1,619 totalEPSS avg 51.6%

KEVKnown Exploited Vulnerabilities

CISA’s actively-exploited catalogue · refreshed weekly · authored by Adam Lundqvist

Showing 1,619 of 1,619 · page 9 of 33

CVEVendor / ProductTitleKEV addedEPSS
CVE-2024-38812VMware / vCenter ServerVMware vCenter Server Heap-Based Buffer Overflow Vulnerability2024-11-20
53.5%
CVE-2024-38813VMware / vCenter ServerVMware vCenter Server Privilege Escalation Vulnerability2024-11-20
14.6%
CVE-2024-0012Palo Alto Networks / PAN-OSPalo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerab…2024-11-18
99.7%
CVE-2024-1212Progress / Kemp LoadMasterProgress Kemp LoadMaster OS Command Injection Vulnerability2024-11-18
95.4%
CVE-2024-9474Palo Alto Networks / PAN-OSPalo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerabi…2024-11-18
94.8%
CVE-2024-9463Palo Alto Networks / ExpeditionPalo Alto Networks Expedition OS Command Injection Vulnerability2024-11-14
98.4%
CVE-2024-9465Palo Alto Networks / ExpeditionPalo Alto Networks Expedition SQL Injection Vulnerability2024-11-14
99.6%
CVE-2014-2120Cisco / Adaptive Security Appliance (ASA)Cisco Adaptive Security Appliance (ASA) Cross-Site Scripting (XSS) Vulnerability2024-11-12
14.0%
CVE-2021-26086Atlassian / Jira Server and Data CenterAtlassian Jira Server and Data Center Path Traversal Vulnerability2024-11-12
100.0%
CVE-2021-41277Metabase / MetabaseMetabase GeoJSON API Local File Inclusion Vulnerability2024-11-12
96.9%
CVE-2024-43451Microsoft / WindowsMicrosoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability2024-11-12
81.8%
CVE-2024-49039Microsoft / WindowsMicrosoft Windows Task Scheduler Privilege Escalation Vulnerability2024-11-12
13.7%
CVE-2019-16278Nostromo / nhttpdNostromo nhttpd Directory Traversal Vulnerability2024-11-07
99.1%
CVE-2024-43093Android / FrameworkAndroid Framework Privilege Escalation Vulnerability2024-11-07
0.7%
CVE-2024-51567CyberPersons / CyberPanelCyberPanel Incorrect Default Permissions Vulnerability2024-11-07
86.7%
CVE-2024-5910Palo Alto Networks / ExpeditionPalo Alto Networks Expedition Missing Authentication Vulnerability2024-11-07
91.7%
CVE-2024-8956PTZOptics / PT30X-SDI/NDI CamerasPTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability2024-11-04
56.9%
CVE-2024-8957PTZOptics / PT30X-SDI/NDI CamerasPTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability2024-11-04
82.1%
CVE-2024-20481Cisco / Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)Cisco ASA and FTD Denial-of-Service Vulnerability2024-10-24
16.0%
CVE-2024-37383Roundcube / WebmailRoundCube Webmail Cross-Site Scripting (XSS) Vulnerability2024-10-24
73.3%
CVE-2024-47575Fortinet / FortiManagerFortinet FortiManager Missing Authentication Vulnerability2024-10-23
96.5%
CVE-2024-38094Microsoft / SharePointMicrosoft SharePoint Deserialization Vulnerability2024-10-22
55.3%
CVE-2024-9537ScienceLogic / SL1ScienceLogic SL1 Unspecified Vulnerability2024-10-21
3.9%
CVE-2024-40711Veeam / Backup & ReplicationVeeam Backup and Replication Deserialization Vulnerability2024-10-17
88.2%
CVE-2024-28987SolarWinds / Web Help DeskSolarWinds Web Help Desk Hardcoded Credential Vulnerability2024-10-15
93.2%
CVE-2024-30088Microsoft / Windows Microsoft Windows Kernel TOCTOU Race Condition Vulnerability2024-10-15
68.2%
CVE-2024-9680Mozilla / FirefoxMozilla Firefox Use-After-Free Vulnerability2024-10-15
32.6%
CVE-2024-23113Fortinet / Multiple ProductsFortinet Multiple Products Format String Vulnerability2024-10-09
61.7%
CVE-2024-9379Ivanti / Cloud Services Appliance (CSA)Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability2024-10-09
43.6%
CVE-2024-9380Ivanti / Cloud Services Appliance (CSA)Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability2024-10-09
63.0%
CVE-2024-43047Qualcomm / Multiple Chipsets Qualcomm Multiple Chipsets Use-After-Free Vulnerability2024-10-08
0.7%
CVE-2024-43572Microsoft / WindowsMicrosoft Windows Management Console Remote Code Execution Vulnerability2024-10-08
61.0%
CVE-2024-43573Microsoft / WindowsMicrosoft Windows MSHTML Platform Spoofing Vulnerability2024-10-08
44.4%
CVE-2024-45519Synacor / Zimbra Collaboration Suite (ZCS)Synacor Zimbra Collaboration Suite (ZCS) Command Execution Vulnerability2024-10-03
100.0%
CVE-2024-29824Ivanti / Endpoint Manager (EPM)Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability2024-10-02
100.0%
CVE-2019-0344SAP / Commerce CloudSAP Commerce Cloud Deserialization of Untrusted Data Vulnerability2024-09-30
7.1%
CVE-2020-15415DrayTek / Multiple Vigor RoutersDrayTek Multiple Vigor Routers OS Command Injection Vulnerability2024-09-30
84.6%
CVE-2023-25280D-Link / DIR-820 RouterD-Link DIR-820 Router OS Command Injection Vulnerability2024-09-30
98.1%
CVE-2024-7593Ivanti / Virtual Traffic ManagerIvanti Virtual Traffic Manager Authentication Bypass Vulnerability2024-09-24
100.0%
CVE-2024-8963Ivanti / Cloud Services Appliance (CSA)Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability2024-09-19
98.4%
CVE-2020-0618Microsoft / SQL ServerMicrosoft SQL Server Reporting Services Remote Code Execution Vulnerability2024-09-18
99.0%
CVE-2020-14644Oracle / WebLogic ServerOracle WebLogic Server Remote Code Execution Vulnerability2024-09-18
94.5%
CVE-2022-21445Oracle / ADF FacesOracle ADF Faces Deserialization of Untrusted Data Vulnerability2024-09-18
62.0%
CVE-2024-27348Apache / HugeGraph-ServerApache HugeGraph-Server Improper Access Control Vulnerability2024-09-18
99.2%
CVE-2013-0643Adobe / Flash PlayerAdobe Flash Player Incorrect Default Permissions Vulnerability2024-09-17
10.5%
CVE-2013-0648Adobe / Flash PlayerAdobe Flash Player Code Execution Vulnerability2024-09-17
11.1%
CVE-2014-0497Adobe / Flash PlayerAdobe Flash Player Integer Underflow Vulnerablity2024-09-17
99.9%
CVE-2014-0502Adobe / Flash PlayerAdobe Flash Player Double Free Vulnerablity2024-09-17
24.2%
CVE-2024-43461Microsoft / WindowsMicrosoft Windows MSHTML Platform Spoofing Vulnerability2024-09-16
52.2%
CVE-2024-6670Progress / WhatsUp GoldProgress WhatsUp Gold SQL Injection Vulnerability2024-09-16
94.7%
Sourced from CISA Known Exploited Vulnerabilities — current weekly refresh. EPSS scores from FIRST.org via epss.cyentia.com. Curated by Adam Lundqvist, Founder at SQUR.