TOP-100 known vulnerabilities exploited in the wild (KEV)

Cybersecurity Help has compiled a list of TOP-100 vulnerabilities that are known to be exploited in the wild. This page is being updated in real time to reflect all changes in our vulnerability database.

Updated: 2 days ago

# EUVDB-ID CVE-ID Vendor Software Vulnerability type Public exploit
1 #VU91592
Authentication Bypass by Spoofing
CVE-2024-4358 Progress Telerik Report Server
Other server solutions
CWE-290
Authentication Bypass by Spoofing
Yes
2 #VU89894
Path traversal
CVE-2024-24919 Check Point Software Technologies Gaia
Operating system
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Yes
3 #VU72333
Improper access control
CVE-2023-23752 Joomla! Joomla!
CMS
CWE-284
Improper Access Control
Yes
4 #VU86469
Input validation error
CVE-2024-21378 Microsoft Microsoft Outlook
Office applications
CWE-20
Improper input validation
Yes
5 #VU85319
Improper access control
CVE-2023-7028 GitLab, Inc GitLab Enterprise Edition
Software for developers
CWE-284
Improper Access Control
Yes
6 #VU71774
Deserialization of Untrusted Data
CVE-2023-0669 Fortra GoAnywhere MFT
Remote access servers, VPN
CWE-502
Deserialization of Untrusted Data
Yes
7 #VU75461
OS Command Injection
CVE-2023-28771 ZyXEL Communications Corp. VPN series
Antivirus software/Personal firewalls
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Yes
8 #VU86459
Buffer overflow
CVE-2024-21338 Microsoft Windows
Operating system
CWE-119
Memory corruption
Yes
9 #VU83960
Path traversal
CVE-2023-50164 Apache Foundation Apache Struts
Frameworks for developing and running applications
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Yes
10 #VU91106
OS Command Injection
CVE-2024-4577 PHP Group PHP
Scripting languages
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Yes
11 #VU87370
Permissions, Privileges, and Access Controls
CVE-2024-26169 Microsoft Windows
Operating system
CWE-264
Permissions, Privileges, and Access Controls
No
12 #VU91799
Improper input validation
CVE-2024-32896 Google Pixel
Mobile firmware & hardware
CWE-20
Improper input validation
No
13 #VU91689
Use-after-free
CVE-2024-4610 ARM Bifrost GPU Kernel Driver
Drivers
CWE-416
Use After Free
No
14 #VU70998
Permissions, Privileges, and Access Controls
CVE-2023-21746 Microsoft Windows
Operating system
CWE-264
Permissions, Privileges, and Access Controls
Yes
15 #VU91291
Code Injection
CVE-2019-9082 ThinkPHP ThinkPHP5 Framework
CMS
CWE-94
Improper Control of Generation of Code ('Code Injection')
Yes
16 #VU80637
Heap-based buffer overflow
CVE-2023-4863 Google Google Chrome
Web browsers
CWE-122
Heap-based Buffer Overflow
Yes
17 #VU80637
Heap-based buffer overflow
CVE-2023-5129 Google Google Chrome
Web browsers
CWE-122
Heap-based Buffer Overflow
Yes
18 #VU86577
Use-after-free
CVE-2024-1086 Linux Foundation Linux kernel
Operating system
CWE-416
Use After Free
Yes
19 #VU76967
Type Confusion
CVE-2023-3079 Google Google Chromium
Web browsers
CWE-843
Type confusion
Yes
20 #VU60580
Code Injection
CVE-2022-24112 Apache Foundation Apache APISIX
Other server solutions
CWE-94
Improper Control of Generation of Code ('Code Injection')
Yes
21 #VU77175
Heap-based buffer overflow
CVE-2023-27997 Fortinet, Inc FortiOS
Operating system
CWE-122
Heap-based Buffer Overflow
Yes
22 #VU85166
Insecure default initialization of resource
CVE-2023-27524 Apache Foundation Apache Superset
Other software
CWE-1188
Insecure Default Initialization of Resource
Yes
23 #VU73597
Improper access control
CVE-2023-26360 Adobe ColdFusion
Application servers
CWE-284
Improper Access Control
Yes
24 #VU86914
Code Injection
CVE-2024-25600 bricksbuilder.io Bricks Builder
Modules and components for CMS
CWE-94
Improper Control of Generation of Code ('Code Injection')
Yes
25 #VU81631
Improper Authentication
CVE-2023-22515 Atlassian Confluence Data Center
Other server solutions
CWE-287
Improper Authentication
Yes
26 #VU88316
Protection mechanism failure
CVE-2024-29988 Microsoft Windows
Operating system
CWE-693
Protection Mechanism Failure
Yes
27 #VU86398
Security features bypass
CVE-2024-21412 Microsoft Windows
Operating system
CWE-254
Security Features
Yes
28 #VU86282
XML External Entity injection
CVE-2024-22024 Ivanti Ivanti Policy Secure (formerly Pulse Policy Secure)
Remote access servers, VPN
CWE-611
Improper Restriction of XML External Entity Reference ('XXE')
Yes
29 #VU88506
Command Injection
CVE-2024-3400 Palo Alto Networks, Inc. Palo Alto PAN-OS
Operating system
CWE-77
Command injection
Yes
30 #VU85413
Template injection
CVE-2023-22527 Atlassian Atlassian Confluence Server
Web servers
CWE-94
Improper Control of Generation of Code ('Code Injection')
Yes
31 #VU72230
Input validation error
CVE-2023-21800 Microsoft Windows Server
Operating system
CWE-20
Improper input validation
No
32 #VU89914
Deserialization of Untrusted Data
CVE-2015-7450 Apache Foundation Apache Commons Collections
Software for developers
CWE-502
Deserialization of Untrusted Data
Yes
33 #VU89806
Embedded malicious code (backdoor)
CVE-2024-4978 Justice AV Solutions JAVS Viewer
Multimedia software
CWE-506
Embedded Malicious Code
No
34 #VU89791
Type Confusion
CVE-2024-5274 Google Google Chromium
Web browsers
CWE-843
Type confusion
No
35 #VU75900
Use-after-free
CVE-2023-29336 Microsoft Windows
Operating system
CWE-416
Use After Free
Yes
36 #VU82690
Deserialization of Untrusted Data
CVE-2023-46604 Apache Foundation ActiveMQ
Mail servers
CWE-502
Deserialization of Untrusted Data
Yes
37 #VU71002
Permissions, Privileges, and Access Controls
CVE-2023-21768 Microsoft Windows
Operating system
CWE-264
Permissions, Privileges, and Access Controls
Yes
38 #VU85287
OS Command Injection
CVE-2024-21887 Ivanti Ivanti Connect Secure (formerly Pulse Connect Secure)
Remote access servers, VPN
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Yes
39 #VU85286
Improper Authentication
CVE-2023-46805 Ivanti Ivanti Connect Secure (formerly Pulse Connect Secure)
Remote access servers, VPN
CWE-287
Improper Authentication
Yes
40 #VU81728
Resource exhaustion
CVE-2023-44487 Cloud Native Computing Foundation envoy
IDS/IPS systems, Firewalls and proxy servers
CWE-400
Resource exhaustion
Yes
41 #VU80950
Authentication bypass using an alternate path or channel
CVE-2023-42793 JetBrains s.r.o. TeamCity
CRM systems
CWE-288
Authentication Bypass Using an Alternate Path or Channel
Yes
42 #VU81437
Buffer overflow
CVE-2023-4911 GNU Glibc
Libraries used by multiple products
CWE-119
Memory corruption
Yes
43 #VU79925
Input validation error
CVE-2023-38831 RARLAB WinRAR
Software for archiving
CWE-20
Improper input validation
Yes
44 #VU89696
Input validation error
CVE-2013-2251 Apache Foundation Apache Struts
Frameworks for developing and running applications
CWE-20
Improper input validation
Yes
45 #VU89636
Cross-site request forgery
CVE-2014-100005 D-Link Dir-600
Routers & switches, VoIP, GSM, etc
CWE-352
Cross-Site Request Forgery (CSRF)
No
46 #VU89637
Incorrect authorization
CVE-2021-40655 D-Link DIR-605
Routers & switches, VoIP, GSM, etc
CWE-863
Incorrect Authorization
No
47 #VU86457
Permissions, Privileges, and Access Controls
CVE-2024-21345 Microsoft Windows Server
Operating system
CWE-264
Permissions, Privileges, and Access Controls
Yes
48 #VU78203
Information disclosure
CVE-2023-32041 Microsoft Windows
Operating system
CWE-200
Information exposure
No
49 #VU89571
Type Confusion
CVE-2024-4947 Google Google Chromium
Web browsers
CWE-843
Type confusion
No
50 #VU88366
OS Command Injection
CVE-2024-24576 Rust Team Rust Programming Language
Programming Languages & Components
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Yes
51 #VU89420
Out-of-bounds write
CVE-2024-4761 Google Google Chromium
Web browsers
CWE-787
Out-of-bounds write
No
52 #VU89437
Security features bypass
CVE-2024-30040 Microsoft Microsoft Internet Explorer
Web browsers
CWE-254
Security Features
No
53 #VU89435
Heap-based buffer overflow
CVE-2024-30051 Microsoft Windows
Operating system
CWE-122
Heap-based Buffer Overflow
No
54 #VU70900
Buffer overflow
CVE-2023-21674 Microsoft Windows
Operating system
CWE-119
Memory corruption
Yes
55 #VU81244
Heap-based buffer overflow
CVE-2023-5217 Google Google Chromium
Web browsers
CWE-122
Heap-based Buffer Overflow
Yes
56 #VU81244
Heap-based buffer overflow
CVE-2023-44488 Google Google Chromium
Web browsers
CWE-122
Heap-based Buffer Overflow
Yes
57 #VU75142
Type Confusion
CVE-2023-2033 Google Google Chromium
Web browsers
CWE-843
Type confusion
Yes
58 #VU79810
Improper Authentication
CVE-2023-38035 Ivanti MobileIron Sentry
IDS/IPS systems, Firewalls and proxy servers
CWE-287
Improper Authentication
Yes
59 #VU87116
Improper Authentication
CVE-2024-27198 JetBrains s.r.o. TeamCity
CRM systems
CWE-287
Improper Authentication
Yes
60 #VU75418
Improper access control
CVE-2023-27350 PaperCut Software PaperCut MF
Other software solutions
CWE-284
Improper Access Control
Yes
61 #VU82544
Authentication bypass using an alternate path or channel
CVE-2023-46747 F5 Networks BIG-IP
Firmware
CWE-288
Authentication Bypass Using an Alternate Path or Channel
Yes
62 #VU85886
Path traversal
CVE-2024-23334 aio-libs aiohttp
Other software solutions
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Yes
63 #VU80463
Type Confusion
CVE-2023-4762 Google Google Chromium
Web browsers
CWE-843
Type confusion
Yes
64 #VU82545
Cross-site scripting
CVE-2023-43770 Roundcube Roundcube
Webmail solutions
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Yes
65 #VU88869
External Control of File Name or Path
CVE-2024-4040 CrushFTP CrushFTP
File servers (FTP/HTTP)
CWE-73
External Control of File Name or Path
Yes
66 #VU82592
Improper Authorization
CVE-2023-22518 Atlassian Confluence Data Center
Other server solutions
CWE-285
Improper Authorization
Yes
67 #VU76765
SQL injection
CVE-2023-34362 Progress Software Corporation MOVEit Transfer
File servers (FTP/HTTP)
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Yes
68 #VU74450
OS Command Injection
CVE-2023-1671 Sophos Sophos Web Appliance (SWA)
Server solutions for antivurus protection
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Yes
69 #VU89324
Use-after-free
CVE-2024-4671 Google Google Chromium
Web browsers
CWE-416
Use After Free
No
70 #VU84799
Untrusted search path
CVE-2023-48670 Dell SupportAssist for Home PCs
Other software solutions
CWE-426
Untrusted Search Path
No
71 #VU71318
Improper input validation
CVE-2023-21839 Oracle Oracle WebLogic Server
Application servers
CWE-20
Improper input validation
Yes
72 #VU72065
Code Injection
CVE-2022-35914 glpi-project GLPI
CRM systems
CWE-94
Improper Control of Generation of Code ('Code Injection')
Yes
73 #VU75421
Information disclosure
CVE-2023-28432 minio.io minio
Other software solutions
CWE-200
Information exposure
Yes
74 #VU73718
Command Injection
CVE-2023-1389 TP-Link Archer AX21
Routers & switches, VoIP, GSM, etc
CWE-77
Command injection
Yes
75 #VU80658
Buffer overflow
CVE-2023-36802 Microsoft Windows
Operating system
CWE-119
Memory corruption
Yes
76 #VU82065
Improper Privilege Management
CVE-2023-20198 Cisco Systems, Inc Cisco IOS XE
Operating system
CWE-269
Improper Privilege Management
Yes
77 #VU77558
OS Command Injection
CVE-2023-38198 Neilpang (neil) acme.sh
Other software solutions
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
No
78 #VU88717
Improper input validation
CVE-2024-21111 Oracle Oracle VM VirtualBox
Virtualization software
CWE-20
Improper input validation
No
79 #VU88980
Code Injection
CVE-2024-20359 Cisco Systems, Inc Cisco Adaptive Security Appliance (ASA)
Security hardware applicances
CWE-94
Improper Control of Generation of Code ('Code Injection')
No
80 #VU88981
Infinite loop
CVE-2024-20353 Cisco Systems, Inc Cisco Adaptive Security Appliance (ASA)
Security hardware applicances
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
No
81 #VU83143
Input validation error
CVE-2023-36038 Microsoft Visual Studio
Software for developers
CWE-20
Improper input validation
No
82 #VU88961
Cleartext transmission of sensitive information
N/A MicroWorld Technologies eScan
Antivirus software/Personal firewalls
CWE-319
Cleartext Transmission of Sensitive Information
No
83 #VU88919
Resource exhaustion
CVE-2006-1547 Apache Foundation Apache Struts
Frameworks for developing and running applications
CWE-400
Resource exhaustion
No
84 #VU68237
Permissions, Privileges, and Access Controls
CVE-2022-38028 Microsoft Windows
Operating system
CWE-264
Permissions, Privileges, and Access Controls
No
85 #VU87359
SQL injection
CVE-2023-48788 Fortinet, Inc FortiClientEMS
Other software solutions
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Yes
86 #VU86278
Out-of-bounds write
CVE-2024-21762 Fortinet, Inc FortiOS
Operating system
CWE-787
Out-of-bounds write
Yes
87 #VU87917
Embedded malicious code (backdoor)
CVE-2024-3094 tukaani.org XZ Utils
Libraries used by multiple products
CWE-506
Embedded Malicious Code
Yes
88 #VU78978
Buffer overflow
CVE-2023-3824 PHP Group PHP
Scripting languages
CWE-119
Memory corruption
No
89 #VU88210
OS Command Injection
CVE-2024-3273 D-Link D-Link DNS-320L
Routers for home users
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Yes
90 #VU88209
Use of hard-coded credentials
CVE-2024-3272 D-Link D-Link DNS-320L
Routers for home users
CWE-798
Use of Hard-coded Credentials
Yes
91 #VU88379
Improper access control
CVE-2024-26234 Microsoft Windows
Operating system
CWE-284
Improper Access Control
No
92 #VU83566
Information disclosure
CVE-2023-49103 ownCloud Graph API
Programming Languages & Components
CWE-200
Information exposure
Yes
93 #VU78074
Buffer overflow
CVE-2023-36874 Microsoft Windows
Operating system
CWE-119
Memory corruption
Yes
94 #VU86688
Authentication bypass using an alternate path or channel
CVE-2024-1709 ConnectWise ScreenConnect
Software for system administration
CWE-288
Authentication Bypass Using an Alternate Path or Channel
Yes
95 #VU79688
Input validation error
CVE-2023-36845 Juniper Networks, Inc. Juniper Junos OS
Operating system
CWE-20
Improper input validation
Yes
96 #VU85962
Server-Side Request Forgery (SSRF)
CVE-2024-21893 Ivanti Ivanti Connect Secure (formerly Pulse Connect Secure)
Remote access servers, VPN
CWE-918
Server-Side Request Forgery (SSRF)
Yes
97 #VU88076
Improper input validation
CVE-2024-29748 Google Pixel
Mobile firmware & hardware
CWE-20
Improper input validation
No
98 #VU88085
Information exposure
CVE-2024-29745 Google Pixel
Mobile firmware & hardware
CWE-200
Information exposure
No
99 #VU61217
Permissions, Privileges, and Access Controls
CVE-2022-22942 Linux Foundation Linux kernel
Operating system
CWE-264
Permissions, Privileges, and Access Controls
Yes
100 #VU77225
Improper Authentication
CVE-2023-29357 Microsoft Microsoft SharePoint Server
Application servers
CWE-287
Improper Authentication
Yes