RADAR KEV+EPSS
OPERATIVOVulnerabilità già sfruttate nel mondo reale, ordinate per probabilità di sfruttamento nei prossimi 30 giorni. Una sola domanda: cosa merita attenzione oggi, in quale ordine.
1638vulnerabilità nel catalogo
7aggiunte questa settimana
14/07/2026, 17:41ultimo aggiornamento
| CVE | Vendor / Prodotto | Vulnerabilità | EPSS | Percentile | Aggiunta al catalogo | Scadenza imposta | |
|---|---|---|---|---|---|---|---|
| 1 | CVE-2021-26086 | AtlassianJira Server and Data Center | Atlassian Jira Server and Data Center Path Traversal Vulnerability | 100,0% | 100° | 12/11/2024 | 03/12/2024 |
| 2 | CVE-2024-23897RANSOMWARE | JenkinsJenkins Command Line Interface (CLI) | Jenkins Command Line Interface (CLI) Path Traversal Vulnerability | 100,0% | 100° | 19/08/2024 | 09/09/2024 |
| 3 | CVE-2024-3400RANSOMWARE | Palo Alto NetworksPAN-OS | Palo Alto Networks PAN-OS Command Injection Vulnerability | 100,0% | 100° | 12/04/2024 | 19/04/2024 |
| 4 | CVE-2024-21893RANSOMWARE | IvantiConnect Secure, Policy Secure, and Neurons | Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability | 100,0% | 100° | 31/01/2024 | 02/02/2024 |
| 5 | CVE-2023-35082RANSOMWARE | IvantiEndpoint Manager Mobile (EPMM) and MobileIron Core | Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability | 100,0% | 100° | 18/01/2024 | 08/02/2024 |
| 6 | CVE-2024-21887RANSOMWARE | IvantiConnect Secure and Policy Secure | Ivanti Connect Secure and Policy Secure Command Injection Vulnerability | 100,0% | 100° | 10/01/2024 | 22/01/2024 |
| 7 | CVE-2023-1671 | SophosWeb Appliance | Sophos Web Appliance Command Injection Vulnerability | 100,0% | 100° | 16/11/2023 | 07/12/2023 |
| 8 | CVE-2023-22518RANSOMWARE | AtlassianConfluence Data Center and Server | Atlassian Confluence Data Center and Server Improper Authorization Vulnerability | 100,0% | 100° | 07/11/2023 | 28/11/2023 |
| 9 | CVE-2023-4966RANSOMWARE | CitrixNetScaler ADC and NetScaler Gateway | Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability | 100,0% | 100° | 18/10/2023 | 08/11/2023 |
| 10 | CVE-2023-44487 | IETFHTTP/2 | HTTP/2 Rapid Reset Attack Vulnerability | 100,0% | 100° | 10/10/2023 | 31/10/2023 |
| 11 | CVE-2023-32315 | Ignite RealtimeOpenfire | Ignite Realtime Openfire Path Traversal Vulnerability | 100,0% | 100° | 24/08/2023 | 14/09/2023 |
| 12 | CVE-2023-35078RANSOMWARE | IvantiEndpoint Manager Mobile (EPMM) | Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability | 100,0% | 100° | 25/07/2023 | 15/08/2023 |
| 13 | CVE-2023-1389 | TP-LinkArcher AX21 | TP-Link Archer AX-21 Command Injection Vulnerability | 100,0% | 100° | 01/05/2023 | 22/05/2023 |
| 14 | CVE-2023-27350RANSOMWARE | PaperCutMF/NG | PaperCut MF/NG Improper Access Control Vulnerability | 100,0% | 100° | 21/04/2023 | 12/05/2023 |
| 15 | CVE-2023-0669RANSOMWARE | FortraGoAnywhere MFT | Fortra GoAnywhere MFT Remote Code Execution Vulnerability | 100,0% | 100° | 10/02/2023 | 03/03/2023 |
| 16 | CVE-2022-26134RANSOMWARE | AtlassianConfluence Server/Data Center | Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability | 100,0% | 100° | 02/06/2022 | 06/06/2022 |
| 17 | CVE-2014-0160 | OpenSSLOpenSSL | OpenSSL Information Disclosure Vulnerability | 100,0% | 100° | 04/05/2022 | 25/05/2022 |
| 18 | CVE-2022-29464RANSOMWARE | WSO2Multiple Products | WSO2 Multiple Products Unrestrictive Upload of File Vulnerability | 100,0% | 100° | 25/04/2022 | 16/05/2022 |
| 19 | CVE-2017-9841 | PHPUnitPHPUnit | PHPUnit Command Injection Vulnerability | 100,0% | 100° | 15/02/2022 | 15/08/2022 |
| 20 | CVE-2015-1635 | MicrosoftHTTP.sys | Microsoft HTTP.sys Remote Code Execution Vulnerability | 100,0% | 100° | 10/02/2022 | 10/08/2022 |
| 21 | CVE-2014-6271 | GNUBourne-Again Shell (Bash) | GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability | 100,0% | 100° | 28/01/2022 | 28/07/2022 |
| 22 | CVE-2021-44228RANSOMWARE | ApacheLog4j2 | Apache Log4j2 Remote Code Execution Vulnerability | 100,0% | 100° | 10/12/2021 | 24/12/2021 |
| 23 | CVE-2021-40438 | ApacheApache | Apache HTTP Server-Side Request Forgery (SSRF) | 100,0% | 100° | 01/12/2021 | 15/12/2021 |
| 24 | CVE-2017-5638RANSOMWARE | ApacheStruts | Apache Struts Remote Code Execution Vulnerability | 100,0% | 100° | 03/11/2021 | 03/05/2022 |
| 25 | CVE-2021-26084RANSOMWARE | AtlassianConfluence Server and Data Center | Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability | 100,0% | 100° | 03/11/2021 | 17/11/2021 |
| 26 | CVE-2021-1498 | CiscoHyperFlex HX | Cisco HyperFlex HX Data Platform Command Injection Vulnerability | 100,0% | 100° | 03/11/2021 | 17/11/2021 |
| 27 | CVE-2019-19781RANSOMWARE | CitrixApplication Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance | Citrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability | 100,0% | 100° | 03/11/2021 | 03/05/2022 |
| 28 | CVE-2020-5902RANSOMWARE | F5BIG-IP | F5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution Vulnerability | 100,0% | 100° | 03/11/2021 | 03/05/2022 |
| 29 | CVE-2021-35464RANSOMWARE | ForgeRockAccess Management (AM) | ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability | 100,0% | 100° | 03/11/2021 | 17/11/2021 |
| 30 | CVE-2018-13379RANSOMWARE | FortinetFortiOS | Fortinet FortiOS SSL VPN Path Traversal Vulnerability | 100,0% | 100° | 03/11/2021 | 03/05/2022 |
| 31 | CVE-2019-0708RANSOMWARE | MicrosoftRemote Desktop Services | Microsoft Remote Desktop Services Remote Code Execution Vulnerability | 100,0% | 100° | 03/11/2021 | 03/05/2022 |
| 32 | CVE-2021-34473RANSOMWARE | MicrosoftExchange Server | Microsoft Exchange Server Remote Code Execution Vulnerability | 100,0% | 100° | 03/11/2021 | 17/11/2021 |
| 33 | CVE-2021-26855RANSOMWARE | MicrosoftExchange Server | Microsoft Exchange Server Remote Code Execution Vulnerability | 100,0% | 100° | 03/11/2021 | 03/05/2022 |
| 34 | CVE-2019-11510RANSOMWARE | IvantiPulse Connect Secure | Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability | 100,0% | 100° | 03/11/2021 | 03/05/2022 |
| 35 | CVE-2021-22005RANSOMWARE | VMwarevCenter Server | VMware vCenter Server File Upload Vulnerability | 100,0% | 100° | 03/11/2021 | 17/11/2021 |
| 36 | CVE-2021-21985RANSOMWARE | VMwarevCenter Server | VMware vCenter Server Improper Input Validation Vulnerability | 100,0% | 100° | 03/11/2021 | 17/11/2021 |
| 37 | CVE-2017-7921 | HikvisionMultiple Products | Hikvision Multiple Products Improper Authentication Vulnerability | 100,0% | 100° | 05/03/2026 | 26/03/2026 |
| 38 | CVE-2013-2251 | ApacheStruts | Apache Struts Improper Input Validation Vulnerability | 100,0% | 100° | 25/03/2022 | 15/04/2022 |
| 39 | CVE-2012-1823 | PHPPHP | PHP-CGI Query String Parameter Vulnerability | 100,0% | 100° | 25/03/2022 | 15/04/2022 |
| 40 | CVE-2024-3273 | D-LinkMultiple NAS Devices | D-Link Multiple NAS Devices Command Injection Vulnerability | 100,0% | 100° | 11/04/2024 | 02/05/2024 |
| 41 | CVE-2022-22954RANSOMWARE | VMwareWorkspace ONE Access and Identity Manager | VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability | 100,0% | 100° | 14/04/2022 | 05/05/2022 |
| 42 | CVE-2020-14882 | OracleWebLogic Server | Oracle WebLogic Server Remote Code Execution Vulnerability | 100,0% | 100° | 03/11/2021 | 03/05/2022 |
| 43 | CVE-2019-16920 | D-LinkMultiple Routers | D-Link Multiple Routers Command Injection Vulnerability | 100,0% | 100° | 25/03/2022 | 15/04/2022 |
| 44 | CVE-2022-44877 | CWPControl Web Panel | CWP Control Web Panel OS Command Injection Vulnerability | 100,0% | 100° | 17/01/2023 | 07/02/2023 |
| 45 | CVE-2024-34102 | AdobeCommerce and Magento Open Source | Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability | 100,0% | 100° | 17/07/2024 | 07/08/2024 |
| 46 | CVE-2017-10271RANSOMWARE | OracleWebLogic Server | Oracle Corporation WebLogic Server Remote Code Execution Vulnerability | 100,0% | 100° | 10/02/2022 | 10/08/2022 |
| 47 | CVE-2018-11776 | ApacheStruts | Apache Struts Remote Code Execution Vulnerability | 100,0% | 100° | 03/11/2021 | 03/05/2022 |
| 48 | CVE-2020-8515 | DrayTekMultiple Vigor Routers | Multiple DrayTek Vigor Routers Web Management Page Vulnerability | 100,0% | 100° | 03/11/2021 | 03/05/2022 |
| 49 | CVE-2018-7600RANSOMWARE | DrupalDrupal Core | Drupal Core Remote Code Execution Vulnerability | 100,0% | 100° | 03/11/2021 | 03/05/2022 |
| 50 | CVE-2021-41773RANSOMWARE | ApacheHTTP Server | Apache HTTP Server Path Traversal Vulnerability | 100,0% | 100° | 03/11/2021 | 17/11/2021 |
| 51 | CVE-2020-3452 | CiscoAdaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) | Cisco ASA and FTD Read-Only Path Traversal Vulnerability | 100,0% | 100° | 03/11/2021 | 03/05/2022 |
| 52 | CVE-2024-27199RANSOMWARE | JetBrainsTeamCity | JetBrains TeamCity Relative Path Traversal Vulnerability | 100,0% | 100° | 20/04/2026 | 04/05/2026 |
| 53 | CVE-2025-3248RANSOMWARE | LangflowLangflow | Langflow Missing Authentication Vulnerability | 100,0% | 100° | 05/05/2025 | 26/05/2025 |
| 54 | CVE-2023-29300RANSOMWARE | AdobeColdFusion | Adobe ColdFusion Deserialization of Untrusted Data Vulnerability | 100,0% | 100° | 08/01/2024 | 29/01/2024 |
| 55 | CVE-2020-9054 | ZyxelMultiple Network-Attached Storage (NAS) Devices | Zyxel Multiple NAS Devices OS Command Injection Vulnerability | 100,0% | 100° | 25/03/2022 | 15/04/2022 |
| 56 | CVE-2017-12617 | ApacheTomcat | Apache Tomcat Remote Code Execution Vulnerability | 100,0% | 100° | 25/03/2022 | 15/04/2022 |
| 57 | CVE-2024-7593 | IvantiVirtual Traffic Manager | Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability | 100,0% | 100° | 24/09/2024 | 15/10/2024 |
| 58 | CVE-2024-4577RANSOMWARE | PHP GroupPHP | PHP-CGI OS Command Injection Vulnerability | 100,0% | 100° | 12/06/2024 | 03/07/2024 |
| 59 | CVE-2021-34523RANSOMWARE | MicrosoftExchange Server | Microsoft Exchange Server Privilege Escalation Vulnerability | 100,0% | 100° | 03/11/2021 | 17/11/2021 |
| 60 | CVE-2023-46805RANSOMWARE | IvantiConnect Secure and Policy Secure | Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability | 100,0% | 100° | 10/01/2024 | 22/01/2024 |
| 61 | CVE-2019-9670 | SynacorZimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) Improper Restriction of XML External Entity Reference | 100,0% | 100° | 10/01/2022 | 10/07/2022 |
| 62 | CVE-2023-22527RANSOMWARE | AtlassianConfluence Data Center and Server | Atlassian Confluence Data Center and Server Template Injection Vulnerability | 100,0% | 100° | 24/01/2024 | 14/02/2024 |
| 63 | CVE-2022-40684RANSOMWARE | FortinetMultiple Products | Fortinet Multiple Products Authentication Bypass Vulnerability | 100,0% | 100° | 11/10/2022 | 01/11/2022 |
| 64 | CVE-2024-45195 | ApacheOFBiz | Apache OFBiz Forced Browsing Vulnerability | 100,0% | 100° | 04/02/2025 | 25/02/2025 |
| 65 | CVE-2021-20090 | ArcadyanBuffalo Firmware | Arcadyan Buffalo Firmware Path Traversal Vulnerability | 100,0% | 100° | 03/11/2021 | 17/11/2021 |
| 66 | CVE-2021-22204 | PerlExiftool | ExifTool Remote Code Execution Vulnerability | 100,0% | 100° | 17/11/2021 | 01/12/2021 |
| 67 | CVE-2025-53770RANSOMWARE | MicrosoftSharePoint | Microsoft SharePoint Deserialization of Untrusted Data Vulnerability | 100,0% | 100° | 20/07/2025 | 21/07/2025 |
| 68 | CVE-2025-22457RANSOMWARE | IvantiConnect Secure, Policy Secure, and ZTA Gateways | Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability | 100,0% | 100° | 04/04/2025 | 11/04/2025 |
| 69 | CVE-2023-42793RANSOMWARE | JetBrainsTeamCity | JetBrains TeamCity Authentication Bypass Vulnerability | 100,0% | 100° | 04/10/2023 | 25/10/2023 |
| 70 | CVE-2024-24919RANSOMWARE | Check PointQuantum Security Gateways | Check Point Quantum Security Gateways Information Disclosure Vulnerability | 100,0% | 100° | 30/05/2024 | 20/06/2024 |
| 71 | CVE-2021-45046RANSOMWARE | ApacheLog4j2 | Apache Log4j2 Deserialization of Untrusted Data Vulnerability | 100,0% | 100° | 01/05/2023 | 22/05/2023 |
| 72 | CVE-2024-4879 | ServiceNowUtah, Vancouver, and Washington DC Now Platform | ServiceNow Improper Input Validation Vulnerability | 100,0% | 100° | 29/07/2024 | 19/08/2024 |
| 73 | CVE-2014-8361 | RealtekSDK | Realtek SDK Improper Input Validation Vulnerability | 100,0% | 100° | 18/09/2023 | 09/10/2023 |
| 74 | CVE-2025-0282RANSOMWARE | IvantiConnect Secure, Policy Secure, and ZTA Gateways | Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability | 100,0% | 100° | 08/01/2025 | 15/01/2025 |
| 75 | CVE-2022-41082RANSOMWARE | MicrosoftExchange Server | Microsoft Exchange Server Remote Code Execution Vulnerability | 100,0% | 100° | 30/09/2022 | 21/10/2022 |
| 76 | CVE-2022-47986RANSOMWARE | IBMAspera Faspex | IBM Aspera Faspex Code Execution Vulnerability | 100,0% | 100° | 21/02/2023 | 14/03/2023 |
| 77 | CVE-2020-25506 | D-LinkDNS-320 Device | D-Link DNS-320 Device Command Injection Vulnerability | 100,0% | 100° | 03/11/2021 | 03/05/2022 |
| 78 | CVE-2012-0158 | MicrosoftMSCOMCTL.OCX | Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability | 100,0% | 100° | 03/11/2021 | 03/05/2022 |
| 79 | CVE-2020-0688RANSOMWARE | MicrosoftExchange Server | Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability | 100,0% | 100° | 03/11/2021 | 03/05/2022 |
| 80 | CVE-2019-2725RANSOMWARE | OracleWebLogic Server | Oracle WebLogic Server, Injection | 100,0% | 100° | 10/01/2022 | 10/07/2022 |
| 81 | CVE-2021-42013RANSOMWARE | ApacheHTTP Server | Apache HTTP Server Path Traversal Vulnerability | 100,0% | 100° | 03/11/2021 | 17/11/2021 |
| 82 | CVE-2025-59287 | MicrosoftWindows | Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability | 100,0% | 100° | 24/10/2025 | 14/11/2025 |
| 83 | CVE-2019-10149 | EximMail Transfer Agent (MTA) | Exim Mail Transfer Agent (MTA) Improper Input Validation | 100,0% | 100° | 10/01/2022 | 10/07/2022 |
| 84 | CVE-2024-1709RANSOMWARE | ConnectWiseScreenConnect | ConnectWise ScreenConnect Authentication Bypass Vulnerability | 100,0% | 100° | 22/02/2024 | 29/02/2024 |
| 85 | CVE-2024-38475 | ApacheHTTP Server | Apache HTTP Server Improper Escaping of Output Vulnerability | 100,0% | 100° | 01/05/2025 | 22/05/2025 |
| 86 | CVE-2022-1388RANSOMWARE | F5BIG-IP | F5 BIG-IP Missing Authentication Vulnerability | 100,0% | 100° | 10/05/2022 | 31/05/2022 |
| 87 | CVE-2024-29824 | IvantiEndpoint Manager (EPM) | Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability | 100,0% | 100° | 02/10/2024 | 23/10/2024 |
| 88 | CVE-2018-15961 | AdobeColdFusion | Adobe ColdFusion Unrestricted File Upload Vulnerability | 100,0% | 100° | 03/11/2021 | 03/05/2022 |
| 89 | CVE-2023-38035RANSOMWARE | IvantiSentry | Ivanti Sentry Authentication Bypass Vulnerability | 99,9% | 100° | 22/08/2023 | 12/09/2023 |
| 90 | CVE-2018-10562RANSOMWARE | DasanGigabit Passive Optical Network (GPON) Routers | Dasan GPON Routers Command Injection Vulnerability | 99,9% | 100° | 31/03/2022 | 21/04/2022 |
| 91 | CVE-2025-31161RANSOMWARE | CrushFTPCrushFTP | CrushFTP Authentication Bypass Vulnerability | 99,9% | 100° | 07/04/2025 | 28/04/2025 |
| 92 | CVE-2021-27065RANSOMWARE | MicrosoftExchange Server | Microsoft Exchange Server Remote Code Execution Vulnerability | 99,9% | 100° | 03/11/2021 | 03/05/2022 |
| 93 | CVE-2025-24813 | ApacheTomcat | Apache Tomcat Path Equivalence Vulnerability | 99,9% | 100° | 01/04/2025 | 22/04/2025 |
| 94 | CVE-2022-41040RANSOMWARE | MicrosoftExchange Server | Microsoft Exchange Server Server-Side Request Forgery Vulnerability | 99,9% | 100° | 30/09/2022 | 21/10/2022 |
| 95 | CVE-2017-11882RANSOMWARE | MicrosoftOffice | Microsoft Office Memory Corruption Vulnerability | 99,9% | 100° | 03/11/2021 | 03/05/2022 |
| 96 | CVE-2021-3129RANSOMWARE | LaravelIgnition | Laravel Ignition File Upload Vulnerability | 99,9% | 100° | 18/09/2023 | 09/10/2023 |
| 97 | CVE-2020-10189 | ZohoManageEngine | Zoho ManageEngine Desktop Central File Upload Vulnerability | 99,9% | 100° | 03/11/2021 | 03/05/2022 |
| 98 | CVE-2022-35405 | ZohoManageEngine | Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability | 99,9% | 100° | 22/09/2022 | 13/10/2022 |
| 99 | CVE-2015-3113 | AdobeFlash Player | Adobe Flash Player Heap-Based Buffer Overflow Vulnerability | 99,9% | 100° | 13/04/2022 | 04/05/2022 |
| 100 | CVE-2014-7169 | GNUBourne-Again Shell (Bash) | GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability | 99,9% | 100° | 28/01/2022 | 28/07/2022 |