Every CVE on the CISA KEV catalog

The complete list of vulnerabilities CISA flags as being actively exploited.

Last updated 6/5/2026, 3:38:37 AM

—CVE-2026-45247Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability6/3/2026
—CVE-2025-48595EPSS 0.01%Android Framework Integer Overflow Vulnerability6/2/2026
HIGH7.8CVE-2022-0492EPSS 5.2%Linux Kernel Improper Authentication Vulnerability6/2/2026
—CVE-2024-21182EPSS 89.6%Oracle WebLogic Server Unspecified Vulnerability6/1/2026
—CVE-2026-0257EPSS 36.3%Palo Alto Networks PAN-OS Authentication Bypass Vulnerability5/29/2026
—CVE-2026-48027EPSS 32.1%Nx Console Embedded Malicious Code Vulnerability5/27/2026
CRITICAL9.6CVE-2026-45321EPSS 17.1%Malware in @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys5/27/2026
—CVE-2026-8398EPSS 15.5%Daemon Tools Lite Embedded Malicious Code Vulnerability5/27/2026
—CVE-2026-48172EPSS 8.0%LiteSpeed cPanel Plugin Privilege Escalation Vulnerability5/26/2026
CRITICAL9.8CVE-2026-9082EPSS 13.0%Drupal Core SQL Injection Vulnerability5/22/2026
HIGH8.8CVE-2025-34291EPSS 32.7%Langflow CORS misconfiguration enables Account Takeover and RCE5/21/2026
—CVE-2026-34926EPSS 1.0%Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability5/21/2026
—CVE-2008-4250EPSS 92.1%Microsoft Windows Buffer Overflow Vulnerability5/20/2026
—CVE-2009-3459EPSS 88.1%Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability5/20/2026
—CVE-2026-45498EPSS 4.1%Microsoft Defender Denial of Service Vulnerability5/20/2026
—CVE-2010-0806EPSS 87.3%Microsoft Internet Explorer Use-After-Free Vulnerability5/20/2026
—CVE-2010-0249EPSS 88.8%Microsoft Internet Explorer Use-After-Free Vulnerability5/20/2026
—CVE-2026-41091EPSS 8.0%Microsoft Defender Link Following Vulnerability5/20/2026
—CVE-2009-1537EPSS 53.0%Microsoft DirectX NULL Byte Overwrite Vulnerability5/20/2026
—CVE-2026-42897EPSS 8.2%Microsoft Exchange Server Cross-Site Scripting Vulnerability5/15/2026
—CVE-2026-20182EPSS 80.5%Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability5/14/2026
CRITICAL9.8CVE-2026-42208EPSS 56.9%LiteLLM has SQL Injection in Proxy API key verification5/8/2026
—CVE-2026-6973EPSS 4.9%Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability5/7/2026
—CVE-2026-0300EPSS 4.5%Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability5/6/2026
HIGH7.8CVE-2026-31431EPSS 2.2%Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability5/1/2026
—CVE-2026-41940EPSS 90.8%WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability4/30/2026
—CVE-2026-32202EPSS 56.8%Microsoft Windows Protection Mechanism Failure Vulnerability4/28/2026
—CVE-2024-1708EPSS 85.0%ConnectWise ScreenConnect Path Traversal Vulnerability4/28/2026
—CVE-2024-57728EPSS 53.9%SimpleHelp Path Traversal Vulnerability4/24/2026
—CVE-2024-7399EPSS 70.7%Samsung MagicINFO 9 Server Path Traversal Vulnerability4/24/2026
—CVE-2024-57726EPSS 39.4%SimpleHelp Missing Authorization Vulnerability4/24/2026
—CVE-2025-29635EPSS 19.9%D-Link DIR-823X Command Injection Vulnerability4/24/2026
CRITICAL9.8CVE-2026-39987EPSS 82.2%Marimo: Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass4/23/2026
—CVE-2026-33825EPSS 7.1%Microsoft Defender Insufficient Granularity of Access Control Vulnerability4/22/2026
—CVE-2025-48700EPSS 18.2%Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability4/20/2026
—CVE-2026-20133EPSS 1.9%Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability4/20/2026
—CVE-2023-27351EPSS 83.3%PaperCut NG/MF Improper Authentication Vulnerability4/20/2026
—CVE-2025-32975EPSS 39.3%Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability4/20/2026
—CVE-2025-2749EPSS 4.9%Kentico Xperience Path Traversal Vulnerability4/20/2026
—CVE-2026-20122EPSS 1.3%Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability4/20/2026
—CVE-2026-20128EPSS 0.07%Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability4/20/2026
—CVE-2024-27199EPSS 90.9%JetBrains TeamCity Relative Path Traversal Vulnerability4/20/2026
HIGH8.8CVE-2026-34197EPSS 83.5%Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans4/16/2026
—CVE-2009-0238EPSS 72.9%Microsoft Office Remote Code Execution4/14/2026
—CVE-2026-32201EPSS 8.9%Microsoft SharePoint Server Improper Input Validation Vulnerability4/14/2026
—CVE-2025-60710EPSS 20.8%Microsoft Windows Link Following Vulnerability4/13/2026
—CVE-2023-36424EPSS 11.2%Microsoft Windows Out-of-Bounds Read Vulnerability4/13/2026
—CVE-2026-21643EPSS 62.5%Fortinet FortiClient EMS SQL Injection Vulnerability4/13/2026
—CVE-2012-1854EPSS 4.0%Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability4/13/2026
—CVE-2020-9715EPSS 76.2%Adobe Acrobat Use-After-Free Vulnerability4/13/2026
—CVE-2023-21529EPSS 27.6%Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability4/13/2026
—CVE-2026-34621EPSS 9.8%Adobe Acrobat and Reader Prototype Pollution Vulnerability4/13/2026
—CVE-2026-1340EPSS 69.7%Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability4/8/2026
—CVE-2026-35616EPSS 34.8%Fortinet FortiClient EMS Improper Access Control Vulnerability4/6/2026
—CVE-2026-3502EPSS 2.6%TrueConf Client Download of Code Without Integrity Check Vulnerability4/2/2026
HIGH8.8CVE-2026-5281EPSS 0.65%Google Dawn Use-After-Free Vulnerability4/1/2026
—CVE-2026-3055EPSS 89.9%Citrix NetScaler Out-of-Bounds Read Vulnerability3/30/2026
—CVE-2025-53521EPSS 8.8%F5 BIG-IP Stack-Based Buffer Overflow Vulnerability3/27/2026
—CVE-2026-33634EPSS 29.4%Trivy ecosystem supply chain was briefly compromised3/26/2026
CRITICAL9.8CVE-2026-33017EPSS 24.0%Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint3/25/2026
—CVE-2025-43510EPSS 0.30%Apple Multiple Products Improper Locking Vulnerability3/20/2026
CRITICAL10.0CVE-2025-32432EPSS 92.9%Craft CMS Allows Remote Code Execution3/20/2026
—CVE-2025-43520EPSS 0.27%Apple Multiple Products Classic Buffer Overflow Vulnerability3/20/2026
CRITICAL9.8CVE-2025-54068EPSS 58.9%Livewire is vulnerable to remote command execution during component property update hydration3/20/2026
HIGH8.8CVE-2025-31277EPSS 0.25%Apple Multiple Products Buffer Overflow Vulnerability3/20/2026
—CVE-2026-20131EPSS 1.4%Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability3/19/2026
—CVE-2026-20963EPSS 5.3%Microsoft SharePoint Deserialization of Untrusted Data Vulnerability3/18/2026
—CVE-2025-66376EPSS 10.9%Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability3/18/2026
—CVE-2025-47813EPSS 26.9%Wing FTP Server Information Disclosure Vulnerability3/16/2026
HIGH8.8CVE-2026-3910EPSS 3.2%Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability3/13/2026
HIGH8.8CVE-2026-3909EPSS 0.45%chromium - security update3/13/2026
CRITICAL9.9CVE-2025-68613EPSS 65.8%n8n Vulnerable to Remote Code Execution via Expression Injection3/11/2026
—CVE-2025-26399EPSS 26.7%SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability3/9/2026
—CVE-2026-1603EPSS 55.9%Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability3/9/2026
—CVE-2021-22054EPSS 93.8%Omnissa Workspace ONE Server-Side Request Forgery3/9/2026
—CVE-2021-22681EPSS 18.2%Rockwell Multiple Products Insufficient Protected Credentials Vulnerability3/5/2026
—CVE-2023-41974EPSS 0.22%Apple iOS and iPadOS Use-After-Free Vulnerability3/5/2026
HIGH7.8CVE-2021-30952EPSS 0.79%Apple Multiple Products Integer Overflow or Wraparound Vulnerability3/5/2026
—CVE-2017-7921EPSS 94.2%Hikvision Multiple Products Improper Authentication Vulnerability3/5/2026
HIGH8.8CVE-2023-43000EPSS 0.03%Apple Multiple products Use-After-Free Vulnerability3/5/2026
—CVE-2026-21385EPSS 0.23%Qualcomm Multiple Chipsets Memory Corruption Vulnerability3/3/2026
—CVE-2026-22719EPSS 1.9%Broadcom VMware Aria Operations Command Injection Vulnerability3/3/2026
—CVE-2026-20127EPSS 54.8%Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability2/25/2026
—CVE-2022-20775EPSS 0.35%Cisco SD-WAN Path Traversal Vulnerability2/25/2026
—CVE-2026-25108EPSS 8.4%Soliton Systems K.K FileZen OS Command Injection Vulnerability2/24/2026
MEDIUM6.1CVE-2025-68461EPSS 6.9%RoundCube Webmail Cross-site Scripting Vulnerability2/20/2026
CRITICAL9.9CVE-2025-49113EPSS 90.5%roundcube - security update2/20/2026
CRITICAL9.8CVE-2021-22175EPSS 80.0%GitLab Server-Side Request Forgery (SSRF) Vulnerability2/18/2026
—CVE-2026-22769EPSS 22.9%Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability2/18/2026
—CVE-2024-7694EPSS 1.2%TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability2/17/2026
—CVE-2020-7796EPSS 92.7%Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability2/17/2026
—CVE-2008-0015EPSS 81.6%Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability2/17/2026
HIGH8.8CVE-2026-2441EPSS 23.1%Google Chromium CSS Use-After-Free Vulnerability2/17/2026
—CVE-2026-1731EPSS 80.1%BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability2/13/2026
—CVE-2025-40536EPSS 67.5%SolarWinds Web Help Desk Security Control Bypass Vulnerability2/12/2026
—CVE-2025-15556EPSS 6.1%Notepad++ Download of Code Without Integrity Check Vulnerability2/12/2026
—CVE-2024-43468EPSS 83.1%Microsoft Configuration Manager SQL Injection Vulnerability2/12/2026
—CVE-2026-20700EPSS 0.43%Apple Multiple Buffer Overflow Vulnerability2/12/2026
—CVE-2026-21510EPSS 5.0%Microsoft Windows Shell Protection Mechanism Failure Vulnerability2/10/2026
—CVE-2026-21513EPSS 25.0%Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability2/10/2026
—CVE-2026-21525EPSS 9.4%Microsoft Windows NULL Pointer Dereference Vulnerability2/10/2026
—CVE-2026-21533EPSS 20.2%Microsoft Windows Improper Privilege Management Vulnerability2/10/2026
—CVE-2026-21519EPSS 4.5%Microsoft Windows Type Confusion Vulnerability2/10/2026
—CVE-2026-21514EPSS 5.2%Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability2/10/2026
CRITICAL9.8CVE-2025-11953EPSS 20.1%@react-native-community/cli has arbitrary OS command injection2/5/2026
—CVE-2026-24423EPSS 81.9%SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability2/5/2026
HIGH7.5CVE-2021-39935EPSS 64.5%GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability2/3/2026
—CVE-2019-19006EPSS 21.6%Sangoma FreePBX Improper Authentication Vulnerability2/3/2026
—CVE-2025-64328EPSS 75.4%Sangoma FreePBX OS Command Injection Vulnerability2/3/2026
—CVE-2025-40551EPSS 87.0%SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability2/3/2026
—CVE-2026-1281EPSS 81.6%Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability1/29/2026
—CVE-2026-24858EPSS 3.9%Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability1/27/2026
—CVE-2025-52691EPSS 89.7%SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability1/26/2026
HIGH7.8CVE-2018-14634EPSS 20.6%Linux Kernel Integer Overflow Vulnerability1/26/2026
—CVE-2026-23760EPSS 79.9%SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability1/26/2026
CRITICAL9.8CVE-2026-24061EPSS 91.5%inetutils - security update1/26/2026
—CVE-2026-21509EPSS 13.9%Microsoft Office Security Feature Bypass Vulnerability1/26/2026
—CVE-2024-37079EPSS 82.3%Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability1/23/2026
—CVE-2025-68645EPSS 47.6%Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability1/22/2026
HIGH7.5CVE-2025-54313EPSS 14.7%eslint-config-prettier, eslint-plugin-prettier, synckit, @pkgr/core, napi-postinstall have embedded malicious code1/22/2026
MEDIUM5.3CVE-2025-31125EPSS 83.2%Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query1/22/2026
—CVE-2025-34026EPSS 71.1%Versa Concerto Improper Authentication Vulnerability1/22/2026
—CVE-2026-20045EPSS 3.9%Cisco Unified Communications Products Code Injection Vulnerability1/21/2026
—CVE-2026-20805EPSS 3.0%Microsoft Windows Information Disclosure Vulnerability1/13/2026
—CVE-2025-8110EPSS 17.7%Gogs vulnerable to a bypass of CVE-2024-55947 in gogs.io/gogs1/12/2026
—CVE-2025-37164EPSS 78.6%Hewlett Packard Enterprise (HPE) OneView Code Injection Vulnerability1/7/2026
—CVE-2009-0556EPSS 68.3%Microsoft Office PowerPoint Code Injection Vulnerability1/7/2026
HIGH7.5CVE-2025-14847EPSS 55.8%Zlib compressed protocol header length confusion may allow memory read12/29/2025
—CVE-2023-52163EPSS 72.7%Digiever DS-2105 Pro Missing Authorization Vulnerability12/22/2025
—CVE-2025-14733EPSS 27.8%WatchGuard Firebox Out of Bounds Write Vulnerability12/19/2025
—CVE-2025-40602EPSS 0.39%SonicWall SMA1000 Missing Authorization Vulnerability12/17/2025
—CVE-2025-20393EPSS 6.5%Cisco Multiple Products Improper Input Validation Vulnerability12/17/2025
—CVE-2025-59374EPSS 20.6%ASUS Live Update Embedded Malicious Code Vulnerability12/17/2025
—CVE-2025-59718EPSS 9.5%Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability12/16/2025
—CVE-2025-14611EPSS 80.9%Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability12/15/2025
HIGH8.8CVE-2025-43529EPSS 0.16%Apple Multiple Products Use-After-Free WebKit Vulnerability12/15/2025
—CVE-2018-4063EPSS 1.9%Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability12/12/2025
HIGH8.8CVE-2025-14174EPSS 0.30%webkit2gtk - security update12/12/2025
HIGH8.2CVE-2025-58360EPSS 81.4%GeoServer is vulnerable to Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature12/11/2025
—CVE-2025-62221EPSS 2.1%Microsoft Windows Use After Free Vulnerability12/9/2025
—CVE-2025-6218EPSS 5.7%RARLAB WinRAR Path Traversal Vulnerability12/9/2025
—CVE-2022-37055EPSS 80.5%D-Link Routers Buffer Overflow Vulnerability12/8/2025
—CVE-2025-66644EPSS 2.0%Array Networks ArrayOS AG OS Command Injection Vulnerability12/8/2025
CRITICAL10.0CVE-2025-55182EPSS 82.0%React Server Components are Vulnerable to RCE12/5/2025
—CVE-2021-26828EPSS 78.4%OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability12/3/2025
—CVE-2025-48633EPSS 0.10%Android Framework Information Disclosure Vulnerability12/2/2025
—CVE-2025-48572EPSS 0.21%Android Framework Privilege Escalation Vulnerability12/2/2025
—CVE-2021-26829EPSS 7.6%OpenPLC ScadaBR Cross-site Scripting Vulnerability11/28/2025
—CVE-2025-61757EPSS 87.8%Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability11/21/2025
HIGH8.8CVE-2025-13223EPSS 2.8%chromium - security update11/19/2025
—CVE-2025-58034EPSS 42.5%Fortinet FortiWeb OS Command Injection Vulnerability11/18/2025
—CVE-2025-64446EPSS 93.0%Fortinet FortiWeb Path Traversal Vulnerability11/14/2025
—CVE-2025-12480EPSS 79.9%Gladinet Triofox Improper Access Control Vulnerability11/12/2025
—CVE-2025-62215EPSS 2.4%Microsoft Windows Race Condition Vulnerability11/12/2025
—CVE-2025-9242EPSS 75.5%WatchGuard Firebox Out-of-Bounds Write Vulnerability11/12/2025
—CVE-2025-21042EPSS 4.4%Samsung Mobile Devices Out-of-Bounds Write Vulnerability11/10/2025
—CVE-2025-48703EPSS 67.4%CWP Control Web Panel OS Command Injection Vulnerability11/4/2025
—CVE-2025-11371EPSS 67.6%Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability11/4/2025
CRITICAL9.8CVE-2025-24893EPSS 93.7%XWiki Platform allows remote code execution as guest via SolrSearchMacros request10/30/2025
HIGH7.8CVE-2025-41244EPSS 0.53%open-vm-tools - security update10/30/2025
—CVE-2025-6204EPSS 8.9%Dassault Systèmes DELMIA Apriso Code Injection Vulnerability10/28/2025
—CVE-2025-6205EPSS 76.8%Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability10/28/2025
CRITICAL9.1CVE-2025-54236EPSS 72.2%Magento Community Edition Improper Input Validation vulnerability10/24/2025
—CVE-2025-59287EPSS 72.7%Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability10/24/2025
—CVE-2025-61932EPSS 2.0%Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability10/22/2025
HIGH8.8CVE-2022-48503EPSS 0.28%Apple Multiple Products Unspecified Vulnerability10/20/2025
—CVE-2025-2746EPSS 89.7%Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability10/20/2025
—CVE-2025-33073EPSS 37.2%Microsoft Windows SMB Client Improper Access Control Vulnerability10/20/2025
—CVE-2025-61884EPSS 51.1%Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability10/20/2025
—CVE-2025-2747EPSS 90.9%Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability10/20/2025
—CVE-2025-54253EPSS 24.2%Adobe Experience Manager Forms Code Execution Vulnerability10/15/2025
—CVE-2025-47827EPSS 1.00%IGEL OS Use of a Key Past its Expiration Date Vulnerability10/14/2025
—CVE-2025-59230EPSS 5.0%Microsoft Windows Improper Access Control Vulnerability10/14/2025
—CVE-2016-7836EPSS 35.7%SKYSEA Client View Improper Authentication Vulnerability10/14/2025
—CVE-2025-24990EPSS 2.8%Microsoft Windows Untrusted Pointer Dereference Vulnerability10/14/2025
HIGH7.5CVE-2021-43798EPSS 94.4%Grafana path traversal10/9/2025
—CVE-2025-27915EPSS 26.1%Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability10/7/2025
—CVE-2010-3765EPSS 86.8%Mozilla Multiple Products Remote Code Execution Vulnerability10/6/2025
—CVE-2013-3918EPSS 88.5%Microsoft Windows Out-of-Bounds Write Vulnerability10/6/2025
HIGH7.8CVE-2021-22555EPSS 85.2%Linux Kernel Heap Out-of-Bounds Write Vulnerability10/6/2025
—CVE-2010-3962EPSS 89.7%Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability10/6/2025
—CVE-2011-3402EPSS 88.3%Microsoft Windows Remote Code Execution Vulnerability10/6/2025
—CVE-2025-61882EPSS 89.5%Oracle E-Business Suite Unspecified Vulnerability10/6/2025
—CVE-2021-43226EPSS 8.4%Microsoft Windows Privilege Escalation Vulnerability10/6/2025
—CVE-2025-21043EPSS 4.9%Samsung Mobile Devices Out-of-Bounds Write Vulnerability10/2/2025
CRITICAL9.8CVE-2017-1000353EPSS 94.5%Deserialization of Untrusted Data in Jenkins10/2/2025
—CVE-2025-4008EPSS 43.9%Smartbedded Meteobridge Command Injection Vulnerability10/2/2025
HIGH8.8CVE-2014-6278EPSS 91.7%GNU Bash OS Command Injection Vulnerability10/2/2025
—CVE-2015-7755EPSS 85.8%Juniper ScreenOS Improper Authentication Vulnerability10/2/2025
—CVE-2025-20352EPSS 4.2%Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability9/29/2025
HIGH7.8CVE-2025-32463EPSS 57.3%Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability9/29/2025
HIGH7.2CVE-2021-21311EPSS 94.1%SSRF in adminer9/29/2025
—CVE-2025-59689EPSS 6.0%Libraesva Email Security Gateway Command Injection Vulnerability9/29/2025
—CVE-2025-10035EPSS 59.3%Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability9/29/2025
—CVE-2025-20362EPSS 46.8%Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Missing Authorization Vulnerability9/25/2025
—CVE-2025-20333EPSS 29.8%Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overflow Vulnerability9/25/2025
CRITICAL9.8CVE-2025-10585EPSS 1.5%Google Chromium V8 Type Confusion Vulnerability9/23/2025
—CVE-2025-5086EPSS 42.5%Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability9/11/2025
—CVE-2025-48543EPSS 0.31%Android Runtime Use-After-Free Vulnerability9/4/2025
HIGH7.4CVE-2025-38352EPSS 0.14%Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability9/4/2025
—CVE-2025-53690EPSS 5.2%Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability9/4/2025
—CVE-2023-50224EPSS 1.5%TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability9/3/2025
—CVE-2025-9377EPSS 26.9%TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability9/3/2025
—CVE-2020-24363EPSS 12.6%TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability9/2/2025
—CVE-2025-55177EPSS 0.76%Meta Platforms WhatsApp Incorrect Authorization Vulnerability9/2/2025
—CVE-2025-57819EPSS 77.0%Sangoma FreePBX Authentication Bypass Vulnerability8/29/2025
—CVE-2025-7775EPSS 7.8%Citrix NetScaler Memory Overflow Vulnerability8/26/2025
HIGH8.0CVE-2025-48384EPSS 0.60%Git allows arbitrary code execution through broken config quoting8/25/2025
—CVE-2024-8069EPSS 66.8%Citrix Session Recording Deserialization of Untrusted Data Vulnerability8/25/2025
—CVE-2024-8068EPSS 8.3%Citrix Session Recording Improper Privilege Management Vulnerability8/25/2025
—CVE-2025-43300EPSS 4.4%Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability8/21/2025
—CVE-2025-54948EPSS 13.9%Trend Micro Apex One OS Command Injection Vulnerability8/18/2025
—CVE-2025-8876EPSS 9.2%N-able N-Central Command Injection Vulnerability8/13/2025
—CVE-2025-8875EPSS 3.0%N-able N-Central Insecure Deserialization Vulnerability8/13/2025
—CVE-2013-3893EPSS 82.6%Microsoft Internet Explorer Resource Management Errors Vulnerability8/12/2025
—CVE-2007-0671EPSS 52.3%Microsoft Office Excel Remote Code Execution Vulnerability8/12/2025
—CVE-2025-8088EPSS 9.1%RARLAB WinRAR Path Traversal Vulnerability8/12/2025
—CVE-2022-40799EPSS 53.9%D-Link DNR-322L Download of Code Without Integrity Check Vulnerability8/5/2025
—CVE-2020-25078EPSS 94.1%D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability8/5/2025
—CVE-2020-25079EPSS 41.9%D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability8/5/2025
—CVE-2023-2533EPSS 36.3%PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability7/28/2025
—CVE-2025-20337EPSS 1.4%Cisco Identity Services Engine Injection Vulnerability7/28/2025
—CVE-2025-20281EPSS 34.2%Cisco Identity Services Engine Injection Vulnerability7/28/2025
HIGH8.8CVE-2025-6558EPSS 0.25%chromium - security update7/22/2025
—CVE-2025-54309EPSS 76.8%CrushFTP Unprotected Alternate Channel Vulnerability7/22/2025
—CVE-2025-2776EPSS 62.6%SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability7/22/2025
—CVE-2025-49704EPSS 59.6%Microsoft SharePoint Code Injection Vulnerability7/22/2025
—CVE-2025-2775EPSS 69.3%SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability7/22/2025
—CVE-2025-49706EPSS 75.0%Microsoft SharePoint Improper Authentication Vulnerability7/22/2025
—CVE-2025-53770EPSS 88.5%Microsoft SharePoint Deserialization of Untrusted Data Vulnerability7/20/2025
—CVE-2025-25257EPSS 26.2%Fortinet FortiWeb SQL Injection Vulnerability7/18/2025
—CVE-2025-47812EPSS 92.9%Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability7/14/2025
—CVE-2025-5777EPSS 71.5%Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability7/10/2025
—CVE-2019-9621EPSS 94.1%Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability7/7/2025
CRITICAL9.8CVE-2016-10033EPSS 94.4%libphp-phpmailer - security update7/7/2025
—CVE-2014-3931EPSS 50.0%Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability7/7/2025
HIGH7.5CVE-2019-5418EPSS 94.3%rails - security update7/7/2025
HIGH8.1CVE-2025-6554EPSS 1.6%chromium - security update7/2/2025
—CVE-2025-48928EPSS 8.3%TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability7/1/2025
—CVE-2025-48927EPSS 9.5%TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability7/1/2025
—CVE-2025-6543EPSS 1.1%Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability6/30/2025
—CVE-2024-54085EPSS 43.0%AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability6/25/2025
—CVE-2019-6693EPSS 72.2%Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability6/25/2025
—CVE-2024-0769EPSS 75.2%D-Link DIR-859 Router Path Traversal Vulnerability6/25/2025
HIGH7.8CVE-2023-0386EPSS 50.6%linux - security update6/17/2025
—CVE-2023-33538EPSS 90.6%TP-Link Multiple Routers Command Injection Vulnerability6/16/2025
—CVE-2025-43200EPSS 0.88%Apple Multiple Products Unspecified Vulnerability6/16/2025
CRITICAL9.9CVE-2025-24016EPSS 93.5%Remote code execution in Wazuh server in github.com/wazuh/wazuh6/10/2025
—CVE-2025-33053EPSS 50.3%Microsoft Windows External Control of File Name or Path Vulnerability6/10/2025
CRITICAL9.3CVE-2024-42009EPSS 90.5%RoundCube Webmail Cross-Site Scripting Vulnerability6/9/2025
CRITICAL10.0CVE-2025-32433EPSS 59.7%Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability6/9/2025
HIGH8.8CVE-2025-5419EPSS 3.8%Google Chromium V8 Out-of-Bounds Read and Write Vulnerability6/5/2025
—CVE-2025-21480EPSS 2.0%Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability6/3/2025
—CVE-2025-21479EPSS 0.15%Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability6/3/2025
—CVE-2025-27038EPSS 1.4%Qualcomm Multiple Chipsets Use-After-Free Vulnerability6/3/2025
CRITICAL9.8CVE-2024-56145EPSS 93.9%Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled6/2/2025
—CVE-2021-32030EPSS 94.2%ASUS Routers Improper Authentication Vulnerability6/2/2025
MEDIUM5.3CVE-2025-35939EPSS 33.1%Craft CMS stores arbitrary content provided by unauthenticated users in session files6/2/2025
—CVE-2025-3935EPSS 12.0%ConnectWise ScreenConnect Improper Authentication Vulnerability6/2/2025
—CVE-2023-39780EPSS 41.1%ASUS RT-AX55 Routers OS Command Injection Vulnerability6/2/2025
—CVE-2025-4632EPSS 42.6%Samsung MagicINFO 9 Server Path Traversal Vulnerability5/22/2025
—CVE-2025-27920EPSS 50.1%Srimax Output Messenger Directory Traversal Vulnerability5/19/2025
—CVE-2024-27443EPSS 32.4%Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability5/19/2025
—CVE-2024-11182EPSS 13.5%MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability5/19/2025
—CVE-2023-38950EPSS 83.4%ZKTeco BioTime Path Traversal Vulnerability5/19/2025
—CVE-2025-4428EPSS 41.0%Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability5/19/2025
—CVE-2025-4427EPSS 91.6%Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability5/19/2025
—CVE-2024-12987EPSS 79.0%DrayTek Vigor Routers OS Command Injection Vulnerability5/15/2025
—CVE-2025-42999EPSS 66.4%SAP NetWeaver Deserialization Vulnerability5/15/2025
—CVE-2025-32756EPSS 22.3%Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability5/14/2025
—CVE-2025-32706EPSS 1.1%Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability5/13/2025
—CVE-2025-32701EPSS 1.9%Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability5/13/2025
—CVE-2025-30397EPSS 20.7%Microsoft Windows Scripting Engine Type Confusion Vulnerability5/13/2025
—CVE-2025-32709EPSS 0.76%Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability5/13/2025
—CVE-2025-30400EPSS 0.91%Microsoft Windows DWM Core Library Use-After-Free Vulnerability5/13/2025
—CVE-2025-47729EPSS 4.1%TeleMessage TM SGNL Hidden Functionality Vulnerability5/12/2025
—CVE-2024-6047EPSS 73.0%GeoVision Devices OS Command Injection Vulnerability5/7/2025
—CVE-2024-11120EPSS 66.1%GeoVision Devices OS Command Injection Vulnerability5/7/2025
HIGH8.1CVE-2025-27363EPSS 70.8%freetype - security update5/6/2025
CRITICAL9.8CVE-2025-3248EPSS 92.7%Langflow Unauth RCE5/5/2025
CRITICAL9.0CVE-2024-58136EPSS 78.9%yiisoft/yii2 Mishandles the Attaching of Behavior Defined by a `__class` Array Key5/2/2025
—CVE-2025-34028EPSS 69.3%Commvault Command Center Path Traversal Vulnerability5/2/2025
—CVE-2023-44221EPSS 22.6%SonicWall SMA100 Appliances OS Command Injection Vulnerability5/1/2025
CRITICAL9.1CVE-2024-38475EPSS 93.9%Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.5/1/2025
—CVE-2025-31324EPSS 43.7%SAP NetWeaver Unrestricted File Upload Vulnerability4/29/2025
—CVE-2025-3928EPSS 16.2%Commvault Web Server Unspecified Vulnerability4/28/2025
—CVE-2025-42599EPSS 7.9%Qualitia Active! Mail Stack-Based Buffer Overflow Vulnerability4/28/2025
—CVE-2025-1976EPSS 0.78%Broadcom Brocade Fabric OS Code Injection Vulnerability4/28/2025
—CVE-2025-24054EPSS 8.0%Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability4/17/2025
—CVE-2025-31201EPSS 3.4%Apple Multiple Products Arbitrary Read and Write Vulnerability4/17/2025
—CVE-2025-31200EPSS 1.7%Apple Multiple Products Memory Corruption Vulnerability4/17/2025
—CVE-2021-20035EPSS 12.8%SonicWall SMA100 Appliances OS Command Injection Vulnerability4/16/2025
HIGH7.8CVE-2024-53197EPSS 2.0%Linux Kernel Out-of-Bounds Access Vulnerability4/9/2025
HIGH7.1CVE-2024-53150EPSS 1.1%Linux Kernel Out-of-Bounds Read Vulnerability4/9/2025
—CVE-2025-29824EPSS 0.92%Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability4/8/2025
—CVE-2025-30406EPSS 85.4%Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability4/8/2025
—CVE-2025-31161EPSS 88.9%CrushFTP Authentication Bypass Vulnerability4/7/2025
—CVE-2025-22457EPSS 55.9%Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability4/4/2025
CRITICAL9.8CVE-2025-24813EPSS 94.1%Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT4/1/2025
—CVE-2024-20439EPSS 87.1%Cisco Smart Licensing Utility Static Credential Vulnerability3/31/2025
—CVE-2025-2783EPSS 46.9%Google Chromium Mojo Sandbox Escape Vulnerability3/27/2025
—CVE-2019-9875EPSS 56.7%Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability3/26/2025
—CVE-2019-9874EPSS 87.6%Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability3/26/2025
—CVE-2025-30154EPSS 34.6%reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability3/24/2025
—CVE-2024-48248EPSS 94.0%NAKIVO Backup and Replication Absolute Path Traversal Vulnerability3/19/2025
—CVE-2025-1316EPSS 86.7%Edimax IC-7100 IP Camera OS Command Injection Vulnerability3/19/2025
—CVE-2017-12637EPSS 93.4%SAP NetWeaver Directory Traversal Vulnerability3/19/2025
—CVE-2025-24472EPSS 10.4%Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability3/18/2025
—CVE-2025-30066EPSS 91.8%tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability3/18/2025
—CVE-2025-21590EPSS 1.7%Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability3/13/2025
CRITICAL10.0CVE-2025-24201EPSS 0.21%Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability3/13/2025
—CVE-2025-24985EPSS 2.4%Microsoft Windows Fast FAT File System Driver Integer Overflow Vulnerability3/11/2025
—CVE-2025-24993EPSS 3.2%Microsoft Windows NTFS Heap-Based Buffer Overflow Vulnerability3/11/2025
—CVE-2025-24991EPSS 1.6%Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability3/11/2025
—CVE-2025-24983EPSS 1.8%Microsoft Windows Win32k Use-After-Free Vulnerability3/11/2025
—CVE-2025-26633EPSS 44.0%Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability3/11/2025
—CVE-2025-24984EPSS 4.3%Microsoft Windows NTFS Information Disclosure Vulnerability3/11/2025
—CVE-2024-13159EPSS 94.0%Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability3/10/2025
—CVE-2024-57968EPSS 41.1%Advantive VeraCore Unrestricted File Upload Vulnerability3/10/2025
—CVE-2024-13160EPSS 93.8%Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability3/10/2025
—CVE-2024-13161EPSS 91.8%Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability3/10/2025
—CVE-2025-25181EPSS 72.1%Advantive VeraCore SQL Injection Vulnerability3/10/2025
—CVE-2025-22226EPSS 4.2%VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability3/4/2025
MEDIUM5.5CVE-2024-50302EPSS 2.6%Linux Kernel Use of Uninitialized Resource Vulnerability3/4/2025
—CVE-2025-22224EPSS 47.4%VMware ESXi and Workstation TOCTOU Race Condition Vulnerability3/4/2025
—CVE-2025-22225EPSS 9.8%VMware ESXi Arbitrary Write Vulnerability3/4/2025
—CVE-2018-8639EPSS 33.2%Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability3/3/2025
—CVE-2024-4885EPSS 94.3%Progress WhatsUp Gold Path Traversal Vulnerability3/3/2025
—CVE-2022-43769EPSS 94.0%Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability3/3/2025
—CVE-2022-43939EPSS 93.3%Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability3/3/2025
—CVE-2023-20118EPSS 3.9%Cisco Small Business RV Series Routers Command Injection Vulnerability3/3/2025
—CVE-2024-49035EPSS 5.5%Microsoft Partner Center Improper Access Control Vulnerability2/25/2025
—CVE-2023-34192EPSS 90.0%Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability2/25/2025
—CVE-2017-3066EPSS 93.7%Adobe ColdFusion Deserialization Vulnerability2/24/2025
—CVE-2024-20953EPSS 67.9%Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability2/24/2025
—CVE-2025-24989EPSS 31.6%Microsoft Power Pages Improper Access Control Vulnerability2/21/2025
HIGH8.0CVE-2025-23209EPSS 16.4%Craft CMS has a potential RCE with a compromised security key2/20/2025
—CVE-2025-0111EPSS 3.7%Palo Alto Networks PAN-OS File Read Vulnerability2/20/2025
—CVE-2025-0108EPSS 94.1%Palo Alto Networks PAN-OS Authentication Bypass Vulnerability2/18/2025
—CVE-2024-53704EPSS 93.9%SonicWall SonicOS SSLVPN Improper Authentication Vulnerability2/18/2025
—CVE-2024-57727EPSS 94.0%SimpleHelp Path Traversal Vulnerability2/13/2025
—CVE-2025-24200EPSS 48.4%Apple iOS and iPadOS Incorrect Authorization Vulnerability2/12/2025
—CVE-2024-41710EPSS 19.7%Mitel SIP Phones Argument Injection Vulnerability2/12/2025
—CVE-2025-21391EPSS 4.7%Microsoft Windows Storage Link Following Vulnerability2/11/2025
—CVE-2024-40890EPSS 45.9%Zyxel DSL CPE OS Command Injection Vulnerability2/11/2025
—CVE-2024-40891EPSS 53.2%Zyxel DSL CPE OS Command Injection Vulnerability2/11/2025
—CVE-2025-21418EPSS 13.3%Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability2/11/2025
—CVE-2025-0994EPSS 74.9%Trimble Cityworks Deserialization Vulnerability2/7/2025
—CVE-2020-15069EPSS 82.6%Sophos XG Firewall Buffer Overflow Vulnerability2/6/2025
—CVE-2025-0411EPSS 46.7%7-Zip Mark of the Web Bypass Vulnerability2/6/2025
—CVE-2020-29574EPSS 10.1%CyberoamOS (CROS) SQL Injection Vulnerability2/6/2025
—CVE-2022-23748EPSS 11.7%Dante Discovery Process Control Vulnerability2/6/2025
—CVE-2024-21413EPSS 93.0%Microsoft Outlook Improper Input Validation Vulnerability2/6/2025
HIGH7.8CVE-2024-53104EPSS 18.0%Linux Kernel Out-of-Bounds Write Vulnerability2/5/2025
—CVE-2018-9276EPSS 88.0%Paessler PRTG Network Monitor OS Command Injection Vulnerability2/4/2025
—CVE-2024-45195EPSS 94.1%Apache OFBiz Forced Browsing Vulnerability2/4/2025
—CVE-2024-29059EPSS 93.7%Microsoft .NET Framework Information Disclosure Vulnerability2/4/2025
—CVE-2018-19410EPSS 93.0%Paessler PRTG Network Monitor Local File Inclusion Vulnerability2/4/2025
—CVE-2025-24085EPSS 13.1%Apple Multiple Products Use-After-Free Vulnerability1/29/2025
—CVE-2025-23006EPSS 50.1%SonicWall SMA1000 Appliances Deserialization Vulnerability1/24/2025
MEDIUM6.9CVE-2020-11023EPSS 34.7%Potential XSS vulnerability in jQuery1/23/2025
—CVE-2024-50603EPSS 94.4%Aviatrix Controllers OS Command Injection Vulnerability1/16/2025
—CVE-2025-21335EPSS 7.6%Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability1/14/2025
—CVE-2024-55591EPSS 94.1%Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability1/14/2025
—CVE-2025-21334EPSS 5.8%Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability1/14/2025
—CVE-2025-21333EPSS 79.7%Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Buffer Overflow Vulnerability1/14/2025
—CVE-2023-48365EPSS 51.7%Qlik Sense HTTP Tunneling Vulnerability1/13/2025
—CVE-2024-12686EPSS 31.5%BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability1/13/2025
—CVE-2025-0282EPSS 94.1%Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability1/8/2025
—CVE-2024-55550EPSS 17.7%Mitel MiCollab Path Traversal Vulnerability1/7/2025
—CVE-2024-41713EPSS 93.9%Mitel MiCollab Path Traversal Vulnerability1/7/2025
—CVE-2020-2883EPSS 94.4%Oracle WebLogic Server Unspecified Vulnerability1/7/2025
—CVE-2024-3393EPSS 79.7%Palo Alto Networks PAN-OS Malicious DNS Packet Vulnerability12/30/2024
—CVE-2021-44207EPSS 8.9%Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability12/23/2024
—CVE-2024-12356EPSS 93.9%BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability12/19/2024
—CVE-2021-40407EPSS 25.3%Reolink RLC-410W IP Camera OS Command Injection Vulnerability12/18/2024
—CVE-2018-14933EPSS 93.9%NUUO NVRmini Devices OS Command Injection Vulnerability12/18/2024
—CVE-2019-11001EPSS 29.4%Reolink Multiple IP Cameras OS Command Injection Vulnerability12/18/2024
—CVE-2022-23227EPSS 53.9%NUUO NVRmini2 Devices Missing Authentication Vulnerability12/18/2024
—CVE-2024-55956EPSS 89.1%Cleo Multiple Products Unauthenticated File Upload Vulnerability12/17/2024
—CVE-2024-35250EPSS 54.9%Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability12/16/2024
—CVE-2024-20767EPSS 94.1%Adobe ColdFusion Improper Access Control Vulnerability12/16/2024
—CVE-2024-50623EPSS 94.0%Cleo Multiple Products Unrestricted File Upload Vulnerability12/13/2024
—CVE-2024-49138EPSS 86.9%Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability12/10/2024
—CVE-2024-51378EPSS 93.9%CyberPanel Incorrect Default Permissions Vulnerability12/4/2024
—CVE-2024-11667EPSS 28.9%Zyxel Multiple Firewalls Path Traversal Vulnerability12/3/2024
—CVE-2023-45727EPSS 21.0%North Grid Proself Improper Restriction of XML External Entity (XXE) Reference Vulnerability12/3/2024
—CVE-2024-11680EPSS 93.5%ProjectSend Improper Authentication Vulnerability12/3/2024
—CVE-2023-28461EPSS 89.3%Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability11/25/2024
MEDIUM6.3CVE-2024-44309EPSS 0.94%Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability11/21/2024
—CVE-2024-21287EPSS 69.8%Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability11/21/2024
HIGH8.8CVE-2024-44308EPSS 0.96%webkit2gtk - security update11/21/2024
—CVE-2024-38813EPSS 29.5%VMware vCenter Server Privilege Escalation Vulnerability11/20/2024
—CVE-2024-38812EPSS 77.9%VMware vCenter Server Heap-Based Buffer Overflow Vulnerability11/20/2024
—CVE-2024-1212EPSS 94.3%Progress Kemp LoadMaster OS Command Injection Vulnerability11/18/2024
—CVE-2024-0012EPSS 94.3%Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability11/18/2024
—CVE-2024-9474EPSS 94.2%Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability11/18/2024
—CVE-2024-9465EPSS 94.3%Palo Alto Networks Expedition SQL Injection Vulnerability11/14/2024
—CVE-2024-9463EPSS 94.2%Palo Alto Networks Expedition OS Command Injection Vulnerability11/14/2024
—CVE-2014-2120EPSS 75.1%Cisco Adaptive Security Appliance (ASA) Cross-Site Scripting (XSS) Vulnerability11/12/2024
—CVE-2024-43451EPSS 90.3%Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability11/12/2024
—CVE-2021-41277EPSS 94.4%Metabase GeoJSON API Local File Inclusion Vulnerability11/12/2024
—CVE-2024-49039EPSS 63.7%Microsoft Windows Task Scheduler Privilege Escalation Vulnerability11/12/2024
—CVE-2021-26086EPSS 94.2%Atlassian Jira Server and Data Center Path Traversal Vulnerability11/12/2024
—CVE-2019-16278EPSS 94.4%Nostromo nhttpd Directory Traversal Vulnerability11/7/2024
—CVE-2024-51567EPSS 94.3%CyberPanel Incorrect Default Permissions Vulnerability11/7/2024
—CVE-2024-5910EPSS 91.0%Palo Alto Networks Expedition Missing Authentication Vulnerability11/7/2024
—CVE-2024-43093EPSS 0.14%Android Framework Privilege Escalation Vulnerability11/7/2024
—CVE-2024-8957EPSS 55.5%PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability11/4/2024
—CVE-2024-8956EPSS 83.6%PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability11/4/2024
—CVE-2024-20481EPSS 11.1%Cisco ASA and FTD Denial-of-Service Vulnerability10/24/2024
MEDIUM6.1CVE-2024-37383EPSS 64.5%roundcube - security update10/24/2024
—CVE-2024-47575EPSS 93.9%Fortinet FortiManager Missing Authentication Vulnerability10/23/2024
—CVE-2024-38094EPSS 70.3%Microsoft SharePoint Deserialization Vulnerability10/22/2024
—CVE-2024-9537EPSS 63.9%ScienceLogic SL1 Unspecified Vulnerability10/21/2024
—CVE-2024-40711EPSS 72.7%Veeam Backup and Replication Deserialization Vulnerability10/17/2024
—CVE-2024-30088EPSS 88.1%Microsoft Windows Kernel TOCTOU Race Condition Vulnerability10/15/2024
—CVE-2024-28987EPSS 94.3%SolarWinds Web Help Desk Hardcoded Credential Vulnerability10/15/2024
CRITICAL9.8CVE-2024-9680EPSS 30.8%firefox-esr - security update10/15/2024
—CVE-2024-23113EPSS 54.4%Fortinet Multiple Products Format String Vulnerability10/9/2024
—CVE-2024-9379EPSS 79.3%Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability10/9/2024
—CVE-2024-9380EPSS 86.9%Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability10/9/2024
—CVE-2024-43572EPSS 48.9%Microsoft Windows Management Console Remote Code Execution Vulnerability10/8/2024
—CVE-2024-43573EPSS 17.7%Microsoft Windows MSHTML Platform Spoofing Vulnerability10/8/2024
—CVE-2024-43047EPSS 1.7%Qualcomm Multiple Chipsets Use-After-Free Vulnerability10/8/2024
—CVE-2024-45519EPSS 94.2%Synacor Zimbra Collaboration Suite (ZCS) Command Execution Vulnerability10/3/2024
—CVE-2024-29824EPSS 94.0%Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability10/2/2024
—CVE-2019-0344EPSS 40.2%SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability9/30/2024
—CVE-2020-15415EPSS 93.0%DrayTek Multiple Vigor Routers OS Command Injection Vulnerability9/30/2024
—CVE-2023-25280EPSS 93.1%D-Link DIR-820 Router OS Command Injection Vulnerability9/30/2024
—CVE-2024-7593EPSS 94.4%Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability9/24/2024
—CVE-2024-8963EPSS 94.2%Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability9/19/2024
—CVE-2020-0618EPSS 94.2%Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability9/18/2024
CRITICAL9.8CVE-2024-27348EPSS 94.3%Apache HugeGraph-Server: Command execution in gremlin9/18/2024
—CVE-2022-21445EPSS 92.0%Oracle ADF Faces Deserialization of Untrusted Data Vulnerability9/18/2024
—CVE-2020-14644EPSS 93.6%Oracle WebLogic Server Remote Code Execution Vulnerability9/18/2024
—CVE-2014-0502EPSS 89.8%Adobe Flash Player Double Free Vulnerablity9/17/2024
—CVE-2013-0648EPSS 55.5%Adobe Flash Player Code Execution Vulnerability9/17/2024
—CVE-2013-0643EPSS 58.6%Adobe Flash Player Incorrect Default Permissions Vulnerability9/17/2024
—CVE-2014-0497EPSS 93.2%Adobe Flash Player Integer Underflow Vulnerablity9/17/2024
—CVE-2024-43461EPSS 9.9%Microsoft Windows MSHTML Platform Spoofing Vulnerability9/16/2024
—CVE-2024-6670EPSS 94.5%Progress WhatsUp Gold SQL Injection Vulnerability9/16/2024
—CVE-2024-8190EPSS 91.9%Ivanti Cloud Services Appliance OS Command Injection Vulnerability9/13/2024
—CVE-2024-38226EPSS 1.4%Microsoft Publisher Protection Mechanism Failure Vulnerability9/10/2024
—CVE-2024-38217EPSS 13.8%Microsoft Windows Mark of the Web (MOTW) Protection Mechanism Failure Vulnerability9/10/2024
—CVE-2024-38014EPSS 12.8%Microsoft Windows Installer Improper Privilege Management Vulnerability9/10/2024
—CVE-2024-40766EPSS 3.5%SonicWall SonicOS Improper Access Control Vulnerability9/9/2024
HIGH8.4CVE-2016-3714EPSS 93.6%imagemagick - security update9/9/2024
HIGH7.8CVE-2017-1000253EPSS 57.3%Linux Kernel PIE Stack Buffer Corruption Vulnerability9/9/2024
—CVE-2021-20124EPSS 93.6%Draytek VigorConnect Path Traversal Vulnerability9/3/2024
—CVE-2024-7262EPSS 10.3%Kingsoft WPS Office Path Traversal Vulnerability9/3/2024
—CVE-2021-20123EPSS 93.5%Draytek VigorConnect Path Traversal Vulnerability9/3/2024
HIGH8.8CVE-2024-7965EPSS 24.2%Google Chromium V8 Inappropriate Implementation Vulnerability8/28/2024
—CVE-2024-38856EPSS 94.4%Apache OFBiz Incorrect Authorization Vulnerability8/27/2024
CRITICAL9.6CVE-2024-7971EPSS 1.0%Google Chromium V8 Type Confusion Vulnerability8/26/2024
—CVE-2024-39717EPSS 5.4%Versa Director Dangerous File Type Upload Vulnerability8/23/2024
—CVE-2021-33045EPSS 94.2%Dahua IP Camera Authentication Bypass Vulnerability8/21/2024
—CVE-2021-33044EPSS 94.3%Dahua IP Camera Authentication Bypass Vulnerability8/21/2024
—CVE-2021-31196EPSS 3.3%Microsoft Exchange Server Information Disclosure Vulnerability8/21/2024
HIGH8.4CVE-2022-0185EPSS 1.8%Linux Kernel Heap-Based Buffer Overflow Vulnerability8/21/2024
CRITICAL9.8CVE-2024-23897EPSS 94.5%Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE8/19/2024
—CVE-2024-28986EPSS 79.9%SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability8/15/2024
—CVE-2024-38107EPSS 3.4%Microsoft Windows Power Dependency Coordinator Privilege Escalation Vulnerability8/13/2024
—CVE-2024-38193EPSS 73.2%Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability8/13/2024
—CVE-2024-38189EPSS 43.7%Microsoft Project Remote Code Execution Vulnerability8/13/2024
—CVE-2024-38106EPSS 0.75%Microsoft Windows Kernel Privilege Escalation Vulnerability8/13/2024
—CVE-2024-38178EPSS 30.2%Microsoft Windows Scripting Engine Memory Corruption Vulnerability8/13/2024
—CVE-2024-38213EPSS 59.3%Microsoft Windows SmartScreen Security Feature Bypass Vulnerability8/13/2024
HIGH7.8CVE-2024-36971EPSS 0.45%Android Kernel Remote Code Execution Vulnerability8/7/2024
—CVE-2024-32113EPSS 94.0%Apache OFBiz Path Traversal Vulnerability8/7/2024
—CVE-2018-0824EPSS 91.5%Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability8/5/2024
—CVE-2024-37085EPSS 79.1%VMware ESXi Authentication Bypass Vulnerability7/30/2024
—CVE-2024-5217EPSS 94.1%ServiceNow Incomplete List of Disallowed Inputs Vulnerability7/29/2024
—CVE-2023-45249EPSS 93.5%Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability7/29/2024
—CVE-2024-4879EPSS 94.3%ServiceNow Improper Input Validation Vulnerability7/29/2024
—CVE-2012-4792EPSS 91.2%Microsoft Internet Explorer Use-After-Free Vulnerability7/23/2024
—CVE-2024-39891EPSS 17.1%Twilio Authy Information Disclosure Vulnerability7/23/2024
—CVE-2024-28995EPSS 94.4%SolarWinds Serv-U Path Traversal Vulnerability7/17/2024
CRITICAL9.8CVE-2024-34102EPSS 94.2%Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability7/17/2024
—CVE-2022-22948EPSS 26.0%VMware vCenter Server Incorrect Default File Permissions Vulnerability7/17/2024
CRITICAL9.8CVE-2024-36401EPSS 94.4%Remote Code Execution (RCE) vulnerability in geoserver7/15/2024
—CVE-2024-38080EPSS 14.2%Microsoft Windows Hyper-V Privilege Escalation Vulnerability7/9/2024
—CVE-2024-38112EPSS 93.0%Microsoft Windows MSHTML Platform Spoofing Vulnerability7/9/2024
—CVE-2024-23692EPSS 94.3%Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability7/9/2024
—CVE-2024-20399EPSS 0.77%Cisco NX-OS Command Injection Vulnerability7/2/2024
HIGH7.8CVE-2022-2586EPSS 2.8%Linux Kernel Use-After-Free Vulnerability6/26/2024
MEDIUM6.1CVE-2020-13965EPSS 71.8%Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability6/26/2024
CRITICAL9.8CVE-2022-24816EPSS 94.0%Improper Control of Generation of Code ('Code Injection') in jai-ext6/26/2024
—CVE-2024-4358EPSS 94.3%Progress Telerik Report Server Authentication Bypass by Spoofing Vulnerability6/13/2024
—CVE-2024-32896EPSS 0.19%Android Pixel Privilege Escalation Vulnerability6/13/2024
—CVE-2024-26169EPSS 35.1%Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability6/13/2024
CRITICAL9.8CVE-2024-4577EPSS 94.4%Argument Injection in PHP-CGI6/12/2024
—CVE-2024-4610EPSS 0.76%Arm Mali GPU Kernel Driver Use-After-Free Vulnerability6/12/2024
—CVE-2017-3506EPSS 94.4%Oracle WebLogic Server OS Command Injection Vulnerability6/3/2024
—CVE-2024-24919EPSS 94.3%Check Point Quantum Security Gateways Information Disclosure Vulnerability5/30/2024
HIGH7.8CVE-2024-1086EPSS 85.3%Linux Kernel Use-After-Free Vulnerability5/30/2024
—CVE-2024-4978EPSS 12.8%Justice AV Solutions (JAVS) Viewer Installer Embedded Malicious Code Vulnerability5/29/2024
CRITICAL9.6CVE-2024-5274EPSS 6.6%chromium - security update5/28/2024
HIGH7.5CVE-2020-17519EPSS 94.3%Path Traversal in Apache Flink5/23/2024
CRITICAL9.6CVE-2024-4947EPSS 0.97%chromium - security update5/20/2024