Most exploited vulnerabilities of 2024 also listed.
The number of reported Common Vulnerabilities and Exposures (CVEs) increased by 30% in the first half of 2024.
Compared to 2023, there were 22,254 detected and reported CVEs between January and July, compared to 17.114 in 2023.
According to Qualys, 0.91 percent of vulnerabilities (204) have been weaponized, which represents a 10 percent increase in the weaponization of CVEs discovered prior to 2024.
“Although old CVEs often resurface and get weaponized well after discovery,” wrote Saeed Abbasi, product manager of the threat research unit at Qualys. Pointing out a notable increase over the course of 2024, Abbasi said the resurgence of previously identified vulnerabilities, which mainly impact remote services and public-facing applications, “highlights a significant oversight in updating and enforcing cybersecurity protocols.”
“This re-emergence emphasises the need to shift from a purely reactive security posture to a more proactive, predictive, and preventative approach,” he said.
Most Notable Vulnerabilities
In a list of the top ten more exploited vulnerabilities, in first place was CVE-2024-21887: a command injection vulnerability in web components of Ivanti Connect Secure and Ivanti Policy Secure, which would allow an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
Another vulnerability affecting Ivanti Connect and Policy Secure Web,
CVE-2023-46805 which allows remote authentication bypass, was in second place.
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
