163 CISA Known Exploited Vulnerabilities from 2024
Aviatrix Controllers — Aviatrix Controllers OS Command Injection Vulnerability
CVSS 10CyberPersons CyberPanel — CyberPanel Incorrect Default Permissions Vulnerability
CVSS 10Progress Kemp LoadMaster — Progress Kemp LoadMaster OS Command Injection Vulnerability
CVSS 10CyberPersons CyberPanel — CyberPanel Incorrect Default Permissions Vulnerability
CVSS 10Zimbra ZCS — Unauthenticated OS Command Injection via postjournal popen() Call, Mass Exploitation September 2024
CVSS 10Palo Alto Networks PAN-OS GlobalProtect — Two-Bug Chain Enables Unauthenticated Root Command Execution; Zero-Day Exploited by UTA0218
CVSS 10ConnectWise ScreenConnect — ConnectWise ScreenConnect Authentication Bypass Vulnerability
CVSS 10SimpleHelp RMM — Low-Privilege Technician to Server Admin via API Key Privilege Escalation
CVSS 9.9Advantive VeraCore — Advantive VeraCore Unrestricted File Upload Vulnerability
CVSS 9.9Microsoft Configuration Manager — Microsoft Configuration Manager SQL Injection Vulnerability
CVSS 9.8Broadcom VMware vCenter Server — Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability
CVSS 9.8AMI MegaRAC SPx — AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability
CVSS 9.8Craft CMS Craft CMS — Craft CMS Code Injection Vulnerability
CVSS 9.8GeoVision Multiple Devices — GeoVision Devices OS Command Injection Vulnerability
CVSS 9.8GeoVision Multiple Devices — GeoVision Devices OS Command Injection Vulnerability
CVSS 9.8Cisco Smart Licensing Utility — Cisco Smart Licensing Utility Static Credential Vulnerability
CVSS 9.8Ivanti EPM — Unauthenticated Credential Coercion via Path Traversal in GetHashForWildcardRecursive
CVSS 9.8Ivanti EPM — Unauthenticated Credential Coercion via Path Traversal in GetHashForWildcard
CVSS 9.8Ivanti EPM — Unauthenticated Credential Coercion via Path Traversal in GetHashForSingleFile
CVSS 9.8Progress WhatsUp Gold — Progress WhatsUp Gold Path Traversal Vulnerability
CVSS 9.8SonicWall SonicOS — SonicWall SonicOS SSLVPN Improper Authentication Vulnerability
CVSS 9.8Microsoft Office Outlook — Microsoft Outlook Improper Input Validation Vulnerability
CVSS 9.8Fortinet FortiOS and FortiProxy — Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
CVSS 9.8BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) — BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability
CVSS 9.8Cleo Multiple Products — Cleo Multiple Products Unauthenticated File Upload Vulnerability
CVSS 9.8Cleo Multiple Products — Cleo Multiple Products Unrestricted File Upload Vulnerability
CVSS 9.8ProjectSend ProjectSend — ProjectSend Improper Authentication Vulnerability
CVSS 9.8VMware vCenter Server — VMware vCenter Server Heap-Based Buffer Overflow Vulnerability
CVSS 9.8Palo Alto Networks PAN-OS — Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability
CVSS 9.8Palo Alto Networks Expedition — Palo Alto Networks Expedition Missing Authentication Vulnerability
CVSS 9.8Fortinet FortiManager — Fortinet FortiManager Missing Authentication Vulnerability
CVSS 9.8ScienceLogic SL1 — ScienceLogic SL1 Unspecified Vulnerability
CVSS 9.8Veeam Backup & Replication — Veeam Backup and Replication Deserialization Vulnerability
CVSS 9.8Mozilla Firefox — Mozilla Firefox Use-After-Free Vulnerability
CVSS 9.8Fortinet Multiple Products — Fortinet Multiple Products Format String Vulnerability
CVSS 9.8Ivanti Virtual Traffic Manager — Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability
CVSS 9.8Apache HugeGraph-Server — Apache HugeGraph-Server Improper Access Control Vulnerability
CVSS 9.8Progress WhatsUp Gold — Progress WhatsUp Gold SQL Injection Vulnerability
CVSS 9.8SonicWall SonicOS — SonicWall SonicOS Improper Access Control Vulnerability
CVSS 9.8Apache OFBiz — Apache OFBiz Incorrect Authorization Vulnerability
CVSS 9.8Jenkins Jenkins Command Line Interface (CLI) — Jenkins Command Line Interface (CLI) Path Traversal Vulnerability
CVSS 9.8SolarWinds Web Help Desk — SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
CVSS 9.8Apache OFBiz — Apache OFBiz Path Traversal Vulnerability
CVSS 9.8ServiceNow Utah, Vancouver, and Washington DC Now Platform — ServiceNow Improper Input Validation Vulnerability
CVSS 9.8ServiceNow Utah, Vancouver, and Washington DC Now Platform — ServiceNow Incomplete List of Disallowed Inputs Vulnerability
CVSS 9.8Adobe Commerce and Magento Open Source — Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability
CVSS 9.8OSGeo GeoServer — OSGeo GeoServer GeoTools Eval Injection Vulnerability
CVSS 9.8Rejetto HTTP File Server — Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability
CVSS 9.8Progress Telerik Report Server — Progress Telerik Report Server Authentication Bypass by Spoofing Vulnerability
CVSS 9.8PHP Group PHP — PHP-CGI OS Command Injection Vulnerability
CVSS 9.8CrushFTP CrushFTP — CrushFTP VFS Sandbox Escape Vulnerability
CVSS 9.8D-Link Multiple NAS Devices — D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability
CVSS 9.8JetBrains TeamCity — JetBrains TeamCity Authentication Bypass Vulnerability
CVSS 9.8Microsoft Exchange Server — Microsoft Exchange Server Privilege Escalation Vulnerability
CVSS 9.8Fortinet FortiOS — Fortinet FortiOS Out-of-Bound Write Vulnerability
CVSS 9.8Google Chromium V8 — Google Chromium V8 Type Confusion Vulnerability
CVSS 9.6Google Chromium V8 — Google Chromium V8 Type Confusion Vulnerability
CVSS 9.6Google Chromium V8 — Google Chromium V8 Type Confusion Vulnerability
CVSS 9.6Google Chromium — Google Chromium Visuals Use-After-Free Vulnerability
CVSS 9.6Ivanti Cloud Services Appliance (CSA) — Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability
CVSS 9.4Roundcube Webmail — RoundCube Webmail Cross-Site Scripting Vulnerability
CVSS 9.3Apache HTTP Server — Apache HTTP Server Improper Escaping of Output Vulnerability
CVSS 9.1Mitel MiCollab — Mitel MiCollab Path Traversal Vulnerability
CVSS 9.1Palo Alto Networks Expedition — Palo Alto Networks Expedition SQL Injection Vulnerability
CVSS 9.1PTZOptics PT30X-SDI/NDI Cameras — PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability
CVSS 9.1SolarWinds Web Help Desk — SolarWinds Web Help Desk Hardcoded Credential Vulnerability
CVSS 9.1Ivanti Connect Secure and Policy Secure — Ivanti Connect Secure and Policy Secure Command Injection Vulnerability
CVSS 9.1Yiiframework Yii — Yiiframework Yii Improper Protection of Alternate Path Vulnerability
CVSS 9Samsung MagicINFO 9 Server — Unauthenticated File Write to Remote Code Execution via Path Traversal
CVSS 8.8Oracle Agile Product Lifecycle Management (PLM) — Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability
CVSS 8.8Zyxel DSL CPE Devices — Zyxel DSL CPE OS Command Injection Vulnerability
CVSS 8.8Zyxel DSL CPE Devices — Zyxel DSL CPE OS Command Injection Vulnerability
CVSS 8.8Apple Multiple Products — Apple Multiple Products Code Execution Vulnerability
CVSS 8.8Microsoft Windows — Microsoft Windows Task Scheduler Privilege Escalation Vulnerability
CVSS 8.8Ivanti EPM — Unauthenticated SQL Injection Leading to Remote Code Execution via xp_cmdshell
CVSS 8.8Microsoft Windows — Microsoft Windows MSHTML Platform Spoofing Vulnerability
CVSS 8.8Google Chromium V8 — Google Chromium V8 Inappropriate Implementation Vulnerability
CVSS 8.8Microsoft Project — Microsoft Project Remote Code Execution Vulnerability
CVSS 8.8Google Chromium V8 — Google Chromium V8 Out-of-Bounds Memory Write Vulnerability
CVSS 8.8Microsoft Windows — Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability
CVSS 8.8Microsoft SmartScreen Prompt — Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability
CVSS 8.8Apple Multiple Products — Apple Multiple Products WebKit Type Confusion Vulnerability
CVSS 8.8Google Chromium V8 — Google Chromium V8 Out-of-Bounds Memory Access Vulnerability
CVSS 8.8Microsoft Partner Center — Microsoft Partner Center Improper Access Control Vulnerability
CVSS 8.7NAKIVO Backup and Replication — NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVSS 8.6SolarWinds Serv-U — SolarWinds Serv-U Path Traversal Vulnerability
CVSS 8.6Check Point Quantum Security Gateways — Check Point Quantum Security Gateways Information Disclosure Vulnerability
CVSS 8.6Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) — Cisco ASA and FTD Denial of Service Vulnerability
CVSS 8.6ConnectWise ScreenConnect — Zip Slip Path Traversal Enabling RCE as SYSTEM (SlashAndGrab)
CVSS 8.4Justice AV Solutions Viewer — Justice AV Solutions (JAVS) Viewer Installer Embedded Malicious Code Vulnerability
CVSS 8.4Ivanti Connect Secure, Policy Secure, and Neurons — Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability
CVSS 8.2Microsoft Windows — Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability
CVSS 8.1Citrix Session Recording — Citrix Session Recording Improper Privilege Management Vulnerability
CVSS 8Citrix Session Recording — Citrix Session Recording Deserialization of Untrusted Data Vulnerability
CVSS 8Linux Kernel — Linux Kernel Out-of-Bounds Access Vulnerability
CVSS 7.8Linux Kernel — Linux Kernel Out-of-Bounds Write Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability
CVSS 7.8Qualcomm Multiple Chipsets — Qualcomm Multiple Chipsets Use-After-Free Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Management Console Remote Code Execution Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Installer Improper Privilege Management Vulnerability
CVSS 7.8Kingsoft WPS Office — Kingsoft WPS Office Path Traversal Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Power Dependency Coordinator Privilege Escalation Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability
CVSS 7.8Android Kernel — Android Kernel Remote Code Execution Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Hyper-V Privilege Escalation Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability
CVSS 7.8Android Pixel — Android Pixel Privilege Escalation Vulnerability
CVSS 7.8Arm Mali GPU Kernel Driver — Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
CVSS 7.8Linux Kernel — Linux Kernel Use-After-Free Vulnerability
CVSS 7.8Microsoft DWM Core Library — Microsoft DWM Core Library Privilege Escalation Vulnerability
CVSS 7.8Android Pixel — Android Pixel Privilege Escalation Vulnerability
CVSS 7.8Apple Multiple Products — Apple Multiple Products Memory Corruption Vulnerability
CVSS 7.8Apple Multiple Products — Apple Multiple Products Memory Corruption Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
CVSS 7.6SimpleHelp SimpleHelp — SimpleHelp Path Traversal Vulnerability
CVSS 7.5Microsoft .NET Framework — Microsoft .NET Framework Information Disclosure Vulnerability
CVSS 7.5Apache OFBiz — Apache OFBiz Forced Browsing Vulnerability
CVSS 7.5Palo Alto Networks PAN-OS — Palo Alto Networks PAN-OS Malicious DNS Packet Vulnerability
CVSS 7.5Zyxel Multiple Firewalls — Zyxel Multiple Firewalls Path Traversal Vulnerability
CVSS 7.5Oracle Agile Product Lifecycle Management (PLM) — Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability
CVSS 7.5VMware vCenter Server — VMware vCenter Server Privilege Escalation Vulnerability
CVSS 7.5Palo Alto Networks Expedition — Palo Alto Networks Expedition OS Command Injection Vulnerability
CVSS 7.5Microsoft Windows — Microsoft Windows Scripting Engine Memory Corruption Vulnerability
CVSS 7.5Microsoft Windows — Microsoft Windows MSHTML Platform Spoofing Vulnerability
CVSS 7.5Adobe ColdFusion — Adobe ColdFusion Improper Access Control Vulnerability
CVSS 7.4JetBrains TeamCity — Pre-Auth Path Traversal Bypassing Authentication on Limited Admin Endpoints
CVSS 7.3DrayTek Vigor Routers — DrayTek Vigor Routers OS Command Injection Vulnerability
CVSS 7.3Android Framework — Android Framework Privilege Escalation Vulnerability
CVSS 7.3Microsoft Publisher — Microsoft Publisher Protection Mechanism Failure Vulnerability
CVSS 7.3D-Link Multiple NAS Devices — D-Link Multiple NAS Devices Command Injection Vulnerability
CVSS 7.3SimpleHelp RMM — Admin Zip Slip Enables Arbitrary File Write and Remote Code Execution
CVSS 7.2TeamT5 ThreatSonar Anti-Ransomware — TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability
CVSS 7.2Mitel SIP Phones — Mitel SIP Phones Argument Injection Vulnerability
CVSS 7.2Palo Alto Networks PAN-OS — Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability
CVSS 7.2PTZOptics PT30X-SDI/NDI Cameras — PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability
CVSS 7.2Microsoft SharePoint — Microsoft SharePoint Deserialization Vulnerability
CVSS 7.2Ivanti Cloud Services Appliance (CSA) — Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability
CVSS 7.2Ivanti Cloud Services Appliance — Ivanti Cloud Services Appliance OS Command Injection Vulnerability
CVSS 7.2Versa Director — Versa Director Dangerous File Type Upload Vulnerability
CVSS 7.2Linux Kernel — Linux Kernel Out-of-Bounds Read Vulnerability
CVSS 7.1Microsoft Windows — Microsoft Windows Kernel TOCTOU Race Condition Vulnerability
CVSS 7Microsoft Windows — Microsoft Windows Kernel Privilege Escalation Vulnerability
CVSS 7VMware ESXi — VMware ESXi Authentication Bypass Vulnerability
CVSS 6.8BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) — BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability
CVSS 6.6Microsoft Windows — Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability
CVSS 6.5Ivanti Cloud Services Appliance (CSA) — Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability
CVSS 6.5Microsoft Windows — Microsoft Windows MSHTML Platform Spoofing Vulnerability
CVSS 6.5Microsoft Windows — Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
CVSS 6.5Apple Multiple Products — Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability
CVSS 6.3MDaemon Email Server — MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability
CVSS 6.1Zimbra ZCS — Stored XSS via X-Zimbra-Calendar-Intended-For Header, Exploited by APT28 in Operation RoundPress
CVSS 6.1Roundcube Webmail — RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability
CVSS 6.1Cisco NX-OS — Cisco NX-OS Command Injection Vulnerability
CVSS 6Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) — Cisco ASA and FTD Privilege Escalation Vulnerability
CVSS 6Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) — Cisco ASA and FTD Denial-of-Service Vulnerability
CVSS 5.8Linux Kernel — Linux Kernel Use of Uninitialized Resource Vulnerability
CVSS 5.5Android Pixel — Android Pixel Information Disclosure Vulnerability
CVSS 5.5Microsoft Windows — Microsoft Windows Mark of the Web (MOTW) Protection Mechanism Failure Vulnerability
CVSS 5.4D-Link DIR-859 Router — D-Link DIR-859 Router Path Traversal Vulnerability
CVSS 5.3Twilio Authy — Twilio Authy Information Disclosure Vulnerability
CVSS 5.3Mitel MiCollab — Mitel MiCollab Path Traversal Vulnerability
CVSS 2.7