Currently tracking vulnerabilities

1. CVE-2024-0012 Palo Alto Firewall management interface authentication bypass

1. CVE-2024-51567 CyberPanel unauthenticated RCE
2. CVE-2024-47575 FortiNet FortiManager unauthenticated RCE via registration of FortiGate devices
3. CVE-2024-9465 Palo Alto Networks Expedition SQL injection info leak
4. CVE-2024-9463 PaloAlto Networks Expedition unauth RCE

1. CVE-2024-28987 SolarWinds Web Help Desk Hardcoded Credentials
2. CVE-2024-40711 Veeam Backup and Replication Deserialization RCE

1. CVE-2024-4885 Progress Software WhatsUp Gold GetFileWithoutZip Directory Traversal RCE
2. CVE-2024-7593 Ivanti virtual traffic manager auth bypass
3. CVE-2024-38856 Apache OFBiz unauthenticated Remote Code Execution
4. CVE-2024-32113 Apache OFBiz Path Traversal

1. CVE-2024-4879 ServiceNow self-hosted unauthenticated RCE
2. CVE-2024-36401 Geoserver Geotools Unauthenticated RCE
3. CVE-2024-6387 OpenSSH Unauthenticated Race Condition RCE as root (regreSSHion)

1. CVE-2024-5276 Unauthenticated SQLi in Fortra FileCatalyst Workflow, allows arbitrary account creation
2. CVE-2024-4577 PHP-CGI Argument Injection RCE on Windows web servers with certain locale configurations
3. CVE-2024-28995 Solarwinds Serv-U unauthenticated directory traversal

1. CVE-2024-24919 Check Point Security Gateways unauthenticated arbitrary file read
2. CVE-2023-43208 NextGen Healthcare Mirth Connect before version 4.4.1 unauth RCE
3. CVE-2024-32049 BIG-IP Next Central Manager (CM) unauthenticated cred leak of BIG-IP Next LTM/WAF instance credentials
4. CVE-2024-29011+ SonicWall Global Management System default creds

1. CVE-2024-4040 CrushFTP user VFS Sandbox Escape allow reading files from filesystem
2. CVE-2024-3400 Unauthenticated OS Command Injection in PaloAlto GlobalProtect Gateway
3. CVE-2024-3273 Command Injection and Backdoor Account in D-Link NAS Devices
4. CVE-2024-21894, CVE-2024-22052, +2 Heap overflow, XXE and null ptr dereference in Ivanti ICS/IPS 9.x and 22.x leading to potential DoS, memory read and RCE

1. CVE-2024-3094 Backdoor in upstream xz/liblzma leading to ssh server compromise
2. CVE-2023-48788 FortiClientEMS unauthenticated SQL injection and RCE
3. CVE-2024-27198 JetBrains TeamCity Authentication Bypass and RCE

1. CVE-2024-23113 FortiOS FortiGate unauthenticated RCE
2. CVE-2024-1708, CVE-2024-1709 ConnectWise ScreenConnect <= 23.9.7 auth bypass
3. CVE-2023-23752 Joomla 4.0.0-4.2.7 Unauthenticated Information Disclosure
4. CVE-2024-23917 JetBrains TeamCity before 2023.11.3 auth bypass to RCE
5. CVE-2024-22024 Ivanti ICS, IPS and ZTA XXE leading to unauthenticated resource access
6. Fortinet FortiOS Out-of-Bound Write Vulnerability CVE-2024-21762
7. Ivanti ICS, IPS and Neurons for ZTA auth bypass in SAML component CVE-2024-21893

1. Jenkins unauthenticated sensitive information disclosure enabling privilege escalation to admin CVE-2024-23897
2. Fortra GoAnywhere MFT Auth Bypass CVE-2024-0204
3. Cisco Unity Connection manager unauthenticated file upload and RCE CVE-2024-20272
4. Atlassian Confluence template injection unauthenticated RCE CVE-2023-22527, CVE-2024-21674 and more
5. GitLab unauthenticated password reset attack takeover CVE-2023-7028
6. Ivanti ICS/IPS (Pulse Secure VPN) authentication bypass + authed command injection chain CVE-2023-46085 + CVE-2024-21887
7. QNAP Viostor NVR 4.x authenticated OS cmd injection exploited using default creds CVE-2023-47565
8. Ivanti EPM Unauthenticated SQLi to RCE CVE-2023-39336
9. Ivanti EPMM (MobileIron) multiple unauthenticated vulns CVE-2023-38035, CVE-2023-35078, CVE-2023-35081 and more

1. Barracuda ESG Parse Excel RCE CVE-2023-7102
2. TeamCity Auth Bypass to RCE CVE-2023-42793
3. Apache Struts file upload CVE-2023-50164
4. Atlassian Confluence Vulnerabilities CVE-2023-22515, CVE-2023-22518, CVE-2023-22522
5. Citrix Vulnerabilities CVE-2023-4966 CitrixBleed