Cybersecurity Help has compiled a list of TOP-100 vulnerabilities that are known to be exploited in the wild. This page is being updated in real time to reflect all changes in our vulnerability database.
# | EUVDB-ID | CVE-ID | Vendor | Software | Vulnerability type | Public exploit |
1 | #VU101038 Path traversal |
CVE-2024-11667 | ZyXEL Communications Corp. |
USG FLEX series
Antivirus software/Personal firewalls |
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
No |
2 | #VU101094 Cross-site scripting |
CVE-2014-2120 | Cisco Systems, Inc |
Cisco Adaptive Security Appliance (ASA)
Security hardware applicances |
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
No |
3 | #VU99287 Missing authentication for critical function |
CVE-2024-47575 | Fortinet, Inc |
FortiManager
IDS/IPS systems, Firewalls and proxy servers |
CWE-306 Missing Authentication for Critical Function |
Yes |
4 | #VU94353 Code Injection |
CVE-2024-36401 | geoserver |
geoserver
Other software solutions |
CWE-94 Improper Control of Generation of Code ('Code Injection') |
Yes |
5 | #VU100213 OS Command Injection |
CVE-2024-10914 | D-Link |
D-Link DNS-320
Firmware |
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
Yes |
6 | #VU99595 Improper authentication |
CVE-2024-51567 | CyberPanel |
CyberPanel
Remote management & hosting panels |
CWE-287 Improper Authentication |
Yes |
7 | #VU98333 Use-after-free |
CVE-2024-9680 | Mozilla |
Firefox for Android
Apps for mobile phones |
CWE-416 Use After Free |
Yes |
8 | #VU82065 Improper Privilege Management |
CVE-2023-20198 | Cisco Systems, Inc |
Cisco IOS XE
Operating system |
CWE-269 Improper Privilege Management |
Yes |
9 | #VU100597 Improper authentication |
CVE-2024-1212 | Progress Software Corporation |
LoadMaster
Other server solutions |
CWE-287 Improper Authentication |
Yes |
10 | #VU85886 Path traversal |
CVE-2024-23334 | aio-libs |
aiohttp
Other software solutions |
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
Yes |
11 | #VU91106 OS Command Injection |
CVE-2024-4577 | PHP Group |
PHP
Scripting languages |
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
Yes |
12 | #VU101016 Improper Authentication |
CVE-2024-11680 | ProjectSend |
ProjectSend
Other software |
CWE-287 Improper Authentication |
No |
13 | #VU100669 Input validation error |
CVE-2024-44308 | WebKitGTK |
WebKitGTK+
Frameworks for developing and running applications |
CWE-20 Improper input validation |
No |
14 | #VU100668 Universal cross-site scripting |
CVE-2024-44309 | WebKitGTK |
WebKitGTK+
Frameworks for developing and running applications |
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
No |
15 | #VU82199 XML External Entity injection |
CVE-2023-45727 | North Grid Corporation |
Proself Enterprise Edition
Database software |
CWE-611 Improper Restriction of XML External Entity Reference ('XXE') |
No |
16 | #VU100948 Improper Authentication |
CVE-2023-28461 | Array Networks |
ArrayOS
Routers for home users |
CWE-287 Improper Authentication |
No |
17 | #VU96722 OS Command Injection |
CVE-2024-42057 | ZyXEL Communications Corp. |
USG FLEX series
Antivirus software/Personal firewalls |
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
No |
18 | #VU100596 Improper authentication |
CVE-2024-0012 | Palo Alto Networks, Inc. |
Palo Alto PAN-OS
Operating system |
CWE-287 Improper Authentication |
Yes |
19 | #VU100528 OS Command Injection |
CVE-2024-9474 | Palo Alto Networks, Inc. |
Palo Alto PAN-OS
Operating system |
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
Yes |
20 | #VU80954 Improper access control |
CVE-2021-22941 | Citrix |
ShareFile storage zones controller
File servers (FTP/HTTP) |
CWE-284 Improper Access Control |
Yes |
21 | #VU100270 Improper Authentication |
CVE-2024-49039 | Microsoft |
Windows
Operating system |
CWE-287 Improper Authentication |
Yes |
22 | #VU63784 OS Command Injection |
CVE-2022-30190 | Microsoft |
Windows
Operating system |
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
Yes |
23 | #VU73511 Information disclosure |
CVE-2023-23397 | Microsoft |
Microsoft Office
Office applications |
CWE-200 Information exposure |
Yes |
24 | #VU72192 Buffer overflow |
CVE-2023-21716 | Microsoft |
Microsoft Office
Office applications |
CWE-119 Memory corruption |
Yes |
25 | #VU95833 Use-after-free |
CVE-2024-38193 | Microsoft |
Windows
Operating system |
CWE-416 Use After Free |
Yes |
26 | #VU85166 Insecure default initialization of resource |
CVE-2023-27524 | Apache Foundation |
Apache Superset
Other software |
CWE-1188 Insecure Default Initialization of Resource |
Yes |
27 | #VU81631 Improper Authentication |
CVE-2023-22515 | Atlassian |
Confluence Data Center
Other server solutions |
CWE-287 Improper Authentication |
Yes |
28 | #VU89637 Incorrect authorization |
CVE-2021-40655 | D-Link |
DIR-605
Routers & switches, VoIP, GSM, etc |
CWE-863 Incorrect Authorization |
No |
29 | #VU89636 Cross-site request forgery |
CVE-2014-100005 | D-Link |
Dir-600
Routers & switches, VoIP, GSM, etc |
CWE-352 Cross-Site Request Forgery (CSRF) |
No |
30 | #VU97446 Heap-based buffer overflow |
CVE-2024-38812 | VMware, Inc |
vCenter Server
Virtualization software |
CWE-122 Heap-based Buffer Overflow |
No |
31 | #VU97447 Input validation error |
CVE-2024-38813 | VMware, Inc |
vCenter Server
Virtualization software |
CWE-20 Improper input validation |
No |
32 | #VU100691 Missing Authorization |
CVE-2024-21287 | Oracle |
Oracle Agile PLM Framework
Software for developers |
CWE-862 Missing Authorization |
No |
33 | #VU100580 OS Command Injection |
CVE-2024-11120 | GeoVision |
GV-VS12
Office equipment, IP-phones, print servers |
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
No |
34 | #VU100575 Unprotected storage of credentials |
N/A | Fortinet, Inc |
Fortinet FortiClient for Windows
Other server solutions |
CWE-256 Unprotected Storage of Credentials |
No |
35 | #VU77175 Heap-based buffer overflow |
CVE-2023-27997 | Fortinet, Inc |
FortiOS
Operating system |
CWE-122 Heap-based Buffer Overflow |
Yes |
36 | #VU89681 Cross-site scripting |
CVE-2024-37383 | Roundcube |
Roundcube
Webmail solutions |
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
Yes |
37 | #VU97617 Path traversal |
CVE-2024-8963 | Ivanti |
Ivanti Cloud Services Appliance (CSA)
Server solutions for antivurus protection |
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
Yes |
38 | #VU98383 OS Command Injection |
CVE-2024-9463 | Palo Alto Networks, Inc. |
Expedition
Other client software |
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
No |
39 | #VU98385 SQL injection |
CVE-2024-9465 | Palo Alto Networks, Inc. |
Expedition
Other client software |
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
Yes |
40 | #VU94368 Missing Authentication for Critical Function |
CVE-2024-5910 | Palo Alto Networks, Inc. |
Expedition
Other client software |
CWE-306 Missing Authentication for Critical Function |
Yes |
41 | #VU100276 Information disclosure |
CVE-2024-43451 | Microsoft |
Microsoft Internet Explorer
Web browsers |
CWE-200 Information exposure |
No |
42 | #VU99973 Improper privilege management |
CVE-2020-14979 | EVGA |
Precision X1
Drivers |
CWE-269 Improper Privilege Management |
No |
43 | #VU99974 Improper privilege management |
CVE-2021-41285 | Micron Technology |
Ballistix MOD Utility
Software for system administration |
CWE-269 Improper Privilege Management |
No |
44 | #VU82544 Authentication bypass using an alternate path or channel |
CVE-2023-46747 | F5 Networks |
BIG-IP
Firmware |
CWE-288 Authentication Bypass Using an Alternate Path or Channel |
Yes |
45 | #VU82690 Deserialization of Untrusted Data |
CVE-2023-46604 | Apache Foundation |
ActiveMQ
Mail servers |
CWE-502 Deserialization of Untrusted Data |
Yes |
46 | #VU81437 Buffer overflow |
CVE-2023-4911 | GNU |
Glibc
Libraries used by multiple products |
CWE-119 Memory corruption |
Yes |
47 | #VU99699 Improper input validation |
CVE-2024-43093 |
Google Android
Operating system |
CWE-20 Improper input validation |
No | |
48 | #VU99597 Improper Authentication |
CVE-2024-51378 | CyberPanel |
CyberPanel
Remote management & hosting panels |
CWE-287 Improper Authentication |
Yes |
49 | #VU99606 Improper Authentication |
CVE-2024-8956 | PTZOptics |
PT30X-SDI/NDI-xx
Office equipment, IP-phones, print servers |
CWE-287 Improper Authentication |
No |
50 | #VU99607 OS Command Injection |
CVE-2024-8957 | PTZOptics |
PT30X-SDI/NDI-xx
Office equipment, IP-phones, print servers |
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
No |
51 | #VU96465 Use of hard-coded credentials |
CVE-2024-28987 | SolarWinds |
Web Help Desk
Other software |
CWE-798 Use of Hard-coded Credentials |
Yes |
52 | #VU80950 Authentication bypass using an alternate path or channel |
CVE-2023-42793 | JetBrains s.r.o. |
TeamCity
CRM systems |
CWE-288 Authentication Bypass Using an Alternate Path or Channel |
Yes |
53 | #VU86279 Format string error |
CVE-2024-23113 | Fortinet, Inc |
FortiOS
Operating system |
CWE-134 Use of Externally-Controlled Format String |
Yes |
54 | #VU85786 Improper access control |
CVE-2024-23897 | Jenkins |
Jenkins
Application servers |
CWE-284 Improper Access Control |
Yes |
55 | #VU80463 Type Confusion |
CVE-2023-4762 |
Google Chromium
Web browsers |
CWE-843 Type confusion |
Yes | |
56 | #VU75418 Improper access control |
CVE-2023-27350 | PaperCut Software |
PaperCut MF
Other software solutions |
CWE-284 Improper Access Control |
Yes |
57 | #VU86914 Code Injection |
CVE-2024-25600 | bricksbuilder.io |
Bricks Builder
Modules and components for CMS |
CWE-94 Improper Control of Generation of Code ('Code Injection') |
Yes |
58 | #VU89894 Path traversal |
CVE-2024-24919 | Check Point Software Technologies |
Gaia
Operating system |
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
Yes |
59 | #VU73718 Command Injection |
CVE-2023-1389 | TP-Link |
Archer AX21
Routers & switches, VoIP, GSM, etc |
CWE-77 Command injection |
Yes |
60 | #VU71411 OS Command Injection |
CVE-2022-44877 | CWP - Control Web Panel |
CWP Panel
Other software solutions |
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
Yes |
61 | #VU88506 Command Injection |
CVE-2024-3400 | Palo Alto Networks, Inc. |
Palo Alto PAN-OS
Operating system |
CWE-77 Command injection |
Yes |
62 | #VU61754 Code Injection |
CVE-2022-22963 | VMware, Inc |
Spring Cloud Function
Other software |
CWE-94 Improper Control of Generation of Code ('Code Injection') |
Yes |
63 | #VU85319 Improper access control |
CVE-2023-7028 | GitLab, Inc |
GitLab Enterprise Edition
Software for developers |
CWE-284 Improper Access Control |
Yes |
64 | #VU71774 Deserialization of Untrusted Data |
CVE-2023-0669 | Fortra |
GoAnywhere MFT
Remote access servers, VPN |
CWE-502 Deserialization of Untrusted Data |
Yes |
65 | #VU85413 Template injection |
CVE-2023-22527 | Atlassian |
Atlassian Confluence Server
Web servers |
CWE-94 Improper Control of Generation of Code ('Code Injection') |
Yes |
66 | #VU72081 Deserialization of Untrusted Data |
CVE-2022-47986 | IBM Corporation |
IBM Aspera Faspex for Windows
Other software |
CWE-502 Deserialization of Untrusted Data |
Yes |
67 | #VU68070 Authentication bypass using an alternate path or channel |
CVE-2022-40684 | Fortinet, Inc |
FortiOS
Operating system |
CWE-288 Authentication Bypass Using an Alternate Path or Channel |
Yes |
68 | #VU73597 Improper access control |
CVE-2023-26360 | Adobe |
ColdFusion
Application servers |
CWE-284 Improper Access Control |
Yes |
69 | #VU70426 Improper Authorization |
CVE-2022-46169 | The Cacti Group, Inc. |
Cacti
Other software |
CWE-285 Improper Authorization |
Yes |
70 | #VU79688 Input validation error |
CVE-2023-36845 | Juniper Networks, Inc. |
Juniper Junos OS
Operating system |
CWE-20 Improper input validation |
Yes |
71 | #VU72065 Code Injection |
CVE-2022-35914 | glpi-project |
GLPI
CRM systems |
CWE-94 Improper Control of Generation of Code ('Code Injection') |
Yes |
72 | #VU72333 Improper access control |
CVE-2023-23752 | Joomla! |
Joomla!
CMS |
CWE-284 Improper Access Control |
Yes |
73 | #VU74450 OS Command Injection |
CVE-2023-1671 | Sophos |
Sophos Web Appliance (SWA)
Server solutions for antivurus protection |
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
Yes |
74 | #VU59392 Buffer overflow |
CVE-2022-21907 | Microsoft |
Windows
Web servers |
CWE-119 Memory corruption |
Yes |
75 | #VU70999 Permissions, Privileges, and Access Controls |
CVE-2023-21752 | Microsoft |
Windows
Operating system |
CWE-264 Permissions, Privileges, and Access Controls |
Yes |
76 | #VU86459 Buffer overflow |
CVE-2024-21338 | Microsoft |
Windows
Operating system |
CWE-119 Memory corruption |
Yes |
77 | #VU79925 Input validation error |
CVE-2023-38831 | RARLAB |
WinRAR
Software for archiving |
CWE-20 Improper input validation |
Yes |
78 | #VU66798 OS Command Injection |
CVE-2022-36804 | Atlassian |
Bitbucket Data Center
Other server solutions |
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
Yes |
79 | #VU99291 Missing Release of Resource after Effective Lifetime |
CVE-2024-20481 | Cisco Systems, Inc |
Cisco Adaptive Security Appliance (ASA)
Security hardware applicances |
CWE-772 Missing Release of Resource after Effective Lifetime |
No |
80 | #VU99260 Use-after-free |
CVE-2024-44068 | Samsung |
Exynos 980
Firmware |
CWE-416 Use After Free |
No |
81 | #VU93998 Deserialization of Untrusted Data |
CVE-2024-38094 | Microsoft |
Microsoft SharePoint Server
Application servers |
CWE-502 Deserialization of Untrusted Data |
No |
82 | #VU99246 Input validation error |
CVE-2024-9537 | ScienceLogic |
SL1
Other server solutions |
CWE-20 Improper input validation |
No |
83 | #VU86688 Authentication bypass using an alternate path or channel |
CVE-2024-1709 | ConnectWise |
ScreenConnect
Software for system administration |
CWE-288 Authentication Bypass Using an Alternate Path or Channel |
Yes |
84 | #VU88210 OS Command Injection |
CVE-2024-3273 | D-Link |
D-Link DNS-320L
Routers for home users |
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
Yes |
85 | #VU91983 XML External Entity injection |
CVE-2024-34102 | Magento, Inc |
Adobe Commerce (formerly Magento Commerce)
E-Commerce systems |
CWE-611 Improper Restriction of XML External Entity Reference ('XXE') |
Yes |
86 | #VU96908 Input validation error |
CVE-2024-40711 | Veeam |
Backup & Replication
Other server solutions |
CWE-20 Improper input validation |
Yes |
87 | #VU78978 Buffer overflow |
CVE-2023-3824 | PHP Group |
PHP
Scripting languages |
CWE-119 Memory corruption |
Yes |
88 | #VU95992 Incorrect Implementation of Authentication Algorithm |
CVE-2024-7593 | Ivanti |
Virtual Traffic Manager
Other software solutions |
CWE-303 Incorrect Implementation of Authentication Algorithm |
Yes |
89 | #VU91709 Time-of-check Time-of-use (TOCTOU) Race Condition |
CVE-2024-30088 | Microsoft |
Windows
Operating system |
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition |
Yes |
90 | #VU96803 OS Command Injection |
CVE-2024-45519 | Synacor Inc. |
Zimbra Collaboration
Webmail solutions |
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
Yes |
91 | #VU95165 Command Injection |
CVE-2024-7029 | AVTECH Corporation |
AVM1203
Security hardware applicances |
CWE-77 Command injection |
Yes |
92 | #VU83960 Path traversal |
CVE-2023-50164 | Apache Foundation |
Apache Struts
Frameworks for developing and running applications |
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
Yes |
93 | #VU87116 Improper Authentication |
CVE-2024-27198 | JetBrains s.r.o. |
TeamCity
CRM systems |
CWE-287 Improper Authentication |
Yes |
94 | #VU88869 External Control of File Name or Path |
CVE-2024-4040 | CrushFTP |
CrushFTP
File servers (FTP/HTTP) |
CWE-73 External Control of File Name or Path |
Yes |
95 | #VU81042 Buffer overflow |
CVE-2023-41993 | WebKitGTK |
WebKitGTK+
Frameworks for developing and running applications |
CWE-119 Memory corruption |
Yes |
96 | #VU94373 OS Command Injection |
CVE-2024-27348 | Apache Foundation |
HugeGraph-Server
Other server solutions |
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
Yes |
97 | #VU98158 Input validation error |
CVE-2024-43572 | Microsoft |
Windows
Operating system |
CWE-20 Improper input validation |
No |
98 | #VU98154 Universal cross-site scripting |
CVE-2024-43573 | Microsoft |
Microsoft Internet Explorer
Web browsers |
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
No |
99 | #VU98151 SQL injection |
CVE-2024-9379 | Ivanti |
Ivanti Cloud Services Appliance (CSA)
Server solutions for antivurus protection |
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
No |
100 | #VU98152 OS Command Injection |
CVE-2024-9380 | Ivanti |
Ivanti Cloud Services Appliance (CSA)
Server solutions for antivurus protection |
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
No |