TODO
2020
2021
- CVE-2021-21985, VMWare vSphere
- CVE-2021-21972, VMWare vCenter
- CVE-2021-21974, VMWare ESXi
- CVE-2021-40655, D-Link DIR-605L
2022
2023
- CVE-2023-20198, Cisco IOS XE
- CVE-2023-20269, Cisco ASA/Firepower VPN
- CVE-2023-30908, HPE OneView Auth Bypass
- CVE-2023-34048, VMWare vCenter
- CVE-2023-34049, VMWare Aria Operations for Networks
- CVE-2023-48788, Fortinet FortiClients EMS
2024
- CVE-2024-3080, ASUS Router Auth Bypass
- CVE-2024-3400, Palo Alto OS Command Injection
- CVE-2024-3912, ASUS Router Firmware Upload
- CVE-2024-4985, GitHub Enterprise Server Auth Bypass
- CVE-2024-6045, Confluence Auth RCE
- CVE-2024-10914, D-Link Command Injection
- CVE-2024-20356, Cisco CIMC Command Injection
- CVE-2024-20357, Cisco IP Phone XML Injection
- CVE-2024-20358, Cisco ASA/Firepower Auth RCE
- CVE-2024-20359, Cisco ASA/Firepower Auth RCE
- CVE-2024-20419, Cisco Smart Software Manager RCE
- CVE-2024-24919, Check Point SVN RCE
- CVE-2024-29849, Veeam Backup Auth Bypass
- CVE-2024-29972, Zyxel NAS326 Backdoor
- CVE-2024-29973, Zyxel NAS326 Code Injection
- CVE-2024-29974, Zyxel NAS326 RCE
- CVE-2024-29975, Zyxel NAS326 Priv Esc
- CVE-2024-47575, FortiJump Unauth RCE
- PAN-SA-2024-0015, Paloalto Unauth RCE
- 0.0.0.0-day, PNA bypass
- Attacking UNIX Systems via CUPS
2025
- CVE-2025-20188, Cisco IOS XE Hardcoded JWT
- Hardware: Digital Microscope (budget)
- Hardware: Digital Microscope (premium)
- CVE-2025-3280X, Kea DHCP Auth Bypass
- CVE-2025-5054, Apport Information Disclosure
- CVE-2025-37164, HPE OneView Unauth RCE
- CVE-2026-21858, n8n Unauth RCE
- CVE-2025-68613, n8n Code Execution
- CVE-2025-68668, n8n Auth Sandbox Bypass
- CVE-2025-59470, Veeam Auth RCE
- CVE-2026-0625, D-Link Unauth Command Injection
- CVE-2025-55182, React RSC Code Execution
- CVE-2025-13915, IBM API Connect Auth Bypass
- CVE-2025-52691, SmarterMail Unauth RCE
- CVE-xxxx-xxxxx, SmarterMail Auth Bypass
- CVE-2026-24423, SmarterMail Unauth RCE
- CVE-2025-14733, WatchGuard Fireware OS Unauth RCE
- CVE-2025-68664, LangChain Serialization Injection
- CVE-2025-59718 / CVE-2025-59719, Fortinet SSO Auth Bypass
- XML Signature Wrapping (XSW)
- CVE-2025-6218, WinRAR Path Traversal RCE
- CVE-2025-66516, Apache Tika XXE
- CVE-2025-53772, Microsoft Web Deploy RCE
- CVE-2024-50629 ~ 50631, Synology BeeStation RCE ↗
- CVE-2025-59466, Node.js DoS via async_hooks
- CVE-2026-22709, Node.js vm2 Sandbox Escape RCE ↗
- CVE-2025-8110, Gogs Path Traversal RCE
- CVE-2025-64155, FortiSIEM Unauth RCE
- .NET Remote Object WSDL RCE
- CVE-2025-20393, Cisco Secure Email Gateway RCE
- CVE-2025-53690, Sitecore Initial Access
- TP-Link Tapo C200 Hardcoded Keys ↗
2026
- CVE-2026-21962, Oracle Weblogic Proxy Plug-in Injection
- CVE-2026-24061, GNU InetUtils Telnetd Unauth RCE ↗
- CVE-2026-32746, Telnetd Out-of-Bounds Write RCE ↗
- CVE-2026-3888, Ubuntu systemd Privilege Escalation ↗
- CVE-2026-21992, Oracle IDM RCE
- CVE-2026-21994, Oracle OKIT Hardcoded Flask Key
- CVE-2026-34197, Apache ActiveMQ Code Injection
- CVE-2026-40176 / CVE-2026-40261, PHP Composer RCE
- CVE-2026-23408, AppArmor Use-After-Free LPE