Cybersecurity Help has compiled a list of TOP-100 vulnerabilities that are known to be exploited in the wild. This page is being updated in real time to reflect all changes in our vulnerability database.
| # | EUVDB-ID | CVE-ID | Vendor | Software | Vulnerability type | Public exploit |
| 1 | #VU88869 External Control of File Name or Path |
CVE-2024-4040 | CrushFTP |
CrushFTP
File servers (FTP/HTTP) |
CWE-73 External Control of File Name or Path |
Yes |
| 2 | #VU85319 Improper access control |
CVE-2023-7028 | GitLab, Inc |
GitLab Enterprise Edition
Software for developers |
CWE-284 Improper Access Control |
Yes |
| 3 | #VU71318 Improper input validation |
CVE-2023-21839 | Oracle |
Oracle WebLogic Server
Application servers |
CWE-20 Improper input validation |
Yes |
| 4 | #VU72065 Code Injection |
CVE-2022-35914 | glpi-project |
GLPI
CRM systems |
CWE-94 Improper Control of Generation of Code ('Code Injection') |
Yes |
| 5 | #VU75421 Information disclosure |
CVE-2023-28432 | minio.io |
minio
Other software solutions |
CWE-200 Information exposure |
Yes |
| 6 | #VU88506 Command Injection |
CVE-2024-3400 | Palo Alto Networks, Inc. |
Palo Alto PAN-OS
Operating system |
CWE-77 Command injection |
Yes |
| 7 | #VU72333 Improper access control |
CVE-2023-23752 | Joomla! |
Joomla!
CMS |
CWE-284 Improper Access Control |
Yes |
| 8 | #VU73718 Command Injection |
CVE-2023-1389 | TP-Link |
Archer AX21
Routers & switches, VoIP, GSM, etc |
CWE-77 Command injection |
Yes |
| 9 | #VU81437 Buffer overflow |
CVE-2023-4911 | GNU |
Glibc
Libraries used by multiple products |
CWE-119 Memory corruption |
Yes |
| 10 | #VU80658 Buffer overflow |
CVE-2023-36802 | Microsoft |
Windows
Operating system |
CWE-119 Memory corruption |
Yes |
| 11 | #VU87116 Improper Authentication |
CVE-2024-27198 | JetBrains s.r.o. |
TeamCity
CRM systems |
CWE-287 Improper Authentication |
Yes |
| 12 | #VU82065 Improper Privilege Management |
CVE-2023-20198 | Cisco Systems, Inc |
Cisco IOS XE
Operating system |
CWE-269 Improper Privilege Management |
Yes |
| 13 | #VU77558 OS Command Injection |
CVE-2023-38198 | Neilpang (neil) |
acme.sh
Other software solutions |
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
No |
| 14 | #VU88717 Improper input validation |
CVE-2024-21111 | Oracle |
Oracle VM VirtualBox
Virtualization software |
CWE-20 Improper input validation |
No |
| 15 | #VU88980 Code Injection |
CVE-2024-20359 | Cisco Systems, Inc |
Cisco Adaptive Security Appliance (ASA)
Security hardware applicances |
CWE-94 Improper Control of Generation of Code ('Code Injection') |
No |
| 16 | #VU88981 Infinite loop |
CVE-2024-20353 | Cisco Systems, Inc |
Cisco Adaptive Security Appliance (ASA)
Security hardware applicances |
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop') |
No |
| 17 | #VU83143 Input validation error |
CVE-2023-36038 | Microsoft |
Visual Studio
Software for developers |
CWE-20 Improper input validation |
No |
| 18 | #VU88961 Cleartext transmission of sensitive information |
N/A | MicroWorld Technologies |
eScan
Antivirus software/Personal firewalls |
CWE-319 Cleartext Transmission of Sensitive Information |
No |
| 19 | #VU88919 Resource exhaustion |
CVE-2006-1547 | Apache Foundation |
Apache Struts
Frameworks for developing and running applications |
CWE-400 Resource exhaustion |
No |
| 20 | #VU68237 Permissions, Privileges, and Access Controls |
CVE-2022-38028 | Microsoft |
Windows
Operating system |
CWE-264 Permissions, Privileges, and Access Controls |
No |
| 21 | #VU87359 SQL injection |
CVE-2023-48788 | Fortinet, Inc |
FortiClientEMS
Other software solutions |
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
Yes |
| 22 | #VU86278 Out-of-bounds write |
CVE-2024-21762 | Fortinet, Inc |
FortiOS
Operating system |
CWE-787 Out-of-bounds write |
Yes |
| 23 | #VU86914 Code Injection |
CVE-2024-25600 | bricksbuilder.io |
Bricks Builder
Modules and components for CMS |
CWE-94 Improper Control of Generation of Code ('Code Injection') |
Yes |
| 24 | #VU85287 OS Command Injection |
CVE-2024-21887 | Ivanti |
Ivanti Connect Secure (formerly Pulse Connect Secure)
Remote access servers, VPN |
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
Yes |
| 25 | #VU82690 Deserialization of Untrusted Data |
CVE-2023-46604 | Apache Foundation |
ActiveMQ
Mail servers |
CWE-502 Deserialization of Untrusted Data |
Yes |
| 26 | #VU79925 Input validation error |
CVE-2023-38831 | RARLAB |
WinRAR
Software for archiving |
CWE-20 Improper input validation |
Yes |
| 27 | #VU87917 Embedded malicious code (backdoor) |
CVE-2024-3094 | tukaani.org |
XZ Utils
Libraries used by multiple products |
CWE-506 Embedded Malicious Code |
Yes |
| 28 | #VU86459 Buffer overflow |
CVE-2024-21338 | Microsoft |
Windows
Operating system |
CWE-119 Memory corruption |
Yes |
| 29 | #VU78978 Buffer overflow |
CVE-2023-3824 | PHP Group |
PHP
Scripting languages |
CWE-119 Memory corruption |
No |
| 30 | #VU88209 Use of hard-coded credentials |
CVE-2024-3272 | D-Link |
D-Link DNS-320L
Routers for home users |
CWE-798 Use of Hard-coded Credentials |
Yes |
| 31 | #VU88210 OS Command Injection |
CVE-2024-3273 | D-Link |
D-Link DNS-320L
Routers for home users |
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
Yes |
| 32 | #VU88379 Improper access control |
CVE-2024-26234 | Microsoft |
Windows
Operating system |
CWE-284 Improper Access Control |
No |
| 33 | #VU88316 Protection mechanism failure |
CVE-2024-29988 | Microsoft |
Windows
Operating system |
CWE-693 Protection Mechanism Failure |
No |
| 34 | #VU85413 Template injection |
CVE-2023-22527 | Atlassian |
Atlassian Confluence Server
Web servers |
CWE-94 Improper Control of Generation of Code ('Code Injection') |
Yes |
| 35 | #VU81631 Improper Authentication |
CVE-2023-22515 | Atlassian |
Confluence Data Center
Other server solutions |
CWE-287 Improper Authentication |
Yes |
| 36 | #VU83566 Information disclosure |
CVE-2023-49103 | ownCloud |
Graph API
Programming Languages & Components |
CWE-200 Information exposure |
Yes |
| 37 | #VU85886 Path traversal |
CVE-2024-23334 | aio-libs |
aiohttp
Other software solutions |
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
Yes |
| 38 | #VU78074 Buffer overflow |
CVE-2023-36874 | Microsoft |
Windows
Operating system |
CWE-119 Memory corruption |
Yes |
| 39 | #VU86688 Authentication bypass using an alternate path or channel |
CVE-2024-1709 | ConnectWise |
ScreenConnect
Software for system administration |
CWE-288 Authentication Bypass Using an Alternate Path or Channel |
Yes |
| 40 | #VU79688 Input validation error |
CVE-2023-36845 | Juniper Networks, Inc. |
Juniper Junos OS
Operating system |
CWE-20 Improper input validation |
Yes |
| 41 | #VU85962 Server-Side Request Forgery (SSRF) |
CVE-2024-21893 | Ivanti |
Ivanti Connect Secure (formerly Pulse Connect Secure)
Remote access servers, VPN |
CWE-918 Server-Side Request Forgery (SSRF) |
Yes |
| 42 | #VU88076 Improper input validation |
CVE-2024-29748 |
Pixel
Mobile firmware & hardware |
CWE-20 Improper input validation |
No | |
| 43 | #VU88085 Information exposure |
CVE-2024-29745 |
Pixel
Mobile firmware & hardware |
CWE-200 Information exposure |
No | |
| 44 | #VU61217 Permissions, Privileges, and Access Controls |
CVE-2022-22942 | Linux Foundation |
Linux kernel
Operating system |
CWE-264 Permissions, Privileges, and Access Controls |
Yes |
| 45 | #VU77225 Improper Authentication |
CVE-2023-29357 | Microsoft |
Microsoft SharePoint Server
Application servers |
CWE-287 Improper Authentication |
Yes |
| 46 | #VU75907 Code Injection |
CVE-2023-24955 | Microsoft |
Microsoft SharePoint Server
Application servers |
CWE-94 Improper Control of Generation of Code ('Code Injection') |
Yes |
| 47 | #VU87813 OS Command Injection |
CVE-2019-7256 | Nice North America |
eMerge E3-Series
Security hardware applicances |
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
Yes |
| 48 | #VU81728 Resource exhaustion |
CVE-2023-44487 | Cloud Native Computing Foundation |
envoy
IDS/IPS systems, Firewalls and proxy servers |
CWE-400 Resource exhaustion |
No |
| 49 | #VU74946 Race condition |
CVE-2023-28229 | Microsoft |
Windows
Operating system |
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
Yes |
| 50 | #VU81042 Buffer overflow |
CVE-2023-41993 | WebKitGTK |
WebKitGTK+
Frameworks for developing and running applications |
CWE-119 Memory corruption |
Yes |
| 51 | #VU82592 Improper Authorization |
CVE-2023-22518 | Atlassian |
Confluence Data Center
Other server solutions |
CWE-285 Improper Authorization |
Yes |
| 52 | #VU86398 Security features bypass |
CVE-2024-21412 | Microsoft |
Windows
Operating system |
CWE-254 Security Features |
Yes |
| 53 | #VU81926 Buffer overflow |
CVE-2023-4966 | Citrix |
Citrix Netscaler ADC
Software for system administration |
CWE-119 Memory corruption |
Yes |
| 54 | #VU66798 OS Command Injection |
CVE-2022-36804 | Atlassian |
Bitbucket Data Center
Other server solutions |
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
Yes |
| 55 | #VU79810 Improper Authentication |
CVE-2023-38035 | Ivanti |
MobileIron Sentry
IDS/IPS systems, Firewalls and proxy servers |
CWE-287 Improper Authentication |
Yes |
| 56 | #VU74847 Buffer overflow |
CVE-2023-28252 | Microsoft |
Windows
Operating system |
CWE-119 Memory corruption |
Yes |
| 57 | #VU71002 Permissions, Privileges, and Access Controls |
CVE-2023-21768 | Microsoft |
Windows
Operating system |
CWE-264 Permissions, Privileges, and Access Controls |
Yes |
| 58 | #VU66397 Double Free |
CVE-2022-2588 | Linux Foundation |
Linux kernel
Operating system |
CWE-415 Double Free |
Yes |
| 59 | #VU85166 Insecure default initialization of resource |
CVE-2023-27524 | Apache Foundation |
Apache Superset
Other software |
CWE-1188 Insecure Default Initialization of Resource |
Yes |
| 60 | #VU87117 Improper Authentication |
CVE-2024-27199 | JetBrains s.r.o. |
TeamCity
CRM systems |
CWE-287 Improper Authentication |
No |
| 61 | #VU87136 Buffer overflow |
CVE-2024-23296 | Apple Inc. |
Apple iOS
Operating system |
CWE-119 Memory corruption |
No |
| 62 | #VU87134 Buffer overflow |
CVE-2024-23225 | Apple Inc. |
Apple iOS
Operating system |
CWE-119 Memory corruption |
No |
| 63 | #VU77175 Heap-based buffer overflow |
CVE-2023-27997 | Fortinet, Inc |
FortiOS
Operating system |
CWE-122 Heap-based Buffer Overflow |
Yes |
| 64 | #VU74001 Missing authentication for critical function |
CVE-2023-27532 | Veeam |
Backup & Replication
Other server solutions |
CWE-306 Missing Authentication for Critical Function |
Yes |
| 65 | #VU85446 Buffer overflow |
CVE-2024-0519 |
Google Chromium
Web browsers |
CWE-119 Memory corruption |
Yes | |
| 66 | #VU77251 Untrusted Pointer Dereference |
CVE-2023-29360 | Microsoft |
Windows
Operating system |
CWE-822 Untrusted Pointer Dereference |
Yes |
| 67 | #VU80950 Authentication bypass using an alternate path or channel |
CVE-2023-42793 | JetBrains s.r.o. |
TeamCity
CRM systems |
CWE-288 Authentication Bypass Using an Alternate Path or Channel |
Yes |
| 68 | #VU82104 Arbitrary file upload |
CVE-2023-5360 | WP Royal |
Royal Elementor Addons
Modules and components for CMS |
CWE-434 Unrestricted Upload of File with Dangerous Type |
Yes |
| 69 | #VU63145 OS Command Injection |
CVE-2022-30525 | ZyXEL Communications Corp. |
VPN series
Antivirus software/Personal firewalls |
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
Yes |
| 70 | #VU65380 OS Command Injection |
CVE-2022-33891 | Apache Foundation |
Apache Spark
Frameworks for developing and running applications |
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
Yes |
| 71 | #VU86573 Embedded malicious code (backdoor) |
CVE-2021-44529 | Ivanti |
Endpoint Manager
IDS/IPS systems, Firewalls and proxy servers |
CWE-506 Embedded Malicious Code |
No |
| 72 | #VU86404 Exposure of Resource to Wrong Sphere |
CVE-2024-21410 | Microsoft |
Microsoft Exchange Server
Mail servers |
CWE-668 Exposure of resource to wrong sphere |
No |
| 73 | #VU70999 Permissions, Privileges, and Access Controls |
CVE-2023-21752 | Microsoft |
Windows
Operating system |
CWE-264 Permissions, Privileges, and Access Controls |
Yes |
| 74 | #VU86371 OS Command Injection |
CVE-2023-50358 | QNAP Systems, Inc. |
QNAP QTS
File servers (FTP/HTTP) |
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
No |
| 75 | #VU76454 Path traversal |
CVE-2023-2825 | GitLab, Inc |
GitLab Enterprise Edition
Software for developers |
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
Yes |
| 76 | #VU86397 Security features bypass |
CVE-2024-21351 | Microsoft |
Windows
Operating system |
CWE-254 Security Features |
No |
| 77 | #VU82545 Cross-site scripting |
CVE-2023-43770 | Roundcube |
Roundcube
Webmail solutions |
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
No |
| 78 | #VU86282 XML External Entity injection |
CVE-2024-22024 | Ivanti |
Ivanti Policy Secure (formerly Pulse Policy Secure)
Remote access servers, VPN |
CWE-611 Improper Restriction of XML External Entity Reference ('XXE') |
No |
| 79 | #VU80463 Type Confusion |
CVE-2023-4762 |
Google Chromium
Web browsers |
CWE-843 Type confusion |
No | |
| 80 | #VU85668 Type confusion |
CVE-2024-23222 | WebKitGTK |
WebKitGTK+
Frameworks for developing and running applications |
CWE-843 Type confusion |
No |
| 81 | #VU85286 Improper Authentication |
CVE-2023-46805 | Ivanti |
Ivanti Connect Secure (formerly Pulse Connect Secure)
Remote access servers, VPN |
CWE-287 Improper Authentication |
Yes |
| 82 | #VU85944 Use of default credentials |
CVE-2024-23842 | Hitron Systems |
DVR LGUVR-16H
Other hardware appliances |
CWE-1392 Use of Default Credentials |
No |
| 83 | #VU85943 Use of default credentials |
CVE-2024-22772 | Hitron Systems |
DVR LGUVR-8H
Other hardware appliances |
CWE-1392 Use of Default Credentials |
No |
| 84 | #VU85942 Use of default credentials |
CVE-2024-22771 | Hitron Systems |
DVR LGUVR-4H
Other hardware appliances |
CWE-1392 Use of Default Credentials |
No |
| 85 | #VU85941 Use of default credentials |
CVE-2024-22770 | Hitron Systems |
DVR HVR-16781
Other hardware appliances |
CWE-1392 Use of Default Credentials |
No |
| 86 | #VU85940 Use of default credentials |
CVE-2024-22769 | Hitron Systems |
DVR HVR-8781
Other hardware appliances |
CWE-1392 Use of Default Credentials |
No |
| 87 | #VU85939 Use of default credentials |
CVE-2024-22768 | Hitron Systems |
DVR HVR-4781
Other hardware appliances |
CWE-1392 Use of Default Credentials |
No |
| 88 | #VU69866 Type Confusion |
CVE-2022-4262 |
Google Chromium
Web browsers |
CWE-843 Type confusion |
Yes | |
| 89 | #VU76466 Improper Authentication |
CVE-2023-32315 | Ignite Realtime |
Openfire
Modules and components for CMS |
CWE-287 Improper Authentication |
Yes |
| 90 | #VU78625 Improper Authentication |
CVE-2023-35078 | Ivanti |
Endpoint Manager Mobile (formerly MobileIron Core)
IDS/IPS systems, Firewalls and proxy servers |
CWE-287 Improper Authentication |
Yes |
| 91 | #VU82353 Out-of-bounds write |
CVE-2023-34048 | VMware, Inc |
vCenter Server
Virtualization software |
CWE-787 Out-of-bounds write |
No |
| 92 | #VU63766 Double Free |
CVE-2021-22600 | Linux Foundation |
Linux kernel
Operating system |
CWE-415 Double Free |
Yes |
| 93 | #VU84796 Server-Side Request Forgery (SSRF) |
CVE-2023-51467 | Apache Foundation |
OFBiz
Other software solutions |
CWE-918 Server-Side Request Forgery (SSRF) |
Yes |
| 94 | #VU85516 Code Injection |
CVE-2017-9841 | sebastianbergmann |
PHPUnit
Frameworks for developing and running applications |
CWE-94 Improper Control of Generation of Code ('Code Injection') |
Yes |
| 95 | #VU85435 Code Injection |
CVE-2023-6548 | Citrix |
Citrix NetScaler Gateway
Application servers |
CWE-94 Improper Control of Generation of Code ('Code Injection') |
No |
| 96 | #VU85436 Buffer overflow |
CVE-2023-6549 | Citrix |
Citrix NetScaler Gateway
Application servers |
CWE-119 Memory corruption |
No |
| 97 | #VU78929 Improper Authentication |
CVE-2023-35082 | Ivanti |
Endpoint Manager Mobile (formerly MobileIron Core)
IDS/IPS systems, Firewalls and proxy servers |
CWE-287 Improper Authentication |
No |
| 98 | #VU74191 Use-after-free |
CVE-2022-38181 | ARM |
Midgard GPU Kernel Driver
Drivers |
CWE-416 Use After Free |
Yes |
| 99 | #VU85363 Improper authentication |
CVE-2022-48618 | Apple Inc. |
Apple iOS
Operating system |
CWE-287 Improper Authentication |
No |
| 100 | #VU83960 Path traversal |
CVE-2023-50164 | Apache Foundation |
Apache Struts
Frameworks for developing and running applications |
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
Yes |