Currently tracking vulnerabilities
December 2024
- CVE-2024-50623 Cleo unauthenticated unrestricted file upload and download leading to RCE
November 2024
- CVE-2024-0012 Palo Alto Firewall management interface authentication bypass
- CVE-2024-46938 SiteCore Arbitrary File Read enabling RCE via machineKey disclosure
- CVE-2024-10914 D-Link NAS Command Injection via Name Parameter
October 2024
- CVE-2024-51567 CyberPanel unauthenticated RCE
- CVE-2024-47575 FortiNet FortiManager unauthenticated RCE via registration of FortiGate devices
- CVE-2024-9465 Palo Alto Networks Expedition SQL injection info leak
- CVE-2024-9463 PaloAlto Networks Expedition unauth RCE
September 2024
- CVE-2024-28987 SolarWinds Web Help Desk Hardcoded Credentials
- CVE-2024-40711 Veeam Backup and Replication Deserialization RCE
August 2024
- CVE-2024-4885 Progress Software WhatsUp Gold GetFileWithoutZip Directory Traversal RCE
- CVE-2024-7593 Ivanti virtual traffic manager auth bypass
- CVE-2024-38856 Apache OFBiz unauthenticated Remote Code Execution
- CVE-2024-32113 Apache OFBiz Path Traversal
July 2024
- CVE-2024-4879 ServiceNow self-hosted unauthenticated RCE
- CVE-2024-36401 Geoserver Geotools Unauthenticated RCE
- CVE-2024-6387 OpenSSH Unauthenticated Race Condition RCE as root (regreSSHion)
June 2024
- CVE-2024-5276 Unauthenticated SQLi in Fortra FileCatalyst Workflow, allows arbitrary account creation
- CVE-2024-4577 PHP-CGI Argument Injection RCE on Windows web servers with certain locale configurations
- CVE-2024-28995 Solarwinds Serv-U unauthenticated directory traversal
May 2024
- CVE-2024-24919 Check Point Security Gateways unauthenticated arbitrary file read
- CVE-2023-43208 NextGen Healthcare Mirth Connect before version 4.4.1 unauth RCE
- CVE-2024-32049 BIG-IP Next Central Manager (CM) unauthenticated cred leak of BIG-IP Next LTM/WAF instance credentials
- CVE-2024-29011+ SonicWall Global Management System default creds
April 2024
- CVE-2024-4040 CrushFTP user VFS Sandbox Escape allow reading files from filesystem
- CVE-2024-3400 Unauthenticated OS Command Injection in PaloAlto GlobalProtect Gateway
- CVE-2024-3273 Command Injection and Backdoor Account in D-Link NAS Devices
- CVE-2024-21894, CVE-2024-22052, +2 Heap overflow, XXE and null ptr dereference in Ivanti ICS/IPS 9.x and 22.x leading to potential DoS, memory read and RCE
March 2024
- CVE-2024-3094 Backdoor in upstream xz/liblzma leading to ssh server compromise
- CVE-2023-48788 FortiClientEMS unauthenticated SQL injection and RCE
- CVE-2024-27198 JetBrains TeamCity Authentication Bypass and RCE
February 2024
- CVE-2023-20198 Cisco IOS XE Unauthenticated Admin Takeover
- CVE-2024-23113 FortiOS FortiGate unauthenticated RCE
- CVE-2024-1708, CVE-2024-1709 ConnectWise ScreenConnect <= 23.9.7 auth bypass
- CVE-2023-23752 Joomla 4.0.0-4.2.7 Unauthenticated Information Disclosure
- CVE-2024-23917 JetBrains TeamCity before 2023.11.3 auth bypass to RCE
- CVE-2024-22024 Ivanti ICS, IPS and ZTA XXE leading to unauthenticated resource access
- Fortinet FortiOS Out-of-Bound Write Vulnerability CVE-2024-21762
- Ivanti ICS, IPS and Neurons for ZTA auth bypass in SAML component CVE-2024-21893
January 2024
- Jenkins unauthenticated sensitive information disclosure enabling privilege escalation to admin CVE-2024-23897
- Fortra GoAnywhere MFT Auth Bypass CVE-2024-0204
- Cisco Unity Connection manager unauthenticated file upload and RCE CVE-2024-20272
- Atlassian Confluence template injection unauthenticated RCE CVE-2023-22527, CVE-2024-21674 and more
- GitLab unauthenticated password reset attack takeover CVE-2023-7028
- Ivanti ICS/IPS (Pulse Secure VPN) authentication bypass + authed command injection chain CVE-2023-46085 + CVE-2024-21887
- QNAP Viostor NVR 4.x authenticated OS cmd injection exploited using default creds CVE-2023-47565
- Ivanti EPM Unauthenticated SQLi to RCE CVE-2023-39336
- Ivanti EPMM (MobileIron) multiple unauthenticated vulns CVE-2023-38035, CVE-2023-35078, CVE-2023-35081 and more
December 2023
- Barracuda ESG Parse Excel RCE CVE-2023-7102
- TeamCity Auth Bypass to RCE CVE-2023-42793
- Apache Struts file upload CVE-2023-50164
- Atlassian Confluence Vulnerabilities CVE-2023-22515, CVE-2023-22518, CVE-2023-22522
- Citrix Vulnerabilities CVE-2023-4966 CitrixBleed