TODO

TODO

2020

• CVE-2020-3259, Cisco AnyConnect

2021

• CVE-2021-21985, VMWare vSphere

• CVE-2021-21972, VMWare vCenter

• CVE-2021-21974, VMWare ESXi

• CVE-2021-40655, D-Link DIR-605L

2022

• CVE-2022-22948, VMWare vCenter

2023

• CVE-2023-20198, Cisco IOS XE

• CVE-2023-20269, Cisco ASA/Firepower VPN

• CVE-2023-30908, HPE OneView Auth Bypass

• CVE-2023-34048, VMWare vCenter

• CVE-2023-34049, VMWare Aria Operations for Networks

• CVE-2023-48788, Fortinet FortiClients EMS

2024

• CVE-2024-3080, ASUS Router Auth Bypass

• CVE-2024-3400, Palo Alto OS Command Injection

• CVE-2024-3912, ASUS Router Firmware Upload

• CVE-2024-4985, GitHub Enterprise Server Auth Bypass

• CVE-2024-6045, Confluence Auth RCE

• CVE-2024-10914, D-Link Command Injection

• CVE-2024-20356, Cisco CIMC Command Injection

• CVE-2024-20357, Cisco IP Phone XML Injection

• CVE-2024-20358, Cisco ASA/Firepower Auth RCE

• CVE-2024-20359, Cisco ASA/Firepower Auth RCE

• CVE-2024-20419, Cisco Smart Software Manager RCE

• CVE-2024-24919, Check Point SVN RCE

• CVE-2024-29849, Veeam Backupo Auth Bypass

• CVE-2024-29972, Zyxel NAS326 Backdoor

• CVE-2024-29973, Zyxel NAS326 Code Injection

• CVE-2024-29974, Zyxel NAS326 RCE

• CVE-2024-29975, Zyxel NAS326 Priv Esc

• CVE-2024-47575, FortiJump Unauth RCE

• PAN-SA-2024-0015, Paloalto Unauth RCE

• 0.0.0.0-day, PNA bypass

• Attacking UNIX Systems via CUPS

2025

• CVE-2025-20188, Cisco IOS XE, Hardcoded JWT, CVSS 10

• Hardware: Pwnagotchi

• Hardware: Digital Microscope (budget)

• Hardware: Digital Microscope (premium)

• CVE-2025-3280X, Kea DHCP

• CVE-2025-5054, Apport information disclosure

• CVE-2025-37164 - HPE OneView unauth RCE

• CVE-2026-21858 - Ni8mare. Unauth RCE

• CVE-2025-68613 - n8n code execution, 9.9

• CVE-2025-68668 - N8scape. Auth sandbox bypass.

• CVE-2025-59470 - Veeam auth RCE

• CVE-2026-0625 - D-Link unauth command injection through dnscfg.cgi

• CVE-2025-55182 - React2Shell

• CVE-2025-13915 - IBM API Connect auth bypass, remote access.

• CVE-2025-52691 - SmarterMail, 10.0, unauth RCE

• CVE-xxxx-xxxxx - SmarterMail, Auth bypass

• CVE-2026-24423 - SmarterMail, 9.3, unauth rce

• CVE-2025-14733 - WatchGuard, Fireware OS, out-of-bounds write IKEv2, unauth RCE

• CVE-2025-68664 - LangChain (LangGrinch), 9.3, Serialization Injection

• CVE-2025-59718 / CVE-2025-59719 - Fortinet SSO auth bypass, 9.8

• XML Signature Wrapping (XSW)

• CVE-2025-6218 - WinRAR, 7.8, path traversal to code execution (ofta i kombination med CVE-2025-8088)

• CVE-2025-66516 - Apache Tika, 10.0, XXE

• CVE-2025-53772 - Microsoft Web Deploy, RCE, 8.8

• CVE-2024-50629 ~ 50631, Synology BeeStation, RCE (Genom CRLF, Auth Bypass + SQL Injection), pwn2own https://github.com/kiddo-pwn/CVE-2024-50629_50631

• CVE-2025-59466 - Node.js DOS, async_hooks

• CVE-2026-22709 - Node.js vm2 escape sandbox code execution, 9.8, https://www.endorlabs.com/learn/cve-2026-22709-critical-sandbox-escape-in-vm2-enables-arbitrary-code-execution

• CVE-2025-8110 - Gogs Path Traversal to RCE, 8.7, "improper Symbolic link handling in the PutContents API"

• CVE-2025-64155 - FortiSIEM unauth RCE, 9.4, TCP port 7900 (handles incoming request for Elasticsearch), 'weaponizing the curl argument injection to write a reverse shell to "/opt/charting/redishb.sh,"'

• .NET remote object wsdl, RCE, code-white

• CVE-2025-20393 - Cisco Secure Email Gateway, 10.0, RCE insufficient validation of HTTP request by Spam Quarantine feature, China-nexus APT

• CVE-2025-53690, Sitecore, CVSS score: 9.0, initial access, China-nexus APT

• TP-link Tapo C200, hardcoded keys, firmware dump: https://www.evilsocket.net/images/2025/tapo/bucket_contents.txt

• CVE-2026-21962 - Oracle HTTP & Weblogic Server Proxy Plug-in, 10.0

• CVE-2026-24061 - Telnetd GNU InetUtils, 9.8, https://thehackernews.com/2026/01/critical-gnu-inetutils-telnetd-flaw.html, https://seclists.org/oss-sec/2026/q1/89

More