CVE-2024-21762 CVE-2024-3094 CVE-2024-3400 CVE-2024-6387 CVE-2023-5630 CVE-2019-11358 CVE-2024-38063 CVE-2024-4577 CVE-2024-23897 CVE-2024-21887 Most Mentioned CVEs on the Dark Web in 2024 Threat Snapshot 2 Key Findings 1 Blurring Boundaries 3 Vulnerability Intelligence 4 Stolen Access Credentials 6 Tips 7 Ransomware 5 Most of the vulnerabilities in the chart above were discovered and published in 2024 (i.e., they have a 2024 CVE identifier). However, the list also includes two older vulnerabilities, one from 2023 (CVE-2023-5630) and one from 2019 (CVE-2019-11358), indicating these vulnerabilities continue to catch the attention of threat actors, emphasizing the critical need for the timely patching of vulnerable systems. Systems that are not patched against these vulnerabilities are still exposed to potential exploitation of vulnerabilities that have long been known and fixable. Seven of the top ten most mentioned CVEs in 2024 have a critical CVSS score ranging from 9.1 to 10.0. This indicates that threat actors are focusing on and prefer to target vulnerabilities rated as critical because the exploitation of such vulnerabilities has a significant and severe impact. Many times, critical vulnerabilities allow attackers to gain control of targeted systems, and they are often easier to exploit. All seven critical vulnerabilities included in the top mentioned vulnerabilities list above could be exploited via remote code execution. 15 16% 15% 14% 13% 9% 8% 7% 6% 6% 6%