The Top Five Vulnerabilities Exploited in May 2024


As the cat-and-mouse game of vulnerabilities being discovered and threat actors exploiting them continues at a great pace, it’s more important than ever to stay informed about the top vulnerabilities being utilised by attackers. This helps businesses remain vigilant and focus on protecting their digital assets effectively. Vulnerability and patch management solutions are crucial in identifying and mitigating these threats. In May 2024, several critical vulnerabilities were actively exploited by attackers.

Daniel Russell, our Principal Threat Intelligence Analyst here at NormCyber, brings to light the top five vulnerabilities his threat intelligence team observed being exploited by threat actors last month. His insights shed light on the latest tactics used.

1. CVE-2024-24919: Information Disclosure in Check Point Security Gateway Devices

The most exploited vulnerability in May was CVE-2024-24919. This information disclosure vulnerability in Check Point Security Gateway devices allows attackers to access sensitive data. This vulnerability has been actively exploited since April 2024 and continues to be a significant threat.


2. CVE-2024-27130: Remote Code Execution in QNAP NAS Devices

Coming in second place is CVE-2024-27130, a remote code execution (RCE) vulnerability in QNAP NAS devices running the QTS operating system. This flaw permits unauthorised access, data theft, and disruption of services, making it a high-priority vulnerability for organisations using these devices.


3. CVE-2024-4947: Type Confusion in Google Chromium’s V8 Engine

The third most exploited vulnerability is CVE-2024-4947, a type confusion vulnerability in Google Chromium’s V8 engine. This allows attackers to execute arbitrary code. The widespread exploitation of this vulnerability led to its inclusion in the CISA Known Exploited Vulnerabilities Catalog in May 2024.


4. CVE-2024-4835: Cross-Site Scripting in GitLab

Ranked fourth is CVE-2024-4835, a cross-site scripting (XSS) vulnerability in GitLab. Threat actors have used this flaw to steal sensitive user information. GitLab quickly released patches to address this vulnerability, highlighting the importance of prompt patch management.


5. CVE-2024-4985: Authentication Bypass in GitHub Enterprise Server

Last but certainly not least is CVE-2024-4985, a critical authentication bypass vulnerability in GitHub Enterprise Server (GHES). This flaw allows attackers to gain unauthorised access to sensitive repositories, particularly affecting instances configured with SAML SSO authentication.


These vulnerabilities underscore the importance of timely patching to protect against exploitation. Here at Norm, our Vulnerability Patch Management service remotely correlates identified vulnerabilities with available patches, deploying them across an organisation’s endpoints regardless of their internet connection status. This ensures our clients maintain a secure security posture.

Staying ahead in the ever-evolving cyber security landscape requires continuous vigilance and proactive measures. By understanding and addressing these top vulnerabilities, organisations can better protect their digital assets and maintain robust security defences.


Written by Daniel Russell

Daniel Russell is a seasoned cyber security professional serving as the Principal Analyst for Threat Intelligence at NormCyber. With extensive experience in threat intelligence analysis, Daniel is dedicated to staying ahead of evolving cyber threats and developing effective mitigation strategies. His comprehensive understanding of emerging threats and strong analytical skills empower norm.’s clients to proactively defend against cyber attacks.