1,619 totalEPSS avg 51.6%

KEVKnown Exploited Vulnerabilities

CISA’s actively-exploited catalogue · refreshed weekly · authored by Adam Lundqvist

Showing 1,619 of 1,619 · page 10 of 33

CVEVendor / ProductTitleKEV addedEPSS
CVE-2024-8190Ivanti / Cloud Services ApplianceIvanti Cloud Services Appliance OS Command Injection Vulnerability2024-09-13
89.0%
CVE-2024-38014Microsoft / WindowsMicrosoft Windows Installer Improper Privilege Management Vulnerability2024-09-10
6.1%
CVE-2024-38217Microsoft / WindowsMicrosoft Windows Mark of the Web (MOTW) Protection Mechanism Failure Vulnera…2024-09-10
9.8%
CVE-2024-38226Microsoft / PublisherMicrosoft Publisher Protection Mechanism Failure Vulnerability2024-09-10
2.7%
CVE-2016-3714ImageMagick / ImageMagickImageMagick Improper Input Validation Vulnerability2024-09-09
97.5%
CVE-2017-1000253Linux / KernelLinux Kernel PIE Stack Buffer Corruption Vulnerability 2024-09-09
10.7%
CVE-2024-40766SonicWall / SonicOSSonicWall SonicOS Improper Access Control Vulnerability2024-09-09
15.7%
CVE-2021-20123DrayTek / VigorConnectDraytek VigorConnect Path Traversal Vulnerability 2024-09-03
74.9%
CVE-2021-20124DrayTek / VigorConnectDraytek VigorConnect Path Traversal Vulnerability 2024-09-03
70.0%
CVE-2024-7262Kingsoft / WPS OfficeKingsoft WPS Office Path Traversal Vulnerability2024-09-03
1.8%
CVE-2024-7965Google / Chromium V8Google Chromium V8 Inappropriate Implementation Vulnerability2024-08-28
17.2%
CVE-2024-38856Apache / OFBizApache OFBiz Incorrect Authorization Vulnerability2024-08-27
99.4%
CVE-2024-7971Google / Chromium V8Google Chromium V8 Type Confusion Vulnerability2024-08-26
19.3%
CVE-2024-39717Versa / DirectorVersa Director Dangerous File Type Upload Vulnerability2024-08-23
4.0%
CVE-2021-31196Microsoft / Exchange ServerMicrosoft Exchange Server Information Disclosure Vulnerability2024-08-21
46.4%
CVE-2021-33044Dahua / IP Camera FirmwareDahua IP Camera Authentication Bypass Vulnerability2024-08-21
99.9%
CVE-2021-33045Dahua / IP Camera FirmwareDahua IP Camera Authentication Bypass Vulnerability2024-08-21
99.6%
CVE-2022-0185Linux / KernelLinux Kernel Heap-Based Buffer Overflow Vulnerability2024-08-21
25.2%
CVE-2024-23897Jenkins / Jenkins Command Line Interface (CLI)Jenkins Command Line Interface (CLI) Path Traversal Vulnerability2024-08-19
100.0%
CVE-2024-28986SolarWinds / Web Help DeskSolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability2024-08-15
84.4%
CVE-2024-38106Microsoft / WindowsMicrosoft Windows Kernel Privilege Escalation Vulnerability2024-08-13
6.3%
CVE-2024-38107Microsoft / WindowsMicrosoft Windows Power Dependency Coordinator Privilege Escalation Vulnerabi…2024-08-13
1.6%
CVE-2024-38178Microsoft / WindowsMicrosoft Windows Scripting Engine Memory Corruption Vulnerability2024-08-13
39.5%
CVE-2024-38189Microsoft / ProjectMicrosoft Project Remote Code Execution Vulnerability 2024-08-13
7.9%
CVE-2024-38193Microsoft / WindowsMicrosoft Windows Ancillary Function Driver for WinSock Privilege Escalation …2024-08-13
27.6%
CVE-2024-38213Microsoft / WindowsMicrosoft Windows SmartScreen Security Feature Bypass Vulnerability2024-08-13
13.4%
CVE-2024-32113Apache / OFBizApache OFBiz Path Traversal Vulnerability2024-08-07
99.4%
CVE-2024-36971Android / KernelAndroid Kernel Remote Code Execution Vulnerability2024-08-07
2.7%
CVE-2018-0824Microsoft / WindowsMicrosoft COM for Windows Deserialization of Untrusted Data Vulnerability2024-08-05
73.5%
CVE-2024-37085VMware / ESXiVMware ESXi Authentication Bypass Vulnerability2024-07-30
26.8%
CVE-2023-45249Acronis / Cyber Infrastructure (ACI)Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability2024-07-29
53.5%
CVE-2024-4879ServiceNow / Utah, Vancouver, and Washington DC Now PlatformServiceNow Improper Input Validation Vulnerability2024-07-29
100.0%
CVE-2024-5217ServiceNow / Utah, Vancouver, and Washington DC Now PlatformServiceNow Incomplete List of Disallowed Inputs Vulnerability2024-07-29
99.6%
CVE-2012-4792Microsoft / Internet ExplorerMicrosoft Internet Explorer Use-After-Free Vulnerability2024-07-23
78.8%
CVE-2024-39891Twilio / AuthyTwilio Authy Information Disclosure Vulnerability2024-07-23
1.5%
CVE-2022-22948VMware / vCenter ServerVMware vCenter Server Incorrect Default File Permissions Vulnerability 2024-07-17
13.9%
CVE-2024-28995SolarWinds / Serv-USolarWinds Serv-U Path Traversal Vulnerability 2024-07-17
99.6%
CVE-2024-34102Adobe / Commerce and Magento Open SourceAdobe Commerce and Magento Open Source Improper Restriction of XML External E…2024-07-17
100.0%
CVE-2024-36401OSGeo / GeoServerOSGeo GeoServer GeoTools Eval Injection Vulnerability2024-07-15
99.8%
CVE-2024-23692Rejetto / HTTP File ServerRejetto HTTP File Server Improper Neutralization of Special Elements Used in …2024-07-09
99.5%
CVE-2024-38080Microsoft / Windows Microsoft Windows Hyper-V Privilege Escalation Vulnerability2024-07-09
7.1%
CVE-2024-38112Microsoft / WindowsMicrosoft Windows MSHTML Platform Spoofing Vulnerability2024-07-09
84.3%
CVE-2024-20399Cisco / NX-OSCisco NX-OS Command Injection Vulnerability2024-07-02
3.8%
CVE-2020-13965Roundcube / WebmailRoundcube Webmail Cross-Site Scripting (XSS) Vulnerability2024-06-26
76.6%
CVE-2022-24816OSGeo / JAI-EXTOSGeo GeoServer JAI-EXT Code Injection Vulnerability2024-06-26
98.7%
CVE-2022-2586Linux / KernelLinux Kernel Use-After-Free Vulnerability2024-06-26
12.7%
CVE-2024-26169Microsoft / WindowsMicrosoft Windows Error Reporting Service Improper Privilege Management Vulne…2024-06-13
4.0%
CVE-2024-32896Android / PixelAndroid Pixel Privilege Escalation Vulnerability2024-06-13
3.0%
CVE-2024-4358Progress / Telerik Report ServerProgress Telerik Report Server Authentication Bypass by Spoofing Vulnerability2024-06-13
97.5%
CVE-2024-4577PHP Group / PHPPHP-CGI OS Command Injection Vulnerability2024-06-12
100.0%
Sourced from CISA Known Exploited Vulnerabilities — current weekly refresh. EPSS scores from FIRST.org via epss.cyentia.com. Curated by Adam Lundqvist, Founder at SQUR.