU96595 Input validation error |
CVE-2024-7263 | Kingsoft Corp. |
WPS Office
Office applications |
CWE-20 Improper input validation |
No |
| 15 | #VU96594 Input validation error |
CVE-2024-7262 | Kingsoft Corp. |
WPS Office
Office applications |
CWE-20 Improper input validation |
No |
| 16 | #VU96491 Arbitrary file upload |
CVE-2024-39717 | Versa Networks |
Versa Director
Virtualization software |
CWE-434 Unrestricted Upload of File with Dangerous Type |
No |
| 17 | #VU77208 Improper Authentication |
CVE-2023-20867 | VMware, Inc |
VMware Tools
Other client software |
CWE-287 Improper Authentication |
No |
| 18 | #VU91106 OS Command Injection |
CVE-2024-4577 | PHP Group |
PHP
Scripting languages |
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
Yes |
| 19 | #VU91983 XML External Entity injection |
CVE-2024-34102 | Magento, Inc |
Adobe Commerce (formerly Magento Commerce)
E-Commerce systems |
CWE-611 Improper Restriction of XML External Entity Reference ('XXE') |
Yes |
| 20 | #VU86914 Code Injection |
CVE-2024-25600 | bricksbuilder.io |
Bricks Builder
Modules and components for CMS |
CWE-94 Improper Control of Generation of Code ('Code Injection') |
Yes |
| 21 | #VU88210 OS Command Injection |
CVE-2024-3273 | D-Link |
D-Link DNS-320L
Routers for home users |
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
Yes |
| 22 | #VU96447 Improper Authentication |
CVE-2021-33045 | Dahua Technology |
Dahua IPC-HX1XXX
Other hardware appliances |
CWE-287 Improper Authentication |
Yes |
| 23 | #VU96446 Improper Authentication |
CVE-2021-33044 | Dahua Technology |
Dahua IPC-HX1XXX
Other hardware appliances |
CWE-287 Improper Authentication |
Yes |
| 24 | #VU93546 OS Command Injection |
CVE-2024-20399 | Cisco Systems, Inc |
Cisco NX-OS
Operating system |
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
No |
| 25 | #VU96385 Type Confusion |
CVE-2024-7971 |
Google Chromium
Web browsers |
CWE-843 Type confusion |
No | |
| 26 | #VU59695 Integer overflow |
CVE-2022-0185 | Linux Foundation |
Linux kernel
Operating system |
CWE-190 Integer overflow |
Yes |
| 27 | #VU93483 SQL injection |
CVE-2024-5276 | Fortra |
FileCatalyst Workflow
Other software |
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
Yes |
| 28 | #VU86573 Embedded malicious code (backdoor) |
CVE-2021-44529 | Ivanti |
Endpoint Manager
IDS/IPS systems, Firewalls and proxy servers |
CWE-506 Embedded Malicious Code |
Yes |
| 29 | #VU72333 Improper access control |
CVE-2023-23752 | Joomla! |
Joomla!
CMS |
CWE-284 Improper Access Control |
Yes |
| 30 | #VU87116 Improper Authentication |
CVE-2024-27198 | JetBrains s.r.o. |
TeamCity
CRM systems |
CWE-287 Improper Authentication |
Yes |
| 31 | #VU77076 OS Command Injection |
CVE-2023-20887 | VMware, Inc |
Aria Operations for Networks (formerly vRealize Network Insight)
Remote management servers, RDP, SSH |
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
Yes |
| 32 | #VU76765 SQL injection |
CVE-2023-34362 | Progress Software Corporation |
MOVEit Transfer
File servers (FTP/HTTP) |
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
Yes |
| 33 | #VU76466 Improper Authentication |
CVE-2023-32315 | Ignite Realtime |
Openfire
Modules and components for CMS |
CWE-287 Improper Authentication |
Yes |
| 34 | #VU85166 Insecure default initialization of resource |
CVE-2023-27524 | Apache Foundation |
Apache Superset
Other software |
CWE-1188 Insecure Default Initialization of Resource |
Yes |
| 35 | #VU78929 Improper Authentication |
CVE-2023-35082 | Ivanti |
Endpoint Manager Mobile (formerly MobileIron Core)
IDS/IPS systems, Firewalls and proxy servers |
CWE-287 Improper Authentication |
Yes |
| 36 | #VU96009 Deserialization of Untrusted Data |
CVE-2024-28986 | SolarWinds |
Web Help Desk
Other software |
CWE-502 Deserialization of Untrusted Data |
No |
| 37 | #VU94373 OS Command Injection |
CVE-2024-27348 | Apache Foundation |
HugeGraph-Server
Other server solutions |
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
Yes |
| 38 | #VU95841 Input validation error |
CVE-2024-38189 | Microsoft |
Microsoft Office
Office applications |
CWE-20 Improper input validation |
No |
| 39 | #VU95840 Use-after-free |
CVE-2024-38107 | Microsoft |
Windows
Operating system |
CWE-416 Use After Free |
No |
| 40 | #VU95835 Protection mechanism failure |
CVE-2024-38213 | Microsoft |
Windows
Operating system |
CWE-693 Protection Mechanism Failure |
No |
| 41 | #VU95833 Use-after-free |
CVE-2024-38193 | Microsoft |
Windows
Operating system |
CWE-416 Use After Free |
No |
| 42 | #VU95831 Race condition |
CVE-2024-38106 | Microsoft |
Windows
Operating system |
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
No |
| 43 | #VU95829 Buffer overflow |
CVE-2024-38178 | Microsoft |
Windows
Operating system |
CWE-119 Memory corruption |
No |
| 44 | #VU89894 Path traversal |
CVE-2024-24919 | Check Point Software Technologies |
Gaia
Operating system |
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
Yes |
| 45 | #VU92130 Path traversal |
CVE-2024-32113 | Apache Foundation |
OFBiz
Other software solutions |
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
Yes |
| 46 | #VU95434 Path traversal |
CVE-2024-4885 | Progress Software Corporation |
WhatsUp Gold
CMS |
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
Yes |
| 47 | #VU91597 Use-after-free |
CVE-2024-36971 | Linux Foundation |
Linux kernel
Operating system |
CWE-416 Use After Free |
No |
| 48 | #VU94760 Incomplete List of Disallowed Inputs |
CVE-2024-5217 | ServiceNow |
ServiceNow
Other server solutions |
CWE-184 Incomplete List of Disallowed Inputs |
Yes |
| 49 | #VU74605 Out-of-bounds write |
CVE-2023-28206 | Apple Inc. |
Apple iOS
Operating system |
CWE-787 Out-of-bounds write |
Yes |
| 50 | #VU86459 Buffer overflow |
CVE-2024-21338 | Microsoft |
Windows
Operating system |
CWE-119 Memory corruption |
Yes |
| 51 | #VU93317 Improper Authentication |
CVE-2024-37085 | VMware, Inc |
VMware ESXi
Operating system |
CWE-287 Improper Authentication |
No |
| 52 | #VU85319 Improper access control |
CVE-2023-7028 | GitLab, Inc |
GitLab Enterprise Edition
Software for developers |
CWE-284 Improper Access Control |
Yes |
| 53 | #VU91290 Path traversal |
CVE-2024-28995 | SolarWinds |
Serv-U FTP Server
File servers (FTP/HTTP) |
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
Yes |
| 54 | #VU79925 Input validation error |
CVE-2023-38831 | RARLAB |
WinRAR
Software for archiving |
CWE-20 Improper input validation |
Yes |
| 55 | #VU76454 Path traversal |
CVE-2023-2825 | GitLab, Inc |
GitLab Enterprise Edition
Software for developers |
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
Yes |
| 56 | #VU94744 Observable discrepancy |
CVE-2024-39891 | Twilio |
Authy for Android
Apps for mobile phones |
CWE-203 Observable discrepancy |
No |
| 57 | #VU93902 Exposure of resource to wrong sphere |
CVE-2024-38112 | Microsoft |
Microsoft Internet Explorer
Web browsers |
CWE-668 Exposure of resource to wrong sphere |
Yes |
| 58 | #VU92282 Format string error |
CVE-2024-29510 | Artifex Software, Inc. |
Ghostscript
Libraries used by multiple products |
CWE-134 Use of Externally-Controlled Format String |
Yes |
| 59 | #VU78978 Buffer overflow |
CVE-2023-3824 | PHP Group |
PHP
Scripting languages |
CWE-119 Memory corruption |
Yes |
| 60 | #VU82690 Deserialization of Untrusted Data |
CVE-2023-46604 | Apache Foundation |
ActiveMQ
Mail servers |
CWE-502 Deserialization of Untrusted Data |
Yes |
| 61 | #VU93817 Template Injection |
CVE-2024-23692 | rejetto |
HFS
File servers (FTP/HTTP) |
CWE-94 Improper Control of Generation of Code ('Code Injection') |
Yes |
| 62 | #VU82065 Improper Privilege Management |
CVE-2023-20198 | Cisco Systems, Inc |
Cisco IOS XE
Operating system |
CWE-269 Improper Privilege Management |
Yes |
| 63 | #VU79689 Arbitrary file upload |
CVE-2023-36846 | Juniper Networks, Inc. |
Juniper Junos OS
Operating system |
CWE-434 Unrestricted Upload of File with Dangerous Type |
Yes |
| 64 | #VU78373 Code Injection |
CVE-2023-3519 | Citrix |
Citrix NetScaler Gateway
Application servers |
CWE-94 Improper Control of Generation of Code ('Code Injection') |
Yes |
| 65 | #VU88869 External Control of File Name or Path |
CVE-2024-4040 | CrushFTP |
CrushFTP
File servers (FTP/HTTP) |
CWE-73 External Control of File Name or Path |
Yes |
| 66 | #VU93907 Integer overflow |
CVE-2024-38080 | Microsoft |
Windows
Operating system |
CWE-190 Integer overflow |
No |
| 67 | #VU93368 Improper Authentication |
CVE-2024-5806 | Progress Software Corporation |
MOVEit Transfer
File servers (FTP/HTTP) |
CWE-287 Improper Authentication |
Yes |
| 68 | #VU75421 Information disclosure |
CVE-2023-28432 | minio.io |
minio
Other software solutions |
CWE-200 Information exposure |
Yes |
| 69 | #VU87917 Embedded malicious code (backdoor) |
CVE-2024-3094 | tukaani.org |
XZ Utils
Libraries used by multiple products |
CWE-506 Embedded Malicious Code |
Yes |
| 70 | #VU93587 Path traversal |
CVE-2024-0769 | D-Link |
DIR-859
Routers for home users |
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
No |
| 71 | #VU81728 Resource exhaustion |
CVE-2023-44487 | Cloud Native Computing Foundation |
envoy
IDS/IPS systems, Firewalls and proxy servers |
CWE-400 Resource exhaustion |
Yes |
| 72 | #VU85413 Template injection |
CVE-2023-22527 | Atlassian |
Atlassian Confluence Server
Web servers |
CWE-94 Improper Control of Generation of Code ('Code Injection') |
Yes |
| 73 | #VU70120 Heap-based buffer overflow |
CVE-2022-42475 | Fortinet, Inc |
FortiOS
Operating system |
CWE-122 Heap-based Buffer Overflow |
Yes |
| 74 | #VU72170 Buffer overflow |
CVE-2023-21823 | Microsoft |
Windows
Operating system |
CWE-119 Memory corruption |
Yes |
| 75 | #VU81437 Buffer overflow |
CVE-2023-4911 | GNU |
Glibc
Libraries used by multiple products |
CWE-119 Memory corruption |
Yes |
| 76 | #VU93486 Code Injection |
CVE-2022-24816 | GeoSolutions |
jai-ext
Software for developers |
CWE-94 Improper Control of Generation of Code ('Code Injection') |
No |
| 77 | #VU66396 Use-after-free |
CVE-2022-2586 | Linux Foundation |
Linux kernel
Operating system |
CWE-416 Use After Free |
Yes |
| 78 | #VU76500 OS Command Injection |
CVE-2023-2868 | Barracuda Networks |
Email Security Gateway (ESG)
DLP, anti-spam, sniffers |
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
Yes |
| 79 | #VU81926 Buffer overflow |
CVE-2023-4966 | Citrix |
Citrix Netscaler ADC
Software for system administration |
CWE-119 Memory corruption |
Yes |
| 80 | #VU77225 Improper Authentication |
CVE-2023-29357 | Microsoft |
Microsoft SharePoint Server
Application servers |
CWE-287 Improper Authentication |
Yes |
| 81 | #VU80658 Buffer overflow |
CVE-2023-36802 | Microsoft |
Windows
Operating system |
CWE-119 Memory corruption |
Yes |
| 82 | #VU86278 Out-of-bounds write |
CVE-2024-21762 | Fortinet, Inc |
FortiOS
Operating system |
CWE-787 Out-of-bounds write |
Yes |
| 83 | #VU72192 Buffer overflow |
CVE-2023-21716 | Microsoft |
Microsoft Office
Office applications |
CWE-119 Memory corruption |
Yes |
| 84 | #VU85886 Path traversal |
CVE-2024-23334 | aio-libs |
aiohttp
Other software solutions |
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
Yes |
| 85 | #VU62638 Arbitrary file upload |
CVE-2022-29464 | WSO2 Inc. |
WSO2 API Manager
Other software |
CWE-434 Unrestricted Upload of File with Dangerous Type |
Yes |
| 86 | #VU63958 Code Injection |
CVE-2022-26134 | Atlassian |
Atlassian Confluence Server
Web servers |
CWE-94 Improper Control of Generation of Code ('Code Injection') |
Yes |
| 87 | #VU60982 Code Injection |
CVE-2022-22947 | VMware, Inc |
Spring Cloud Gateway
Other server solutions |
CWE-94 Improper Control of Generation of Code ('Code Injection') |
Yes |
| 88 | #VU85286 Improper Authentication |
CVE-2023-46805 | Ivanti |
Ivanti Connect Secure (formerly Pulse Connect Secure)
Remote access servers, VPN |
CWE-287 Improper Authentication |
Yes |
| 89 | #VU85287 OS Command Injection |
CVE-2024-21887 | Ivanti |
Ivanti Connect Secure (formerly Pulse Connect Secure)
Remote access servers, VPN |
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
Yes |
| 90 | #VU92742 Use after free |
CVE-2022-1043 | Linux Foundation |
Linux kernel
Operating system |
CWE-416 Use After Free |
Yes |
| 91 | #VU61690 Incorrect default permissions |
CVE-2022-22948 | VMware, Inc |
vCenter Server
Virtualization software |
CWE-276 Incorrect Default Permissions |
Yes |
| 92 | #VU86469 Input validation error |
CVE-2024-21378 | Microsoft |
Microsoft Outlook
Office applications |
CWE-20 Improper input validation |
Yes |
| 93 | #VU71774 Deserialization of Untrusted Data |
CVE-2023-0669 | Fortra |
GoAnywhere MFT
Remote access servers, VPN |
CWE-502 Deserialization of Untrusted Data |
Yes |
| 94 | #VU75461 OS Command Injection |
CVE-2023-28771 | ZyXEL Communications Corp. |
VPN series
Antivirus software/Personal firewalls |
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
Yes |
| 95 | #VU83960 Path traversal |
CVE-2023-50164 | Apache Foundation |
Apache Struts
Frameworks for developing and running applications |
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
Yes |
| 96 | #VU87370 Permissions, Privileges, and Access Controls |
CVE-2024-26169 | Microsoft |
Windows
Operating system |
CWE-264 Permissions, Privileges, and Access Controls |
No |
| 97 | #VU91799 Improper input validation |
CVE-2024-32896 |
Pixel
Mobile firmware & hardware |
CWE-20 Improper input validation |
No | |
| 98 | #VU91689 Use-after-free |
CVE-2024-4610 | ARM |
Bifrost GPU Kernel Driver
Drivers |
CWE-416 Use After Free |
No |
| 99 | #VU70998 Permissions, Privileges, and Access Controls |
CVE-2023-21746 | Microsoft |
Windows
Operating system |
CWE-264 Permissions, Privileges, and Access Controls |
Yes |
| 100 | #VU91291 Code Injection |
CVE-2019-9082 | ThinkPHP |
ThinkPHP5 Framework
CMS |
CWE-94 Improper Control of Generation of Code ('Code Injection') |
Yes |