| | CVE-2024-40713 |  Veeam | high | 7.8 | — | | A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup &… | Sep 7, 2024 | May 1, 2025 |
| | CVE-2024-40712 | Veeam | high | 7.8 | — | | A path traversal vulnerability allows an attacker with a low-privileged account and local access to … | Sep 7, 2024 | May 1, 2025 |
| | CVE-2024-40711 | Veeam | critical | 9.8 | — | | A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthentica… | Sep 7, 2024 | Oct 30, 2025 |
| | CVE-2024-40710 | Veeam | high | 8.8 | — | | A series of related high-severity vulnerabilities, the most notable enabling remote code execution (… | Sep 7, 2024 | May 1, 2025 |
| | CVE-2024-39718 | Veeam | high | 8.1 | — | | An improper input validation vulnerability that allows a low-privileged user to remotely remove file… | Sep 7, 2024 | May 8, 2025 |
| | CVE-2024-22477 |  ForgeRock | low | 1.8 | — | | A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. The … | Jul 9, 2024 | Nov 21, 2024 |
| | CVE-2024-22377 | ForgeRock | medium | 5.3 | — | | The deploy directory in PingFederate runtime nodes is reachable to unauthorized users. | Jul 9, 2024 | Nov 21, 2024 |
| | CVE-2024-27785 |  Fortinet | medium | 5.4 | 0.6%
| | An improper neutralization of formula elements in a CSV File [CWE-1236] vulnerability in Fortinet Fo… | Jul 9, 2024 | Jan 9, 2026 |
| | CVE-2024-27784 | Fortinet | high | 8.8 | 0.6%
| | Multiple Exposure of sensitive information to an unauthorized actor weaknesses [CWE-200] vulnerabili… | Jul 9, 2024 | Jan 9, 2026 |
| | CVE-2024-27783 | Fortinet | high | 7.6 | 1.1%
| | Multiple cross-site request forgery (CSRF) weaknesses [CWE-352] vulnerability in Fortinet FortiAIOps… | Jul 9, 2024 | Jan 9, 2026 |
| | CVE-2024-27782 | Fortinet | high | 8.1 | 0.8%
| | Multiple insufficient session expiration weaknesses [CWE-613] vulnerability in Fortinet FortiAIOps 2… | Jul 9, 2024 | Jan 9, 2026 |
| | CVE-2024-37079 |  VMware | critical | 9.8 | 82.7%
| ⚠ KEV | vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. … | Jun 18, 2024 | Jan 26, 2026 |
| | CVE-2024-29855 | Veeam | critical | 9.0 | — | | Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator | Jun 11, 2024 | Jul 14, 2025 |
| | CVE-2024-29853 | Veeam | high | 7.8 | — | | An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privile… | May 22, 2024 | Jul 3, 2025 |
| | CVE-2024-29852 | Veeam | low | 2.7 | — | | Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs. | May 22, 2024 | Jul 3, 2025 |
| | CVE-2024-29851 | Veeam | high | 7.2 | — | | Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manage… | May 22, 2024 | Jul 3, 2025 |
| | CVE-2024-29850 | Veeam | high | 8.8 | — | | Veeam Backup Enterprise Manager allows account takeover via NTLM relay. | May 22, 2024 | Jul 3, 2025 |
| | CVE-2024-29849 | Veeam | critical | 9.8 | — | | Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise man… | May 22, 2024 | Jul 3, 2025 |
| | CVE-2024-31491 | Fortinet | high | 8.8 | 1.1%
| | A client-side enforcement of server-side security vulnerability in Fortinet FortiSandbox 4.4.0 throu… | May 14, 2024 | Jan 14, 2026 |
| | CVE-2024-29212 | Veeam | critical | 9.9 | — | | Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in… | May 14, 2024 | Jun 30, 2025 |
| | CVE-2024-27460 |  HPE | medium | 6.7 | 2.5%
| | A privilege escalation exists in the updater for Plantronics Hub 3.25.1 and below. | May 14, 2024 | Jan 21, 2026 |
| | CVE-2024-32761 |  F5 | medium | 6.5 | 0.3%
| | Under certain conditions, a data leak may occur in the Traffic Management Microkernels (TMMs) of BIG… | May 8, 2024 | Feb 4, 2026 |
| | CVE-2024-28893 | HPE | high | 7.7 | 0.4%
| | Certain HP software packages (SoftPaqs) are potentially vulnerable to arbitrary code execution when … | May 1, 2024 | Jan 14, 2026 |
| | CVE-2024-20358 |  Cisco | medium | 6.0 | 0.0%
| | A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is availab… | Apr 24, 2024 | Mar 4, 2026 |
| | CVE-2024-24910 |  Check Point | high | 7.3 | 0.1%
| | A local attacker can erscalate privileges on affected Check Point ZoneAlarm ExtremeSecurity NextGen,… | Apr 18, 2024 | Jan 15, 2026 |
| | CVE-2024-1249 |  Apache | high | 7.4 | 0.2%
| | A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cr… | Apr 17, 2024 | Apr 30, 2026 |
| | CVE-2024-31487 | Fortinet | medium | 5.9 | 0.5%
| | A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fo… | Apr 9, 2024 | Jan 14, 2026 |
| | CVE-2024-23671 | Fortinet | high | 8.1 | 0.8%
| | A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fo… | Apr 9, 2024 | Jan 14, 2026 |
| | CVE-2024-21756 | Fortinet | high | 8.8 | 1.0%
| | A improper neutralization of special elements used in an os command ('os command injection') vulnera… | Apr 9, 2024 | Jan 14, 2026 |
| | CVE-2024-21755 | Fortinet | high | 8.8 | 1.0%
| | A improper neutralization of special elements used in an os command ('os command injection') vulnera… | Apr 9, 2024 | Jan 14, 2026 |
| | CVE-2023-47541 | Fortinet | medium | 6.7 | 0.1%
| | An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in F… | Apr 9, 2024 | Jan 14, 2026 |
| | CVE-2023-47540 | Fortinet | medium | 6.7 | 0.1%
| | An improper neutralization of special elements used in an os command ('os command injection') vulner… | Apr 9, 2024 | Jan 14, 2026 |
| | CVE-2023-0582 | ForgeRock | high | 8.1 | — | | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Forg… | Mar 27, 2024 | Apr 14, 2025 |
| | CVE-2023-41842 | Fortinet | medium | 6.7 | 0.1%
| | A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allo… | Mar 12, 2024 | Jan 14, 2026 |
| | CVE-2024-0590 |  Microsoft | medium | 6.1 | 24.8%
| | The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versio… | Feb 29, 2024 | Apr 8, 2026 |
| | CVE-2024-22022 | Veeam | high | 8.8 | — | | Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-… | Feb 7, 2024 | Jun 3, 2025 |
| | CVE-2024-22021 | Veeam | medium | 4.3 | — | | Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (P… | Feb 7, 2024 | Jun 5, 2025 |
| | CVE-2023-40545 | ForgeRock | high | 8.8 | — | | Authentication bypass when an OAuth2 Client is using client_secret_jwt as its authentication method … | Feb 6, 2024 | Nov 21, 2024 |
| | CVE-2024-23109 | Fortinet | critical | 10.0 | 7.0%
| | An improper neutralization of special elements used in an os command ('os command injection') vulner… | Feb 5, 2024 | Jan 14, 2026 |
| | CVE-2024-23108 | Fortinet | critical | 10.0 | 90.4%
| | An improper neutralization of special elements used in an os command ('os command injection') vulner… | Feb 5, 2024 | Jan 14, 2026 |
| | CVE-2023-36496 | ForgeRock | high | 7.7 | — | | Delegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated u… | Feb 1, 2024 | Nov 21, 2024 |
| | CVE-2023-48795 | Apache | medium | 5.9 | 53.6%
| | The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other pr… | Dec 18, 2023 | May 12, 2026 |
| | CVE-2023-45587 | Fortinet | low | 3.5 | 0.4%
| | An improper neutralization of input during web page generation ('cross-site scripting') vulnerabilit… | Dec 13, 2023 | Jan 14, 2026 |
| | CVE-2023-41844 | Fortinet | low | 3.5 | 0.4%
| | A improper neutralization of input during web page generation ('cross-site scripting') vulnerability… | Dec 13, 2023 | Jan 14, 2026 |
| | CVE-2023-36424 | Microsoft | high | 7.8 | 10.3%
| ⚠ KEV | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Nov 14, 2023 | Apr 14, 2026 |
| | CVE-2023-41723 | Veeam | medium | 4.3 | — | | A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashbo… | Nov 7, 2023 | Nov 21, 2024 |
| | CVE-2023-38549 | Veeam | medium | 5.4 | — | | A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client … | Nov 7, 2023 | Nov 21, 2024 |
| | CVE-2023-38548 | Veeam | medium | 4.3 | — | | A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client … | Nov 7, 2023 | Mar 6, 2025 |
| | CVE-2023-38547 | Veeam | critical | 9.8 | — | | A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server… | Nov 7, 2023 | Mar 6, 2025 |
| | CVE-2023-39930 | ForgeRock | high | 7.5 | — | | A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV… | Oct 25, 2023 | Nov 21, 2024 |