ISMS Status
Cumulative maturity scoring across all 9 ISMS Domains. Click any row in the Per-Domain table to jump to that Domain.
since last review
since last review
since last review
since last review
since last review
since last review
Per-Domain Detail
Evidence Coverage
Trends
Maturity scores and below-target counts across the last six review cycles. Placeholder data — replace with actual historical scoring once available.
Company-Wide Maturity Trend
Below Target Count — Company Trend
Per-Domain Current Score Trend
Govern Domain
38 Controls across 8 Objectives. Click any Objective or Control ID to view its full details.
since last review
since last review
since last review
since last review
since last review
since last review
Per-Objective Detail
Controls Below Target 7
Evidence Coverage
Identify Domain
41 Controls across 7 Objectives. Click any Objective or Control ID to view its full details.
since last review
since last review
since last review
since last review
since last review
since last review
Per-Objective Detail
Controls Below Target 15
Evidence Coverage
Protect Domain
61 Controls across 10 Objectives. Click any Objective or Control ID to view its full details.
since last review
since last review
since last review
since last review
since last review
since last review
Per-Objective Detail
Controls Below Target 22
Evidence Coverage
Detect Domain
26 Controls across 6 Objectives. Click any Objective or Control ID to view its full details.
since last review
since last review
since last review
since last review
since last review
since last review
Per-Objective Detail
Controls Below Target 5
Evidence Coverage
Respond Domain
26 Controls across 6 Objectives. Click any Objective or Control ID to view its full details.
since last review
since last review
since last review
since last review
since last review
since last review
Per-Objective Detail
Controls Below Target 3
Evidence Coverage
Recover Domain
23 Controls across 6 Objectives. Click any Objective or Control ID to view its full details.
since last review
since last review
since last review
since last review
since last review
since last review
Per-Objective Detail
Controls Below Target 4
Evidence Coverage
AppSec Domain
42 Controls across 8 Objectives. Click any Objective or Control ID to view its full details.
since last review
since last review
since last review
since last review
since last review
since last review
Per-Objective Detail
Controls Below Target 20
Evidence Coverage
AI Third Party Domain
32 Controls across 8 Objectives. Click any Objective or Control ID to view its full details.
since last review
since last review
since last review
since last review
since last review
since last review
Per-Objective Detail
Controls Below Target 15
Evidence Coverage
AI Internally Developed Domain
52 Controls across 10 Objectives. Click any Objective or Control ID to view its full details.
since last review
since last review
since last review
since last review
since last review
since last review
Per-Objective Detail
Controls Below Target 24
Evidence Coverage
Below Target
Every Control where Current is below Target — today's view. Sorted by Gap (largest first). Click any Control ID to view its full details. Pair with the Forecast tab to compare today's gap against the projected next-review gap.
Controls Below Target Across All Domains 115
Domain × Objective Maturity Heatmap
Click any cell to view that Objective's details.
Continuous Threat Exposure Management
Aligned with Gartner’s CTEM framework. Exposures (operational work queue), Threats (taxonomy), Validations (empirical evidence), Sources (data feeds). Single source of truth for the CTEM programme; downstream artefacts derive from this register.
CTEM Cycle
Exposures — Operational Queue
Sorted by lifecycle stage (active first) then priority. Click any row to expand. Filter below — defaults to active Critical/High.
EXP-KEV-0177External Remote Services (T1133)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0224Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0232External Remote Services (T1133)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2025-24472 | Fortinet FortiOS and FortiProxy | Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability | KEV added: 2025-03-18 | KEV due: 2025-04-08 | RANSOMWARE-LINKED | Mapping: Product match: 'fortios' → THR-005
EXP-KEV-0239Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0248Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0278External Remote Services (T1133)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2024-55591 | Fortinet FortiOS and FortiProxy | Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability | KEV added: 2025-01-14 | KEV due: 2025-01-21 | RANSOMWARE-LINKED | Mapping: Product match: 'fortios' → THR-005
EXP-KEV-0298Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2024-9474 | Palo Alto Networks PAN-OS | Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability | KEV added: 2024-11-18 | KEV due: 2024-12-09 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-77 → THR-010
EXP-KEV-0299External Remote Services (T1133)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2024-0012 | Palo Alto Networks PAN-OS | Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability | KEV added: 2024-11-18 | KEV due: 2024-12-09 | RANSOMWARE-LINKED | Mapping: Product match: 'vpn' → THR-005
EXP-KEV-0306Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0318Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0344Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0377Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0382Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0396Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0408Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2024-21338 | Microsoft Windows | Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability | KEV added: 2024-03-04 | KEV due: 2024-03-25 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018
EXP-KEV-0411Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0414Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0418Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2023-22527 | Atlassian Confluence Data Center and Server | Atlassian Confluence Data Center and Server Template Injection Vulnerability | KEV added: 2024-01-24 | KEV due: 2024-02-14 | RANSOMWARE-LINKED | Mapping: Product match: 'confluence' → THR-006
EXP-KEV-0457Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2023-22518 | Atlassian Confluence Data Center and Server | Atlassian Confluence Data Center and Server Improper Authorization Vulnerability | KEV added: 2023-11-07 | KEV due: 2023-11-28 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-863 → THR-009
EXP-KEV-0468Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2023-22515 | Atlassian Confluence Data Center and Server | Atlassian Confluence Data Center and Server Broken Access Control Vulnerability | KEV added: 2023-10-05 | KEV due: 2023-10-13 | RANSOMWARE-LINKED | Mapping: Product match: 'confluence' → THR-006
EXP-KEV-0499Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0524External Remote Services (T1133)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2023-27997 | Fortinet FortiOS and FortiProxy SSL-VPN | Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability | KEV added: 2023-06-13 | KEV due: 2023-07-04 | RANSOMWARE-LINKED | Mapping: Product match: 'vpn' → THR-005
EXP-KEV-0552Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2023-28252 | Microsoft Windows | Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability | KEV added: 2023-04-11 | KEV due: 2023-05-02 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018
EXP-KEV-0558Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0570Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0580Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2023-23376 | Microsoft Windows | Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability | KEV added: 2023-02-14 | KEV due: 2023-03-07 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018
EXP-KEV-0594External Remote Services (T1133)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0602Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0603Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0614External Remote Services (T1133)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0632Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0634External Remote Services (T1133)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2018-13374 | Fortinet FortiOS and FortiADC | Fortinet FortiOS and FortiADC Improper Access Control Vulnerability | KEV added: 2022-09-08 | KEV due: 2022-09-29 | RANSOMWARE-LINKED | Mapping: Product match: 'fortios' → THR-005
EXP-KEV-0667Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2022-30190 | Microsoft Windows | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | KEV added: 2022-06-14 | KEV due: 2022-07-05 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018
EXP-KEV-0699Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2022-26134 | Atlassian Confluence Server/Data Center | Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability | KEV added: 2022-06-02 | KEV due: 2022-06-06 | RANSOMWARE-LINKED | Mapping: Product match: 'confluence' → THR-006
EXP-KEV-0726Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0752Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0753Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0769Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0776Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0786Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0787Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2021-42278 | Microsoft Active Directory | Microsoft Active Directory Domain Services Privilege Escalation Vulnerability | KEV added: 2022-04-11 | KEV due: 2022-05-02 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0793Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0803User Execution (T1204)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0805Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2021-26085 | Atlassian Confluence Server | Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | RANSOMWARE-LINKED | Mapping: Product match: 'confluence' → THR-006
EXP-KEV-0808Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0809Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0814Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2016-0151 | Microsoft Client-Server Run-time Subsystem (CSRSS) | Microsoft Windows CSRSS Security Feature Bypass Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018
EXP-KEV-0825Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0832External Remote Services (T1133)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0856Web Shell (T1505.003)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0857Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0882Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2019-1405 | Microsoft Windows | Microsoft Windows Universal Plug and Play (UPnP) Service Privilege Escalation Vulnerability | KEV added: 2022-03-15 | KEV due: 2022-04-05 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018
EXP-KEV-0883Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0884Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0885Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0887Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2019-1129 | Microsoft Windows | Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability | KEV added: 2022-03-15 | KEV due: 2022-04-05 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018
EXP-KEV-0888Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2019-1064 | Microsoft Windows | Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability | KEV added: 2022-03-15 | KEV due: 2022-04-05 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018
EXP-KEV-0889Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2019-0841 | Microsoft Windows | Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability | KEV added: 2022-03-15 | KEV due: 2022-04-05 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018
EXP-KEV-0890Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0891Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0892Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0893Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0894Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0902Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0952Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0959Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0973Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0976Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0986Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0993Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0999Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1000Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1008Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2020-0787 | Microsoft Windows | Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability | KEV added: 2022-01-28 | KEV due: 2022-07-28 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-269 → THR-018
EXP-KEV-1014Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1030Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1032External Remote Services (T1133)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1033Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1034External Remote Services (T1133)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2019-1579 | Palo Alto Networks PAN-OS | Palo Alto Networks PAN-OS Remote Code Execution Vulnerability | KEV added: 2022-01-10 | KEV due: 2022-07-10 | RANSOMWARE-LINKED | Mapping: Product match: 'globalprotect' → THR-005
EXP-KEV-1039Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1055Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1070Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1071Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1106Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2021-26084 | Atlassian Confluence Server and Data Center | Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: Product match: 'confluence' → THR-006
EXP-KEV-1107Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2019-3396 | Atlassian Confluence Server and Data Server | Atlassian Confluence Server and Data Center Server-Side Template Injection Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-1138Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1139Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1171OS Credential Dumping (T1003)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2014-1812 | Microsoft Windows | Microsoft Windows Group Policy Preferences Password Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: Product match: 'active directory' → THR-024
EXP-KEV-1172Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1190Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2017-0143 | Microsoft Windows | Microsoft Windows Server Message Block (SMBv1) Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-1191Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1194Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1195Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1201Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1204OS Credential Dumping (T1003)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1205Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1211Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1215User Execution (T1204)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1224Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1233Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2021-36955 | Microsoft Windows | Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018
EXP-KEV-1418Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2024-30051 | Microsoft DWM Core Library | Microsoft DWM Core Library Privilege Escalation Vulnerability | KEV added: 2024-05-14 | KEV due: 2024-06-04 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1458Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2022-44698 | Microsoft Defender | Microsoft Defender SmartScreen Security Feature Bypass Vulnerability | KEV added: 2022-12-13 | KEV due: 2023-01-03 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1495Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2020-0638 | Microsoft Update Notification Manager | Microsoft Update Notification Manager Privilege Escalation Vulnerability | KEV added: 2022-05-23 | KEV due: 2022-06-13 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1512Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2018-8406 | Microsoft DirectX Graphics Kernel (DXGKRNL) | Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1513Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2018-8405 | Microsoft DirectX Graphics Kernel (DXGKRNL) | Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1530Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2019-1069 | Microsoft Task Scheduler | Microsoft Task Scheduler Privilege Escalation Vulnerability | KEV added: 2022-03-15 | KEV due: 2022-04-05 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1572Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2019-11580 | Atlassian Crowd and Crowd Data Center | Atlassian Crowd and Crowd Data Center Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1581Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2016-0167 | Microsoft Win32k | Microsoft Win32k Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1592Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2020-1472 | Microsoft Netlogon | Microsoft Netlogon Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-0002Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0006Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0007Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0008External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0010Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0011Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0013Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0017Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0018Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0021Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0022Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0031Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0033Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0035Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0036Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0040Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0045Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0046Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0047Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0051Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0052Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0057Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0058Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0059Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0068Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0069Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0071Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0073Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0074Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0075Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0076Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0077Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0078User Execution (T1204)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0085External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2026-24858 | Fortinet Multiple Products | Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability | KEV added: 2026-01-27 | KEV due: 2026-01-30 | Mapping: Product match: 'fortios' → THR-005
EXP-KEV-0086Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0088User Execution (T1204)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0093Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0095Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0102External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2025-59718 | Fortinet Multiple Products | Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability | KEV added: 2025-12-16 | KEV due: 2025-12-23 | Mapping: Product match: 'fortios' → THR-005
EXP-KEV-0103Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0105Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0107Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0110Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0111Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0113Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0114External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0115Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0122Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2025-59287 | Microsoft Windows | Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability | KEV added: 2025-10-24 | KEV due: 2025-11-14 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0123Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0124Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0127Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0128Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0132Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0133Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0134Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0135Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0149Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0150Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0158Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0161User Execution (T1204)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0162Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0164Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0168SQL Injection (T1190 (Web))HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0174Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0178Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0179Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0181Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0182Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0185Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0203External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0204Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0205Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0206Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0207Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0208Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0213Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0218OS Credential Dumping (T1003)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0219Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0220Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0222Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0223Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0226Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0227Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0233Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0234Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0235Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0236Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0237Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0238Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0246Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0255External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0257External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0260Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0263Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0264Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0267Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0268Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0271Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0275Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0276Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0277Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0283External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0289Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0291Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0296Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0297Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0301SQL Injection (T1190 (Web))HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0302Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0303Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0305OS Credential Dumping (T1003)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0308Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0309External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0321External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0322Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0323Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0328Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0332Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0339Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0341User Execution (T1204)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0342Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0343User Execution (T1204)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0349Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0351Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0354Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0359Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0360Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0361Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0362Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0363Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0364Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0366Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0367Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0372Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0373Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0375Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0384Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0387Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0388Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0389Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0390Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0391Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0395Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0397Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0404Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0405Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0412Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0415Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0416Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0419Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0422Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0430Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0431Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0442Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0443Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0444Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0446Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0448Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0449Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0450Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0464Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0466Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0467Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0470Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0471Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2023-28229 | Microsoft Windows CNG Key Isolation Service | Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability | KEV added: 2023-10-04 | KEV due: 2023-10-25 | Mapping: Product match: 'windows' → THR-018
EXP-KEV-0473Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0475Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0476Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0477Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0481Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0482Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0484Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0485Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0486Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0487Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0496Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0501Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0502Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0503Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0504Spear Phishing Attachment (T1566.001)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0505Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0508Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0509Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0514Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0515Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0516Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0525Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0531Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0532Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0533Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0539Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0540Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0542Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0543Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0546Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0548Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0549Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0550Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0553Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0554Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0564Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0566Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0567Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0569Spear Phishing Attachment (T1566.001)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0571Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0579Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0581Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0582Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0590Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0593Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0598Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0600Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0601Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0604Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0605Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0608Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0609Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0613Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0615Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2022-41033 | Microsoft Windows COM+ Event System Service | Microsoft Windows COM+ Event System Service Privilege Escalation Vulnerability | KEV added: 2022-10-11 | KEV due: 2022-11-01 | Mapping: Product match: 'windows' → THR-018
EXP-KEV-0618Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0621Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0623Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0624Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0625Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0626Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2022-37969 | Microsoft Windows | Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability | KEV added: 2022-09-14 | KEV due: 2022-10-05 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0627Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0628Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0629Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0630Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0635Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0643Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0646External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0647Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0648Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0649Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0650OS Credential Dumping (T1003)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0651Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0652External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0654Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0656Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0657Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0658OS Credential Dumping (T1003)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0660Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0662Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0663Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0664Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0665Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0666Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0673Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0675Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0676Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0677Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0679Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0680Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0681Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0682Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0683Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0685Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0688Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2012-0151 | Microsoft Windows | Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0689Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0691Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0692Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0694Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0695Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0696Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0697Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0698Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0700Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0701Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0706Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0707Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0709Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0712Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0713User Execution (T1204)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0714Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0716Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0718Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0722Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0727Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0729Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0732Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0733Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0734Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0738Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0739Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0740Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0741Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0742Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0743Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0744Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0745Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0746Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0747Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0755Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0761Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0762Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0763Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0766Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0767Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0790Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0792Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0795Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0796Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0797Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0798Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0801Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0804Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0810Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0811Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0812Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0815Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0816Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0818User Execution (T1204)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0819Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0823Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2011-2005 | Microsoft Ancillary Function Driver (afd.sys) | Microsoft Ancillary Function Driver (afd.sys) Improper Input Validation Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | Mapping: Product match: 'windows' → THR-018
EXP-KEV-0824Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0827Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0836Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0843Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0844Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0855Web Shell (T1505.003)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0861Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0866Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0868Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0869Steal Kerberos Tickets (T1558)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2014-6324 | Microsoft Kerberos Key Distribution Center (KDC) | Microsoft Kerberos Key Distribution Center (KDC) Privilege Escalation Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: Product match: 'kerberos' → THR-027
EXP-KEV-0872Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0881Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0886Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0899Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2019-11581 | Atlassian Jira Server and Data Center | Atlassian Jira Server and Data Center Server-Side Template Injection Vulnerability | KEV added: 2022-03-07 | KEV due: 2022-09-07 | Mapping: Product match: 'jira' → THR-006
EXP-KEV-0903Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0922Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0941Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0943Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0944Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0947Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0948Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0949Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0956Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0957Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0958Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0960Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0961Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0962Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0963Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0966Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0967Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0971Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0972Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0974Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0975Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0977Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0978Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0980User Execution (T1204)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0982Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0985Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0989Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0990Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0991Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0992Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0996Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0997Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-0998User Execution (T1204)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1002Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1003Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1004Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1005Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1006Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1029Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1031Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1040Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1041Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1044External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1054Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1057User Execution (T1204)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1062Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1066Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1067Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1072Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1078Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1079Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1080Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1081Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1082Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1083Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1084Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1085Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1086Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1087Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1088Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1089Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1090Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1091Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1092Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1093Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1094Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1095Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1096Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1097Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1098Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1099Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1100Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1105Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2019-3398 | Atlassian Confluence Server and Data Center | Atlassian Confluence Server and Data Center Path Traversal Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-1125Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1126Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1137External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1140Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1142Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1143Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1144Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1145Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1146Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1147Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1148Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1149Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1150Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1151Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1152Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1153Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1154Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1155Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1156Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1157Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1158Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1159Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1160Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1161Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1173Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1174Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1175Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1176Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1177Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1178Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1179Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1180Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1181Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1182Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1184Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1185Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1187Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1188Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1193Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1198Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1199Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1202Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1206Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1207Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1209User Execution (T1204)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1210Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1213User Execution (T1204)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1218Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1223Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1225Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1226Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1230Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1231User Execution (T1204)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1232Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
EXP-KEV-1306Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2009-1537 | Microsoft DirectX | Microsoft DirectX NULL Byte Overwrite Vulnerability | KEV added: 2026-05-20 | KEV due: 2026-06-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1308Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2026-41091 | Microsoft Defender | Microsoft Defender Link Following Vulnerability | KEV added: 2026-05-20 | KEV due: 2026-06-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1309Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2026-45498 | Microsoft Defender | Microsoft Defender Denial of Service Vulnerability | KEV added: 2026-05-20 | KEV due: 2026-06-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1311Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2026-33825 | Microsoft Defender | Microsoft Defender Insufficient Granularity of Access Control Vulnerability | KEV added: 2026-04-22 | KEV due: 2026-05-06 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1316Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2012-1854 | Microsoft Visual Basic for Applications (VBA) | Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability | KEV added: 2026-04-13 | KEV due: 2026-04-27 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1317Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2026-34621 | Adobe Acrobat and Reader | Adobe Acrobat and Reader Prototype Pollution Vulnerability | KEV added: 2026-04-13 | KEV due: 2026-04-27 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1337Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2022-37055 | D-Link Routers | D-Link Routers Buffer Overflow Vulnerability | KEV added: 2025-12-08 | KEV due: 2025-12-29 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1340Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2025-13223 | Google Chromium V8 | Google Chromium V8 Type Confusion Vulnerability | KEV added: 2025-11-19 | KEV due: 2025-12-10 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1352Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2025-10585 | Google Chromium V8 | Google Chromium V8 Type Confusion Vulnerability | KEV added: 2025-09-23 | KEV due: 2025-10-14 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1359Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2020-25078 | D-Link DCS-2530L and DCS-2670L Devices | D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability | KEV added: 2025-08-05 | KEV due: 2025-08-26 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1360Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2022-40799 | D-Link DNR-322L | D-Link DNR-322L Download of Code Without Integrity Check Vulnerability | KEV added: 2025-08-05 | KEV due: 2025-08-26 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1390Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2024-29059 | Microsoft .NET Framework | Microsoft .NET Framework Information Disclosure Vulnerability | KEV added: 2025-02-04 | KEV due: 2025-02-25 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1417Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2024-4947 | Google Chromium V8 | Google Chromium V8 Type Confusion Vulnerability | KEV added: 2024-05-20 | KEV due: 2024-06-10 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1419Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2024-29988 | Microsoft SmartScreen Prompt | Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability | KEV added: 2024-04-30 | KEV due: 2024-05-21 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1421Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2024-3272 | D-Link Multiple NAS Devices | D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability | KEV added: 2024-04-11 | KEV due: 2024-05-02 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1423Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2023-29360 | Microsoft Streaming Service | Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability | KEV added: 2024-02-29 | KEV due: 2024-03-21 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1438Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2023-36761 | Microsoft Word | Microsoft Word Information Disclosure Vulnerability | KEV added: 2023-09-12 | KEV due: 2023-10-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1446Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2016-0165 | Microsoft Win32k | Microsoft Win32k Privilege Escalation Vulnerability | KEV added: 2023-06-22 | KEV due: 2023-07-13 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1467Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2011-4723 | D-Link DIR-300 Router | D-Link DIR-300 Router Cleartext Storage of a Password Vulnerability | KEV added: 2022-09-08 | KEV due: 2022-09-29 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1473Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2018-4990 | Adobe Acrobat and Reader | Adobe Acrobat and Reader Double Free Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1475Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2009-4324 | Adobe Acrobat and Reader | Adobe Acrobat and Reader Use-After-Free Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1476Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2008-0655 | Adobe Acrobat and Reader | Adobe Acrobat and Reader Unspecified Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1477Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2006-2492 | Microsoft Word | Microsoft Word Malformed Object Pointer Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1490Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2017-0022 | Microsoft XML Core Services | Microsoft XML Core Services Information Disclosure Vulnerability | KEV added: 2022-05-24 | KEV due: 2022-06-14 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1498Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2021-1789 | Apple Multiple Products | Apple Multiple Products Type Confusion Vulnerability | KEV added: 2022-05-04 | KEV due: 2022-05-25 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1499Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2019-8506 | Apple Multiple Products | Apple Multiple Products Type Confusion Vulnerability | KEV added: 2022-05-04 | KEV due: 2022-05-25 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1500Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2014-4113 | Microsoft Win32k | Microsoft Win32k Privilege Escalation Vulnerability | KEV added: 2022-05-04 | KEV due: 2022-05-25 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1501Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2021-41357 | Microsoft Win32k | Microsoft Win32k Privilege Escalation Vulnerability | KEV added: 2022-04-25 | KEV due: 2022-05-16 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1502Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2021-40450 | Microsoft Win32k | Microsoft Win32k Privilege Escalation Vulnerability | KEV added: 2022-04-25 | KEV due: 2022-05-16 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1515Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2013-2729 | Adobe Reader and Acrobat | Adobe Reader and Acrobat Arbitrary Integer Overflow Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1518Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2012-2539 | Microsoft Word | Microsoft Word Remote Code Execution Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1540Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2019-1297 | Microsoft Excel | Microsoft Excel Remote Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1544Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2014-0496 | Adobe Reader and Acrobat | Adobe Reader and Acrobat Use-After-Free Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1546Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2013-0641 | Adobe Reader | Adobe Reader Buffer Overflow Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1557Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2015-1130 | Apple OS X | Apple OS X Authentication Bypass Vulnerability | KEV added: 2022-02-10 | KEV due: 2022-08-10 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1570Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2021-21017 | Adobe Acrobat and Reader | Adobe Acrobat and Reader Heap-based Buffer Overflow Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1582Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2021-1647 | Microsoft Defender | Microsoft Defender Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1583Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2021-31199 | Microsoft Enhanced Cryptographic Provider | Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1584Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2021-31201 | Microsoft Enhanced Cryptographic Provider | Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1587Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2016-7255 | Microsoft Win32k | Microsoft Win32k Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1588Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2019-0803 | Microsoft Win32k | Microsoft Win32k Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1589Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2019-0859 | Microsoft Win32k | Microsoft Win32k Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1590Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2019-0797 | Microsoft Win32k | Microsoft Win32k Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1593Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2020-0646 | Microsoft .NET Framework | Microsoft .NET Framework Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1594Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Treating Controls
Detection Controls
CVE: CVE-2019-0808 | Microsoft Win32k | Microsoft Win32k Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-0004Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'check point' (in 'Check Point Security Gateway') | CVE: CVE-2026-50751 | Check Point Security Gateway | Check Point Security Gateway Improper Authentication Vulnerability | KEV added: 2026-06-08 | KEV due: 2026-06-11 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-287 → THR-009
EXP-KEV-0019External Remote Services (T1133)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'webpros' (in 'WebPros cPanel & WHM and WP2 (WordPress Squared)') | CVE: CVE-2026-41940 | WebPros cPanel & WHM and WP2 (WordPress Squared) | WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability | KEV added: 2026-04-30 | KEV due: 2026-05-03 | RANSOMWARE-LINKED | Mapping: Product match: 'rdp' → THR-005
EXP-KEV-0020Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'connectwise' (in 'ConnectWise ScreenConnect') | CVE: CVE-2024-1708 | ConnectWise ScreenConnect | ConnectWise ScreenConnect Path Traversal Vulnerability | KEV added: 2026-04-28 | KEV due: 2026-05-12 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0024Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'simplehelp' (in 'SimpleHelp SimpleHelp') | CVE: CVE-2024-57728 | SimpleHelp SimpleHelp | SimpleHelp Path Traversal Vulnerability | KEV added: 2026-04-24 | KEV due: 2026-05-08 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0025Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'simplehelp' (in 'SimpleHelp SimpleHelp') | CVE: CVE-2024-57726 | SimpleHelp SimpleHelp | SimpleHelp Missing Authorization Vulnerability | KEV added: 2026-04-24 | KEV due: 2026-05-08 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-862 → THR-009
EXP-KEV-0027Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'papercut' (in 'PaperCut NG/MF') | CVE: CVE-2023-27351 | PaperCut NG/MF | PaperCut NG/MF Improper Authentication Vulnerability | KEV added: 2026-04-20 | KEV due: 2026-05-04 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-287 → THR-009
EXP-KEV-0034Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft exchange' (in 'Microsoft Exchange Server') | CVE: CVE-2023-21529 | Microsoft Exchange Server | Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability | KEV added: 2026-04-13 | KEV due: 2026-04-27 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0048Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Secure Firewall Management Center (FMC)') | CVE: CVE-2026-20131 | Cisco Secure Firewall Management Center (FMC) | Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability | KEV added: 2026-03-19 | KEV due: 2026-03-22 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0070Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'beyondtrust' (in 'BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)') | CVE: CVE-2026-1731 | BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) | BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability | KEV added: 2026-02-13 | KEV due: 2026-02-16 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0087Web Shell (T1505.003)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'smartertools' (in 'SmarterTools SmarterMail') | CVE: CVE-2025-52691 | SmarterTools SmarterMail | SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability | KEV added: 2026-01-26 | KEV due: 2026-02-16 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-434 → THR-017
EXP-KEV-0125Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle E-Business Suite') | CVE: CVE-2025-61884 | Oracle E-Business Suite | Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability | KEV added: 2025-10-20 | KEV due: 2025-11-10 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-918 → THR-006
EXP-KEV-0143Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'fortra' (in 'Fortra GoAnywhere MFT') | CVE: CVE-2025-10035 | Fortra GoAnywhere MFT | Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability | KEV added: 2025-09-29 | KEV due: 2025-10-20 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0165Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft sharepoint' (in 'Microsoft SharePoint') | CVE: CVE-2025-49704 | Microsoft SharePoint | Microsoft SharePoint Code Injection Vulnerability | KEV added: 2025-07-22 | KEV due: 2025-07-23 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-0166Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft sharepoint' (in 'Microsoft SharePoint') | CVE: CVE-2025-49706 | Microsoft SharePoint | Microsoft SharePoint Improper Authentication Vulnerability | KEV added: 2025-07-22 | KEV due: 2025-07-23 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-287 → THR-009
EXP-KEV-0167Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft sharepoint' (in 'Microsoft SharePoint') | CVE: CVE-2025-53770 | Microsoft SharePoint | Microsoft SharePoint Deserialization of Untrusted Data Vulnerability | KEV added: 2025-07-20 | KEV due: 2025-07-21 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0169Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'citrix' (in 'Citrix NetScaler ADC and Gateway') | CVE: CVE-2025-5777 | Citrix NetScaler ADC and Gateway | Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability | KEV added: 2025-07-10 | KEV due: 2025-07-11 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-125 → THR-018
EXP-KEV-0215Web Shell (T1505.003)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sap' (in 'SAP NetWeaver') | CVE: CVE-2025-31324 | SAP NetWeaver | SAP NetWeaver Unrestricted File Upload Vulnerability | KEV added: 2025-04-29 | KEV due: 2025-05-20 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-434 → THR-017
EXP-KEV-0225External Remote Services (T1133)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Connect Secure, Policy Secure, and ZTA Gateways') | CVE: CVE-2025-22457 | Ivanti Connect Secure, Policy Secure, and ZTA Gateways | Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability | KEV added: 2025-04-04 | KEV due: 2025-04-11 | RANSOMWARE-LINKED | Mapping: Product match: 'ivanti' → THR-005
EXP-KEV-0258Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sonicwall' (in 'SonicWall SonicOS') | CVE: CVE-2024-53704 | SonicWall SonicOS | SonicWall SonicOS SSLVPN Improper Authentication Vulnerability | KEV added: 2025-02-18 | KEV due: 2025-03-11 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-287 → THR-009
EXP-KEV-0259Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'simplehelp' (in 'SimpleHelp SimpleHelp') | CVE: CVE-2024-57727 | SimpleHelp SimpleHelp | SimpleHelp Path Traversal Vulnerability | KEV added: 2025-02-13 | KEV due: 2025-03-06 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0272Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sonicwall' (in 'SonicWall SMA1000 Appliances') | CVE: CVE-2025-23006 | SonicWall SMA1000 Appliances | SonicWall SMA1000 Appliances Deserialization Vulnerability | KEV added: 2025-01-24 | KEV due: 2025-02-14 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0280External Remote Services (T1133)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Connect Secure, Policy Secure, and ZTA Gateways') | CVE: CVE-2025-0282 | Ivanti Connect Secure, Policy Secure, and ZTA Gateways | Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability | KEV added: 2025-01-08 | KEV due: 2025-01-15 | RANSOMWARE-LINKED | Mapping: Product match: 'ivanti' → THR-005
EXP-KEV-0281Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'mitel' (in 'Mitel MiCollab') | CVE: CVE-2024-55550 | Mitel MiCollab | Mitel MiCollab Path Traversal Vulnerability | KEV added: 2025-01-07 | KEV due: 2025-01-28 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0282Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'mitel' (in 'Mitel MiCollab') | CVE: CVE-2024-41713 | Mitel MiCollab | Mitel MiCollab Path Traversal Vulnerability | KEV added: 2025-01-07 | KEV due: 2025-01-28 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0288PowerShell Abuse (T1059.001)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cleo' (in 'Cleo Multiple Products') | CVE: CVE-2024-55956 | Cleo Multiple Products | Cleo Multiple Products Unauthenticated File Upload Vulnerability | KEV added: 2024-12-17 | KEV due: 2025-01-07 | RANSOMWARE-LINKED | Mapping: Product match: 'powershell' → THR-011
EXP-KEV-0290Web Shell (T1505.003)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cleo' (in 'Cleo Multiple Products') | CVE: CVE-2024-50623 | Cleo Multiple Products | Cleo Multiple Products Unrestricted File Upload Vulnerability | KEV added: 2024-12-13 | KEV due: 2025-01-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-434 → THR-017
EXP-KEV-0292Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'zyxel' (in 'Zyxel Multiple Firewalls') | CVE: CVE-2024-11667 | Zyxel Multiple Firewalls | Zyxel Multiple Firewalls Path Traversal Vulnerability | KEV added: 2024-12-03 | KEV due: 2024-12-24 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0294External Remote Services (T1133)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'array networks' (in 'Array Networks AG/vxAG ArrayOS') | CVE: CVE-2023-28461 | Array Networks AG/vxAG ArrayOS | Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability | KEV added: 2024-11-25 | KEV due: 2024-12-16 | RANSOMWARE-LINKED | Mapping: Product match: 'vpn' → THR-005
EXP-KEV-0315Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft sharepoint' (in 'Microsoft SharePoint') | CVE: CVE-2024-38094 | Microsoft SharePoint | Microsoft SharePoint Deserialization Vulnerability | KEV added: 2024-10-22 | KEV due: 2024-11-12 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0316Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'veeam' (in 'Veeam Backup & Replication') | CVE: CVE-2024-40711 | Veeam Backup & Replication | Veeam Backup and Replication Deserialization Vulnerability | KEV added: 2024-10-17 | KEV due: 2024-11-07 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0317Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'mozilla' (in 'Mozilla Firefox') | CVE: CVE-2024-9680 | Mozilla Firefox | Mozilla Firefox Use-After-Free Vulnerability | KEV added: 2024-10-15 | KEV due: 2024-11-05 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-416 → THR-018
EXP-KEV-0338SQL Injection (T1190 (Web))CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'progress' (in 'Progress WhatsUp Gold') | CVE: CVE-2024-6670 | Progress WhatsUp Gold | Progress WhatsUp Gold SQL Injection Vulnerability | KEV added: 2024-09-16 | KEV due: 2024-10-07 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-89 → THR-059
EXP-KEV-0357Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'jenkins' (in 'Jenkins Jenkins Command Line Interface (CLI)') | CVE: CVE-2024-23897 | Jenkins Jenkins Command Line Interface (CLI) | Jenkins Command Line Interface (CLI) Path Traversal Vulnerability | KEV added: 2024-08-19 | KEV due: 2024-09-09 | RANSOMWARE-LINKED | Mapping: Product match: 'jenkins' → THR-006
EXP-KEV-0368OS Credential Dumping (T1003)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'vmware' (in 'VMware ESXi') | CVE: CVE-2024-37085 | VMware ESXi | VMware ESXi Authentication Bypass Vulnerability | KEV added: 2024-07-30 | KEV due: 2024-08-20 | RANSOMWARE-LINKED | Mapping: Product match: 'active directory' → THR-024
EXP-KEV-0379Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'php' (in 'PHP Group PHP') | CVE: CVE-2024-4577 | PHP Group PHP | PHP-CGI OS Command Injection Vulnerability | KEV added: 2024-06-12 | KEV due: 2024-07-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0383External Remote Services (T1133)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'check point' (in 'Check Point Quantum Security Gateways') | CVE: CVE-2024-24919 | Check Point Quantum Security Gateways | Check Point Quantum Security Gateways Information Disclosure Vulnerability | KEV added: 2024-05-30 | KEV due: 2024-06-20 | RANSOMWARE-LINKED | Mapping: Product match: 'vpn' → THR-005
EXP-KEV-0386Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'nextgen' (in 'NextGen Healthcare Mirth Connect') | CVE: CVE-2023-43208 | NextGen Healthcare Mirth Connect | NextGen Healthcare Mirth Connect Deserialization of Untrusted Data Vulnerability | KEV added: 2024-05-20 | KEV due: 2024-06-10 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0400Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft sharepoint' (in 'Microsoft SharePoint Server') | CVE: CVE-2023-24955 | Microsoft SharePoint Server | Microsoft SharePoint Server Code Injection Vulnerability | KEV added: 2024-03-26 | KEV due: 2024-04-16 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-0402Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA)') | CVE: CVE-2021-44529 | Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) | Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability | KEV added: 2024-03-25 | KEV due: 2024-04-15 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-0403SQL Injection (T1190 (Web))CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'forticlient' (in 'Fortinet FortiClient EMS') | CVE: CVE-2023-48788 | Fortinet FortiClient EMS | Fortinet FortiClient EMS SQL Injection Vulnerability | KEV added: 2024-03-25 | KEV due: 2024-04-15 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-89 → THR-059
EXP-KEV-0409External Remote Services (T1133)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)') | CVE: CVE-2020-3259 | Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) | Cisco ASA and FTD Information Disclosure Vulnerability | KEV added: 2024-02-15 | KEV due: 2024-03-07 | RANSOMWARE-LINKED | Mapping: Product match: 'vpn' → THR-005
EXP-KEV-0417Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Connect Secure, Policy Secure, and Neurons') | CVE: CVE-2024-21893 | Ivanti Connect Secure, Policy Secure, and Neurons | Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability | KEV added: 2024-01-31 | KEV due: 2024-02-02 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-918 → THR-006
EXP-KEV-0421Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core') | CVE: CVE-2023-35082 | Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core | Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability | KEV added: 2024-01-18 | KEV due: 2024-02-08 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-287 → THR-009
EXP-KEV-0426Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft sharepoint' (in 'Microsoft SharePoint Server') | CVE: CVE-2023-29357 | Microsoft SharePoint Server | Microsoft SharePoint Server Privilege Escalation Vulnerability | KEV added: 2024-01-10 | KEV due: 2024-01-31 | RANSOMWARE-LINKED | Mapping: Product match: 'sharepoint' → THR-006
EXP-KEV-0427Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Connect Secure and Policy Secure') | CVE: CVE-2023-46805 | Ivanti Connect Secure and Policy Secure | Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability | KEV added: 2024-01-10 | KEV due: 2024-01-22 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-287 → THR-009
EXP-KEV-0428Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Connect Secure and Policy Secure') | CVE: CVE-2024-21887 | Ivanti Connect Secure and Policy Secure | Ivanti Connect Secure and Policy Secure Command Injection Vulnerability | KEV added: 2024-01-10 | KEV due: 2024-01-22 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-77 → THR-010
EXP-KEV-0433Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe coldfusion' (in 'Adobe ColdFusion') | CVE: CVE-2023-29300 | Adobe ColdFusion | Adobe ColdFusion Deserialization of Untrusted Data Vulnerability | KEV added: 2024-01-08 | KEV due: 2024-01-29 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0434Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe coldfusion' (in 'Adobe ColdFusion') | CVE: CVE-2023-38203 | Adobe ColdFusion | Adobe ColdFusion Deserialization of Untrusted Data Vulnerability | KEV added: 2024-01-08 | KEV due: 2024-01-29 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0438Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'qlik' (in 'Qlik Sense') | CVE: CVE-2023-41266 | Qlik Sense | Qlik Sense Path Traversal Vulnerability | KEV added: 2023-12-07 | KEV due: 2023-12-28 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0451Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sysaid' (in 'SysAid SysAid Server') | CVE: CVE-2023-47246 | SysAid SysAid Server | SysAid Server Path Traversal Vulnerability | KEV added: 2023-11-13 | KEV due: 2023-12-04 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0458Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'apache activemq' (in 'Apache ActiveMQ') | CVE: CVE-2023-46604 | Apache ActiveMQ | Apache ActiveMQ Deserialization of Untrusted Data Vulnerability | KEV added: 2023-11-02 | KEV due: 2023-11-23 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0462Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'citrix' (in 'Citrix NetScaler ADC and NetScaler Gateway') | CVE: CVE-2023-4966 | Citrix NetScaler ADC and NetScaler Gateway | Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability | KEV added: 2023-10-18 | KEV due: 2023-11-08 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-119 → THR-018
EXP-KEV-0469Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'progress' (in 'Progress WS_FTP Server') | CVE: CVE-2023-40044 | Progress WS_FTP Server | Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability | KEV added: 2023-10-05 | KEV due: 2023-10-26 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0480Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'zyxel' (in 'Zyxel EMG2926 Routers') | CVE: CVE-2017-6884 | Zyxel EMG2926 Routers | Zyxel EMG2926 Routers Command Injection Vulnerability | KEV added: 2023-09-18 | KEV due: 2023-10-09 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0483External Remote Services (T1133)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Adaptive Security Appliance and Firepower Threat Defense') | CVE: CVE-2023-20269 | Cisco Adaptive Security Appliance and Firepower Threat Defense | Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability | KEV added: 2023-09-13 | KEV due: 2023-10-04 | RANSOMWARE-LINKED | Mapping: Product match: 'vpn' → THR-005
EXP-KEV-0490Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Sentry') | CVE: CVE-2023-38035 | Ivanti Sentry | Ivanti Sentry Authentication Bypass Vulnerability | KEV added: 2023-08-22 | KEV due: 2023-09-12 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-863 → THR-009
EXP-KEV-0491Ransomware (Data Encrypted) (T1486)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'veeam' (in 'Veeam Backup & Replication') | CVE: CVE-2023-27532 | Veeam Backup & Replication | Veeam Backup & Replication Cloud Connect Missing Authentication for Critical Function Vulnerability | KEV added: 2023-08-22 | KEV due: 2023-09-12 | RANSOMWARE-LINKED | Mapping: Product match: 'veeam' → THR-040
EXP-KEV-0497Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Endpoint Manager Mobile (EPMM)') | CVE: CVE-2023-35078 | Ivanti Endpoint Manager Mobile (EPMM) | Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability | KEV added: 2023-07-25 | KEV due: 2023-08-15 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-287 → THR-009
EXP-KEV-0498Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'citrix' (in 'Citrix NetScaler ADC and NetScaler Gateway') | CVE: CVE-2023-3519 | Citrix NetScaler ADC and NetScaler Gateway | Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability | KEV added: 2023-07-19 | KEV due: 2023-08-09 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-0506Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'netwrix' (in 'Netwrix Auditor') | CVE: CVE-2022-31199 | Netwrix Auditor | Netwrix Auditor Insecure Object Deserialization Vulnerability | KEV added: 2023-07-11 | KEV due: 2023-08-01 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0528SQL Injection (T1190 (Web))CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'progress' (in 'Progress MOVEit Transfer') | CVE: CVE-2023-34362 | Progress MOVEit Transfer | Progress MOVEit Transfer SQL Injection Vulnerability | KEV added: 2023-06-02 | KEV due: 2023-06-23 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-89 → THR-059
EXP-KEV-0545Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'apache log4j' (in 'Apache Log4j2') | CVE: CVE-2021-45046 | Apache Log4j2 | Apache Log4j2 Deserialization of Untrusted Data Vulnerability | KEV added: 2023-05-01 | KEV due: 2023-05-22 | RANSOMWARE-LINKED | Mapping: Product match: 'apache' → THR-006
EXP-KEV-0555Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'veritas' (in 'Veritas Backup Exec Agent') | CVE: CVE-2021-27876 | Veritas Backup Exec Agent | Veritas Backup Exec Agent File Access Vulnerability | KEV added: 2023-04-07 | KEV due: 2023-04-28 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-287 → THR-009
EXP-KEV-0556Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'veritas' (in 'Veritas Backup Exec Agent') | CVE: CVE-2021-27877 | Veritas Backup Exec Agent | Veritas Backup Exec Agent Improper Authentication Vulnerability | KEV added: 2023-04-07 | KEV due: 2023-04-28 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-287 → THR-009
EXP-KEV-0557Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'veritas' (in 'Veritas Backup Exec Agent') | CVE: CVE-2021-27878 | Veritas Backup Exec Agent | Veritas Backup Exec Agent Command Execution Vulnerability | KEV added: 2023-04-07 | KEV due: 2023-04-28 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-287 → THR-009
EXP-KEV-0561Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0576Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ibm' (in 'IBM Aspera Faspex') | CVE: CVE-2022-47986 | IBM Aspera Faspex | IBM Aspera Faspex Code Execution Vulnerability | KEV added: 2023-02-21 | KEV due: 2023-03-14 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0577Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'mitel' (in 'Mitel MiVoice Connect') | CVE: CVE-2022-41223 | Mitel MiVoice Connect | Mitel MiVoice Connect Code Injection Vulnerability | KEV added: 2023-02-21 | KEV due: 2023-03-14 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-0578Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'mitel' (in 'Mitel MiVoice Connect') | CVE: CVE-2022-40765 | Mitel MiVoice Connect | Mitel MiVoice Connect Command Injection Vulnerability | KEV added: 2023-02-21 | KEV due: 2023-03-14 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-77 → THR-010
EXP-KEV-0583Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'intel' (in 'Intel Ethernet Diagnostics Driver for Windows') | CVE: CVE-2015-2291 | Intel Ethernet Diagnostics Driver for Windows | Intel Ethernet Diagnostics Driver for Windows Denial-of-Service Vulnerability | KEV added: 2023-02-10 | KEV due: 2023-03-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0584Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'fortra' (in 'Fortra GoAnywhere MFT') | CVE: CVE-2023-0669 | Fortra GoAnywhere MFT | Fortra GoAnywhere MFT Remote Code Execution Vulnerability | KEV added: 2023-02-10 | KEV due: 2023-03-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0586Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'telerik' (in 'Telerik User Interface (UI) for ASP.NET AJAX') | CVE: CVE-2017-11357 | Telerik User Interface (UI) for ASP.NET AJAX | Telerik UI for ASP.NET AJAX Insecure Direct Object Reference Vulnerability | KEV added: 2023-01-26 | KEV due: 2023-02-16 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0587Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'zoho' (in 'Zoho ManageEngine') | CVE: CVE-2022-47966 | Zoho ManageEngine | Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability | KEV added: 2023-01-23 | KEV due: 2023-02-13 | RANSOMWARE-LINKED | Mapping: Product match: 'apache' → THR-006
EXP-KEV-0589Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft exchange' (in 'Microsoft Exchange Server') | CVE: CVE-2022-41080 | Microsoft Exchange Server | Microsoft Exchange Server Privilege Escalation Vulnerability | KEV added: 2023-01-10 | KEV due: 2023-01-31 | RANSOMWARE-LINKED | Mapping: Product match: 'exchange' → THR-006
EXP-KEV-0596Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'veeam' (in 'Veeam Backup & Replication') | CVE: CVE-2022-26500 | Veeam Backup & Replication | Veeam Backup & Replication Remote Code Execution Vulnerability | KEV added: 2022-12-13 | KEV due: 2023-01-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0597Ransomware (Data Encrypted) (T1486)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'veeam' (in 'Veeam Backup & Replication') | CVE: CVE-2022-26501 | Veeam Backup & Replication | Veeam Backup & Replication Remote Code Execution Vulnerability | KEV added: 2022-12-13 | KEV due: 2023-01-03 | RANSOMWARE-LINKED | Mapping: Product match: 'veeam' → THR-040
EXP-KEV-0610Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco AnyConnect Secure') | CVE: CVE-2020-3433 | Cisco AnyConnect Secure | Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability | KEV added: 2022-10-24 | KEV due: 2022-11-14 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018
EXP-KEV-0611Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco AnyConnect Secure') | CVE: CVE-2020-3153 | Cisco AnyConnect Secure | Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability | KEV added: 2022-10-24 | KEV due: 2022-11-14 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018
EXP-KEV-0616Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft exchange' (in 'Microsoft Exchange Server') | CVE: CVE-2022-41082 | Microsoft Exchange Server | Microsoft Exchange Server Remote Code Execution Vulnerability | KEV added: 2022-09-30 | KEV due: 2022-10-21 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0617Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft exchange' (in 'Microsoft Exchange Server') | CVE: CVE-2022-41040 | Microsoft Exchange Server | Microsoft Exchange Server Server-Side Request Forgery Vulnerability | KEV added: 2022-09-30 | KEV due: 2022-10-21 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-918 → THR-006
EXP-KEV-0636Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'dotcms' (in 'dotCMS dotCMS') | CVE: CVE-2022-26352 | dotCMS dotCMS | dotCMS Unrestricted Upload of File Vulnerability | KEV added: 2022-08-25 | KEV due: 2022-09-15 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0640Drive-By Compromise (T1189)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'webrtc' (in 'WebRTC WebRTC') | CVE: CVE-2022-2294 | WebRTC WebRTC | WebRTC Heap Buffer Overflow Vulnerability | KEV added: 2022-08-25 | KEV due: 2022-09-15 | RANSOMWARE-LINKED | Mapping: Product match: 'chrome' → THR-004
EXP-KEV-0653Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'synacor' (in 'Synacor Zimbra Collaboration Suite (ZCS)') | CVE: CVE-2022-27925 | Synacor Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability | KEV added: 2022-08-11 | KEV due: 2022-09-01 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0655Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'rarlab' (in 'RARLAB UnRAR') | CVE: CVE-2022-30333 | RARLAB UnRAR | RARLAB UnRAR Directory Traversal Vulnerability | KEV added: 2022-08-09 | KEV due: 2022-08-30 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0659Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'mitel' (in 'Mitel MiVoice Connect') | CVE: CVE-2022-29499 | Mitel MiVoice Connect | Mitel MiVoice Connect Data Validation Vulnerability | KEV added: 2022-06-27 | KEV due: 2022-07-18 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0669Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'qnap' (in 'QNAP Photo Station') | CVE: CVE-2019-7195 | QNAP Photo Station | QNAP Photo Station Path Traversal Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0670Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'qnap' (in 'QNAP Photo Station') | CVE: CVE-2019-7194 | QNAP Photo Station | QNAP Photo Station Path Traversal Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0671Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'qnap' (in 'QNAP QTS') | CVE: CVE-2019-7193 | QNAP QTS | QNAP QTS Improper Input Validation Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0672Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'qnap' (in 'QNAP Photo Station') | CVE: CVE-2019-7192 | QNAP Photo Station | QNAP Photo Station Improper Access Control Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-863 → THR-009
EXP-KEV-0704Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft silverlight' (in 'Microsoft Silverlight') | CVE: CVE-2016-0034 | Microsoft Silverlight | Microsoft Silverlight Runtime Remote Code Execution Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0720Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'red hat' (in 'Red Hat JBoss') | CVE: CVE-2010-1428 | Red Hat JBoss | Red Hat JBoss Information Disclosure Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | RANSOMWARE-LINKED | Mapping: Product match: 'jboss' → THR-006
EXP-KEV-0721Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'red hat' (in 'Red Hat JBoss') | CVE: CVE-2010-0738 | Red Hat JBoss | Red Hat JBoss Authentication Bypass Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | RANSOMWARE-LINKED | Mapping: Product match: 'jboss' → THR-006
EXP-KEV-0723Cross-Site Scripting (XSS) (T1190 (Web))CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'qnap' (in 'QNAP Network Attached Storage (NAS)') | CVE: CVE-2018-19953 | QNAP Network Attached Storage (NAS) | QNAP NAS File Station Cross-Site Scripting Vulnerability | KEV added: 2022-05-24 | KEV due: 2022-06-14 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-79 → THR-060
EXP-KEV-0724Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'qnap' (in 'QNAP Network Attached Storage (NAS)') | CVE: CVE-2018-19949 | QNAP Network Attached Storage (NAS) | QNAP NAS File Station Command Injection Vulnerability | KEV added: 2022-05-24 | KEV due: 2022-06-14 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0725Cross-Site Scripting (XSS) (T1190 (Web))CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'qnap' (in 'QNAP Network Attached Storage (NAS)') | CVE: CVE-2018-19943 | QNAP Network Attached Storage (NAS) | QNAP NAS File Station Cross-Site Scripting Vulnerability | KEV added: 2022-05-24 | KEV due: 2022-06-14 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-79 → THR-060
EXP-KEV-0730SQL Injection (T1190 (Web))CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'kaseya' (in 'Kaseya Virtual System/Server Administrator (VSA)') | CVE: CVE-2017-18362 | Kaseya Virtual System/Server Administrator (VSA) | Kaseya VSA SQL Injection Vulnerability | KEV added: 2022-05-24 | KEV due: 2022-06-14 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-89 → THR-059
EXP-KEV-0731Drive-By Compromise (T1189)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer and Edge') | CVE: CVE-2016-3351 | Microsoft Internet Explorer and Edge | Microsoft Internet Explorer and Edge Information Disclosure Vulnerability | KEV added: 2022-05-24 | KEV due: 2022-06-14 | RANSOMWARE-LINKED | Mapping: Product match: 'edge' → THR-004
EXP-KEV-0760Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'wso2' (in 'WSO2 Multiple Products') | CVE: CVE-2022-29464 | WSO2 Multiple Products | WSO2 Multiple Products Unrestrictive Upload of File Vulnerability | KEV added: 2022-04-25 | KEV due: 2022-05-16 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0765Cross-Site Scripting (XSS) (T1190 (Web))CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'synacor' (in 'Synacor Zimbra Collaboration Suite (ZCS)') | CVE: CVE-2018-6882 | Synacor Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability | KEV added: 2022-04-19 | KEV due: 2022-05-10 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-79 → THR-060
EXP-KEV-0775Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'vmware' (in 'VMware Workspace ONE Access and Identity Manager') | CVE: CVE-2022-22954 | VMware Workspace ONE Access and Identity Manager | VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability | KEV added: 2022-04-14 | KEV due: 2022-05-05 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-0777Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'drupal' (in 'Drupal Core') | CVE: CVE-2018-7602 | Drupal Core | Drupal Core Remote Code Execution Vulnerability | KEV added: 2022-04-13 | KEV due: 2022-05-04 | RANSOMWARE-LINKED | Mapping: Product match: 'drupal' → THR-006
EXP-KEV-0778PowerShell Abuse (T1059.001)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'kaseya' (in 'Kaseya Virtual System/Server Administrator (VSA)') | CVE: CVE-2018-20753 | Kaseya Virtual System/Server Administrator (VSA) | Kaseya VSA Remote Code Execution Vulnerability | KEV added: 2022-04-13 | KEV due: 2022-05-04 | RANSOMWARE-LINKED | Mapping: Product match: 'powershell' → THR-011
EXP-KEV-0799Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'dasan' (in 'Dasan Gigabit Passive Optical Network (GPON) Routers') | CVE: CVE-2018-10562 | Dasan Gigabit Passive Optical Network (GPON) Routers | Dasan GPON Routers Command Injection Vulnerability | KEV added: 2022-03-31 | KEV due: 2022-04-21 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0806SQL Injection (T1190 (Web))CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sonicwall' (in 'SonicWall Secure Remote Access (SRA)') | CVE: CVE-2021-20028 | SonicWall Secure Remote Access (SRA) | SonicWall Secure Remote Access (SRA) SQL Injection Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-89 → THR-059
EXP-KEV-0820Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2013-2551 | Microsoft Internet Explorer | Microsoft Internet Explorer Use-After-Free Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-416 → THR-018
EXP-KEV-0826Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sitecore' (in 'Sitecore XP') | CVE: CVE-2021-42237 | Sitecore XP | Sitecore XP Remote Command Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0837Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'webmin' (in 'Webmin Webmin') | CVE: CVE-2019-15107 | Webmin Webmin | Webmin Command Injection Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0840Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'php' (in 'PHP FastCGI Process Manager (FPM)') | CVE: CVE-2019-11043 | PHP FastCGI Process Manager (FPM) | PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | RANSOMWARE-LINKED | Mapping: Product match: 'php' → THR-006
EXP-KEV-0848Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'vmware' (in 'VMware Tanzu Spring Data Commons') | CVE: CVE-2018-1273 | VMware Tanzu Spring Data Commons | VMware Tanzu Spring Data Commons Property Binder Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-0849Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'quest' (in 'Quest KACE System Management Appliance') | CVE: CVE-2018-11138 | Quest KACE System Management Appliance | Quest KACE System Management Appliance Remote Command Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0878Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe coldfusion' (in 'Adobe ColdFusion') | CVE: CVE-2010-2861 | Adobe ColdFusion | Adobe ColdFusion Directory Traversal Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0907Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft exchange' (in 'Microsoft Exchange Server') | CVE: CVE-2018-8581 | Microsoft Exchange Server | Microsoft Exchange Server Privilege Escalation Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | RANSOMWARE-LINKED | Mapping: Product match: 'exchange' → THR-006
EXP-KEV-0951Drive-By Compromise (T1189)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2016-1019 | Adobe Flash Player | Adobe Flash Player Arbitrary Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | RANSOMWARE-LINKED | Mapping: Product match: 'flash' → THR-004
EXP-KEV-0953Drive-By Compromise (T1189)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2015-7645 | Adobe Flash Player | Adobe Flash Player Arbitrary Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | RANSOMWARE-LINKED | Mapping: Product match: 'flash' → THR-004
EXP-KEV-0979Cross-Site Scripting (XSS) (T1190 (Web))CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'synacor' (in 'Synacor Zimbra Collaborate Suite (ZCS)') | CVE: CVE-2022-24682 | Synacor Zimbra Collaborate Suite (ZCS) | Synacor Zimbra Collaborate Suite (ZCS) Cross-Site Scripting Vulnerability | KEV added: 2022-02-25 | KEV due: 2022-03-11 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-79 → THR-060
EXP-KEV-0987Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2018-15982 | Adobe Flash Player | Adobe Flash Player Use-After-Free Vulnerability | KEV added: 2022-02-15 | KEV due: 2022-08-15 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-416 → THR-018
EXP-KEV-1021Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'vmware' (in 'VMware vRealize Operations Manager API') | CVE: CVE-2021-21975 | VMware vRealize Operations Manager API | VMware Server Side Request Forgery in vRealize Operations Manager API | KEV added: 2022-01-18 | KEV due: 2022-02-01 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-918 → THR-006
EXP-KEV-1046Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'red hat' (in 'Red Hat JBoss Application Server') | CVE: CVE-2017-12149 | Red Hat JBoss Application Server | Red Hat JBoss Application Server Remote Code Execution Vulnerability | KEV added: 2021-12-10 | KEV due: 2022-06-10 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-1051Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'apache log4j' (in 'Apache Log4j2') | CVE: CVE-2021-44228 | Apache Log4j2 | Apache Log4j2 Remote Code Execution Vulnerability | KEV added: 2021-12-10 | KEV due: 2021-12-24 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-1056Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft exchange' (in 'Microsoft Exchange') | CVE: CVE-2021-42321 | Microsoft Exchange | Microsoft Exchange Server Remote Code Execution Vulnerability | KEV added: 2021-11-17 | KEV due: 2021-12-01 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-1058Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'accellion' (in 'Accellion FTA') | CVE: CVE-2021-27104 | Accellion FTA | Accellion FTA OS Command Injection Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-1059Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'accellion' (in 'Accellion FTA') | CVE: CVE-2021-27102 | Accellion FTA | Accellion FTA OS Command Injection Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-1060SQL Injection (T1190 (Web))CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'accellion' (in 'Accellion FTA') | CVE: CVE-2021-27101 | Accellion FTA | Accellion FTA SQL Injection Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-89 → THR-059
EXP-KEV-1061Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'accellion' (in 'Accellion FTA') | CVE: CVE-2021-27103 | Accellion FTA | Accellion FTA Server-Side Request Forgery (SSRF) Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-918 → THR-006
EXP-KEV-1065Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2018-4878 | Adobe Flash Player | Adobe Flash Player Use-After-Free Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-416 → THR-018
EXP-KEV-1076Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'apache struts' (in 'Apache Struts') | CVE: CVE-2017-5638 | Apache Struts | Apache Struts Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-1108SQL Injection (T1190 (Web))CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'bqe' (in 'BQE BillQuick Web Suite') | CVE: CVE-2021-42258 | BQE BillQuick Web Suite | BQE BillQuick Web Suite SQL Injection Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-89 → THR-059
EXP-KEV-1110Cross-Site Scripting (XSS) (T1190 (Web))CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)') | CVE: CVE-2020-3580 | Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) | Cisco ASA and FTD Cross-Site Scripting (XSS) Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-79 → THR-060
EXP-KEV-1123Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'citrix' (in 'Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance') | CVE: CVE-2019-19781 | Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance | Citrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-1124Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'citrix' (in 'Citrix Workspace Application and Receiver for Windows') | CVE: CVE-2019-11634 | Citrix Workspace Application and Receiver for Windows | Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018
EXP-KEV-1127Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'dotnetnuke' (in 'DotNetNuke (DNN) DotNetNuke (DNN)') | CVE: CVE-2017-9822 | DotNetNuke (DNN) DotNetNuke (DNN) | DotNetNuke (DNN) Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-1130Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'drupal' (in 'Drupal Drupal Core') | CVE: CVE-2018-7600 | Drupal Drupal Core | Drupal Core Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-1131Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'gitlab' (in 'GitLab Community and Enterprise Editions') | CVE: CVE-2021-22205 | GitLab Community and Enterprise Editions | GitLab Community and Enterprise Editions Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-1132Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-1134Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'f5' (in 'F5 BIG-IP') | CVE: CVE-2020-5902 | F5 BIG-IP | F5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-1135Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'f5' (in 'F5 BIG-IP and BIG-IQ Centralized Management') | CVE: CVE-2021-22986 | F5 BIG-IP and BIG-IQ Centralized Management | F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-863 → THR-009
EXP-KEV-1136Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'forgerock' (in 'ForgeRock Access Management (AM)') | CVE: CVE-2021-35464 | ForgeRock Access Management (AM) | ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-1186Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft exchange' (in 'Microsoft Exchange Server') | CVE: CVE-2021-34523 | Microsoft Exchange Server | Microsoft Exchange Server Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-287 → THR-009
EXP-KEV-1189Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft exchange' (in 'Microsoft Exchange Server') | CVE: CVE-2020-0688 | Microsoft Exchange Server | Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-287 → THR-009
EXP-KEV-1192Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft exchange' (in 'Microsoft Exchange Server') | CVE: CVE-2021-34473 | Microsoft Exchange Server | Microsoft Exchange Server Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-918 → THR-006
EXP-KEV-1196Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft exchange' (in 'Microsoft Exchange Server') | CVE: CVE-2021-31207 | Microsoft Exchange Server | Microsoft Exchange Server Security Feature Bypass Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-1200Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2021-26411 | Microsoft Internet Explorer | Microsoft Internet Explorer Memory Corruption Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-416 → THR-018
EXP-KEV-1214Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2019-1367 | Microsoft Internet Explorer | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-787 → THR-018
EXP-KEV-1220Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft exchange' (in 'Microsoft Exchange Server') | CVE: CVE-2021-26855 | Microsoft Exchange Server | Microsoft Exchange Server Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-918 → THR-006
EXP-KEV-1221Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft exchange' (in 'Microsoft Exchange Server') | CVE: CVE-2021-26858 | Microsoft Exchange Server | Microsoft Exchange Server Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: Product match: 'exchange' → THR-006
EXP-KEV-1222Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft exchange' (in 'Microsoft Exchange Server') | CVE: CVE-2021-27065 | Microsoft Exchange Server | Microsoft Exchange Server Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: Product match: 'exchange' → THR-006
EXP-KEV-1227Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft sharepoint' (in 'Microsoft SharePoint') | CVE: CVE-2019-0604 | Microsoft SharePoint | Microsoft SharePoint Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-1228Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft exchange' (in 'Microsoft Exchange Server') | CVE: CVE-2021-26857 | Microsoft Exchange Server | Microsoft Exchange Server Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-1243Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'progress' (in 'Progress Telerik UI for ASP.NET AJAX') | CVE: CVE-2019-18935 | Progress Telerik UI for ASP.NET AJAX | Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-1244Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Pulse Connect Secure') | CVE: CVE-2021-22893 | Ivanti Pulse Connect Secure | Ivanti Pulse Connect Secure Use-After-Free Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-287 → THR-009
EXP-KEV-1250Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Pulse Connect Secure') | CVE: CVE-2019-11510 | Ivanti Pulse Connect Secure | Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-1251Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Pulse Connect Secure and Pulse Policy Secure') | CVE: CVE-2019-11539 | Ivanti Pulse Connect Secure and Pulse Policy Secure | Ivanti Pulse Connect Secure and Policy Secure Command Injection Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-1257Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sap' (in 'SAP Customer Relationship Management (CRM)') | CVE: CVE-2018-2380 | SAP Customer Relationship Management (CRM) | SAP Customer Relationship Management (CRM) Path Traversal Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-1259Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'solarwinds' (in 'SolarWinds Serv-U') | CVE: CVE-2021-35211 | SolarWinds Serv-U | SolarWinds Serv-U Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-787 → THR-018
EXP-KEV-1260SQL Injection (T1190 (Web))CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sonicwall' (in 'SonicWall SMA100') | CVE: CVE-2019-7481 | SonicWall SMA100 | SonicWall SMA100 SQL Injection Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-89 → THR-059
EXP-KEV-1261Web Shell (T1505.003)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sonicwall' (in 'SonicWall SonicWall Email Security') | CVE: CVE-2021-20022 | SonicWall SonicWall Email Security | SonicWall Email Security Unrestricted Upload of File Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-434 → THR-017
EXP-KEV-1262Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sonicwall' (in 'SonicWall SonicWall Email Security') | CVE: CVE-2021-20023 | SonicWall SonicWall Email Security | SonicWall Email Security Path Traversal Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-1263SQL Injection (T1190 (Web))CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sonicwall' (in 'SonicWall SSLVPN SMA100') | CVE: CVE-2021-20016 | SonicWall SSLVPN SMA100 | SonicWall SSLVPN SMA100 SQL Injection Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-89 → THR-059
EXP-KEV-1264SQL Injection (T1190 (Web))CriticalSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-1284Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'vmware' (in 'VMware VMware ESXi and Horizon DaaS') | CVE: CVE-2019-5544 | VMware VMware ESXi and Horizon DaaS | VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer Overflow Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-787 → THR-018
EXP-KEV-1285Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'vmware' (in 'VMware ESXi') | CVE: CVE-2020-3992 | VMware ESXi | VMware ESXi OpenSLP Use-After-Free Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-416 → THR-018
EXP-KEV-1287Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'vmware' (in 'VMware vCenter Server') | CVE: CVE-2021-21985 | VMware vCenter Server | VMware vCenter Server Improper Input Validation Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-1295Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle PeopleSoft Enterprise PeopleTools') | CVE: CVE-2026-35273 | Oracle PeopleSoft Enterprise PeopleTools | Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability | KEV added: 2026-06-12 | KEV due: 2026-06-15 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1300Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'nx console' (in 'Nx Nx Console') | CVE: CVE-2026-48027 | Nx Nx Console | Nx Console Embedded Malicious Code Vulnerability | KEV added: 2026-05-27 | KEV due: 2026-06-10 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1301Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'tanstack' (in 'TanStack TanStack') | CVE: CVE-2026-45321 | TanStack TanStack | TanStack Unspecified Vulnerability | KEV added: 2026-05-27 | KEV due: 2026-06-10 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1315Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'jetbrains' (in 'JetBrains TeamCity') | CVE: CVE-2024-27199 | JetBrains TeamCity | JetBrains TeamCity Relative Path Traversal Vulnerability | KEV added: 2026-04-20 | KEV due: 2026-05-04 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1329Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'smartertools' (in 'SmarterTools SmarterMail') | CVE: CVE-2026-24423 | SmarterTools SmarterMail | SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability | KEV added: 2026-02-05 | KEV due: 2026-02-26 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1330Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'smartertools' (in 'SmarterTools SmarterMail') | CVE: CVE-2026-23760 | SmarterTools SmarterMail | SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability | KEV added: 2026-01-26 | KEV due: 2026-02-16 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1338Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'meta' (in 'Meta React Server Components') | CVE: CVE-2025-55182 | Meta React Server Components | Meta React Server Components Remote Code Execution Vulnerability | KEV added: 2025-12-05 | KEV due: 2025-12-12 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1350Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle E-Business Suite') | CVE: CVE-2025-61882 | Oracle E-Business Suite | Oracle E-Business Suite Unspecified Vulnerability | KEV added: 2025-10-06 | KEV due: 2025-10-27 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1375Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'crushftp' (in 'CrushFTP CrushFTP') | CVE: CVE-2025-31161 | CrushFTP CrushFTP | CrushFTP Authentication Bypass Vulnerability | KEV added: 2025-04-07 | KEV due: 2025-04-28 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1381Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'vmware' (in 'VMware ESXi') | CVE: CVE-2025-22225 | VMware ESXi | VMware ESXi Arbitrary Write Vulnerability | KEV added: 2025-03-04 | KEV due: 2025-03-25 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1391Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'qlik' (in 'Qlik Sense') | CVE: CVE-2023-48365 | Qlik Sense | Qlik Sense HTTP Tunneling Vulnerability | KEV added: 2025-01-13 | KEV due: 2025-02-03 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1396Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cyberpersons' (in 'CyberPersons CyberPanel') | CVE: CVE-2024-51378 | CyberPersons CyberPanel | CyberPanel Incorrect Default Permissions Vulnerability | KEV added: 2024-12-04 | KEV due: 2024-12-25 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1401Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cyberpersons' (in 'CyberPersons CyberPanel') | CVE: CVE-2024-51567 | CyberPersons CyberPanel | CyberPanel Incorrect Default Permissions Vulnerability | KEV added: 2024-11-07 | KEV due: 2024-11-28 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1406Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sonicwall' (in 'SonicWall SonicOS') | CVE: CVE-2024-40766 | SonicWall SonicOS | SonicWall SonicOS Improper Access Control Vulnerability | KEV added: 2024-09-09 | KEV due: 2024-09-30 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1422Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'jetbrains' (in 'JetBrains TeamCity') | CVE: CVE-2024-27198 | JetBrains TeamCity | JetBrains TeamCity Authentication Bypass Vulnerability | KEV added: 2024-03-07 | KEV due: 2024-03-28 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1424Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'connectwise' (in 'ConnectWise ScreenConnect') | CVE: CVE-2024-1709 | ConnectWise ScreenConnect | ConnectWise ScreenConnect Authentication Bypass Vulnerability | KEV added: 2024-02-22 | KEV due: 2024-02-29 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1427Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'qlik' (in 'Qlik Sense') | CVE: CVE-2023-41265 | Qlik Sense | Qlik Sense HTTP Tunneling Vulnerability | KEV added: 2023-12-07 | KEV due: 2023-12-28 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1432Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'f5' (in 'F5 BIG-IP Configuration Utility') | CVE: CVE-2023-46747 | F5 BIG-IP Configuration Utility | F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability | KEV added: 2023-10-31 | KEV due: 2023-11-21 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1434Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'jetbrains' (in 'JetBrains TeamCity') | CVE: CVE-2023-42793 | JetBrains TeamCity | JetBrains TeamCity Authentication Bypass Vulnerability | KEV added: 2023-10-04 | KEV due: 2023-10-25 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1437Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'laravel' (in 'Laravel Ignition') | CVE: CVE-2021-3129 | Laravel Ignition | Laravel Ignition File Upload Vulnerability | KEV added: 2023-09-18 | KEV due: 2023-10-09 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1439Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'rarlab' (in 'RARLAB WinRAR') | CVE: CVE-2023-38831 | RARLAB WinRAR | RARLAB WinRAR Code Execution Vulnerability | KEV added: 2023-08-24 | KEV due: 2023-09-14 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1450Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'papercut' (in 'PaperCut MF/NG') | CVE: CVE-2023-27350 | PaperCut MF/NG | PaperCut MF/NG Improper Access Control Vulnerability | KEV added: 2023-04-21 | KEV due: 2023-05-12 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1454Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'zk framework' (in 'ZK Framework AuUploader') | CVE: CVE-2022-36537 | ZK Framework AuUploader | ZK Framework AuUploader Unspecified Vulnerability | KEV added: 2023-02-27 | KEV due: 2023-03-20 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1456Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'terramaster' (in 'TerraMaster TerraMaster OS') | CVE: CVE-2022-24990 | TerraMaster TerraMaster OS | TerraMaster OS Remote Command Execution Vulnerability | KEV added: 2023-02-10 | KEV due: 2023-03-03 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1457Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle E-Business Suite') | CVE: CVE-2022-21587 | Oracle E-Business Suite | Oracle E-Business Suite Unspecified Vulnerability | KEV added: 2023-02-02 | KEV due: 2023-02-23 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1460Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'gigabyte' (in 'GIGABYTE Multiple Products') | CVE: CVE-2018-19323 | GIGABYTE Multiple Products | GIGABYTE Multiple Products Privilege Escalation Vulnerability | KEV added: 2022-10-24 | KEV due: 2022-11-14 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1461Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'gigabyte' (in 'GIGABYTE Multiple Products') | CVE: CVE-2018-19322 | GIGABYTE Multiple Products | GIGABYTE Multiple Products Code Execution Vulnerability | KEV added: 2022-10-24 | KEV due: 2022-11-14 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1462Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'gigabyte' (in 'GIGABYTE Multiple Products') | CVE: CVE-2018-19321 | GIGABYTE Multiple Products | GIGABYTE Multiple Products Privilege Escalation Vulnerability | KEV added: 2022-10-24 | KEV due: 2022-11-14 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1463Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'gigabyte' (in 'GIGABYTE Multiple Products') | CVE: CVE-2018-19320 | GIGABYTE Multiple Products | GIGABYTE Multiple Products Unspecified Vulnerability | KEV added: 2022-10-24 | KEV due: 2022-11-14 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1465Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'qnap' (in 'QNAP Photo Station') | CVE: CVE-2022-27593 | QNAP Photo Station | QNAP Photo Station Externally Controlled Reference Vulnerability | KEV added: 2022-09-08 | KEV due: 2022-09-29 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1469Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'synacor' (in 'Synacor Zimbra Collaboration Suite (ZCS)') | CVE: CVE-2022-37042 | Synacor Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) Authentication Bypass Vulnerability | KEV added: 2022-08-11 | KEV due: 2022-09-01 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1470Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'synacor' (in 'Synacor Zimbra Collaboration Suite (ZCS)') | CVE: CVE-2022-27924 | Synacor Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) Command Injection Vulnerability | KEV added: 2022-08-04 | KEV due: 2022-08-25 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1483Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ibm' (in 'IBM InfoSphere BigInsights') | CVE: CVE-2013-3993 | IBM InfoSphere BigInsights | IBM InfoSphere BigInsights Invalid Input Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1485Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Java Runtime Environment (JRE)') | CVE: CVE-2013-0431 | Oracle Java Runtime Environment (JRE) | Oracle JRE Sandbox Bypass Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1486Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Java Runtime Environment (JRE)') | CVE: CVE-2013-0422 | Oracle Java Runtime Environment (JRE) | Oracle JRE Remote Code Execution Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1487Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft silverlight' (in 'Microsoft Silverlight') | CVE: CVE-2013-0074 | Microsoft Silverlight | Microsoft Silverlight Double Dereference Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1488Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Fusion Middleware') | CVE: CVE-2012-1710 | Oracle Fusion Middleware | Oracle Fusion Middleware Unspecified Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1497Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'f5' (in 'F5 BIG-IP') | CVE: CVE-2022-1388 | F5 BIG-IP | F5 BIG-IP Missing Authentication Vulnerability | KEV added: 2022-05-10 | KEV due: 2022-05-31 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1510Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'qnap' (in 'QNAP Network Attached Storage (NAS)') | CVE: CVE-2021-28799 | QNAP Network Attached Storage (NAS) | QNAP NAS Improper Authorization Vulnerability | KEV added: 2022-03-31 | KEV due: 2022-04-21 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1516Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Java SE') | CVE: CVE-2013-2465 | Oracle Java SE | Oracle Java SE Unspecified Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1522Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'citrix' (in 'Citrix ShareFile') | CVE: CVE-2021-22941 | Citrix ShareFile | Citrix ShareFile Improper Access Control Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1534Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe blazeds' (in 'Adobe BlazeDS') | CVE: CVE-2009-3960 | Adobe BlazeDS | Adobe BlazeDS Information Disclosure Vulnerability | KEV added: 2022-03-07 | KEV due: 2022-09-07 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1548Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Java SE') | CVE: CVE-2012-4681 | Oracle Java SE | Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1549Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Java SE') | CVE: CVE-2012-1723 | Oracle Java SE | Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1550Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Java SE') | CVE: CVE-2012-0507 | Oracle Java SE | Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1554Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2019-0752 | Microsoft Internet Explorer | Microsoft Internet Explorer Type Confusion Vulnerability | KEV added: 2022-02-15 | KEV due: 2022-08-15 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1555Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'rarlab' (in 'RARLAB WinRAR') | CVE: CVE-2018-20250 | RARLAB WinRAR | WinRAR Absolute Path Traversal Vulnerability | KEV added: 2022-02-15 | KEV due: 2022-08-15 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1556Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle WebLogic Server') | CVE: CVE-2017-10271 | Oracle WebLogic Server | Oracle Corporation WebLogic Server Remote Code Execution Vulnerability | KEV added: 2022-02-10 | KEV due: 2022-08-10 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1558Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sonicwall' (in 'SonicWall SMA 100 Appliances') | CVE: CVE-2021-20038 | SonicWall SMA 100 Appliances | SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability | KEV added: 2022-01-28 | KEV due: 2022-02-11 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1562Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle WebLogic Server') | CVE: CVE-2019-2725 | Oracle WebLogic Server | Oracle WebLogic Server, Injection | KEV added: 2022-01-10 | KEV due: 2022-07-10 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1573Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'citrix' (in 'Citrix StoreFront Server') | CVE: CVE-2019-13608 | Citrix StoreFront Server | Citrix StoreFront Server XML External Entity (XXE) Processing Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1578Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'kaseya' (in 'Kaseya Virtual System/Server Administrator (VSA)') | CVE: CVE-2021-30116 | Kaseya Virtual System/Server Administrator (VSA) | Kaseya Virtual System/Server Administrator (VSA) Information Disclosure Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1580Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft open management infrastructure' (in 'Microsoft Open Management Infrastructure (OMI)') | CVE: CVE-2021-38647 | Microsoft Open Management Infrastructure (OMI) | Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1612Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sonicwall' (in 'SonicWall SonicWall Email Security') | CVE: CVE-2021-20021 | SonicWall SonicWall Email Security | SonicWall Email Security Improper Privilege Management Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1615Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'vmware' (in 'VMware vCenter Server') | CVE: CVE-2021-22005 | VMware vCenter Server | VMware vCenter Server File Upload Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1617Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'vmware' (in 'VMware vCenter Server') | CVE: CVE-2021-21972 | VMware vCenter Server | VMware vCenter Server Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1618Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'zoho' (in 'Zoho ManageEngine') | CVE: CVE-2021-40539 | Zoho ManageEngine | Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-0001Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0003Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0005Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'mirasvit' (in 'Mirasvit Mirasvit Full Page Cache Warmer') | CVE: CVE-2026-45247 | Mirasvit Mirasvit Full Page Cache Warmer | Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability | KEV added: 2026-06-03 | KEV due: 2026-06-06 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0009SQL Injection (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0012Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2010-0249 | Microsoft Internet Explorer | Microsoft Internet Explorer Use-After-Free Vulnerability | KEV added: 2026-05-20 | KEV due: 2026-06-03 | Mapping: CWE mapping: CWE-416 → THR-018
EXP-KEV-0014Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Catalyst SD-WAN') | CVE: CVE-2026-20182 | Cisco Catalyst SD-WAN | Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability | KEV added: 2026-05-14 | KEV due: 2026-05-17 | Mapping: CWE mapping: CWE-287 → THR-009
EXP-KEV-0015SQL Injection (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0016Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Endpoint Manager Mobile (EPMM)') | CVE: CVE-2026-6973 | Ivanti Endpoint Manager Mobile (EPMM) | Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability | KEV added: 2026-05-07 | KEV due: 2026-05-10 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0023Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'samsung' (in 'Samsung MagicINFO 9 Server') | CVE: CVE-2024-7399 | Samsung MagicINFO 9 Server | Samsung MagicINFO 9 Server Path Traversal Vulnerability | KEV added: 2026-04-24 | KEV due: 2026-05-08 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0026Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'kentico' (in 'Kentico Kentico Xperience') | CVE: CVE-2025-2749 | Kentico Kentico Xperience | Kentico Xperience Path Traversal Vulnerability | KEV added: 2026-04-20 | KEV due: 2026-05-04 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0028Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'synacor' (in 'Synacor Zimbra Collaboration Suite (ZCS)') | CVE: CVE-2025-48700 | Synacor Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability | KEV added: 2026-04-20 | KEV due: 2026-04-23 | Mapping: CWE mapping: CWE-79 → THR-060
EXP-KEV-0029Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'quest' (in 'Quest KACE Systems Management Appliance (SMA)') | CVE: CVE-2025-32975 | Quest KACE Systems Management Appliance (SMA) | Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability | KEV added: 2026-04-20 | KEV due: 2026-05-04 | Mapping: CWE mapping: CWE-287 → THR-009
EXP-KEV-0030Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'apache activemq' (in 'Apache ActiveMQ') | CVE: CVE-2026-34197 | Apache ActiveMQ | Apache ActiveMQ Improper Input Validation Vulnerability | KEV added: 2026-04-16 | KEV due: 2026-04-30 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0032Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft sharepoint' (in 'Microsoft SharePoint Server') | CVE: CVE-2026-32201 | Microsoft SharePoint Server | Microsoft SharePoint Server Improper Input Validation Vulnerability | KEV added: 2026-04-14 | KEV due: 2026-04-28 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0037SQL Injection (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'forticlient' (in 'Fortinet FortiClient EMS') | CVE: CVE-2026-21643 | Fortinet FortiClient EMS | Fortinet FortiClient EMS SQL Injection Vulnerability | KEV added: 2026-04-13 | KEV due: 2026-04-16 | Mapping: CWE mapping: CWE-89 → THR-059
EXP-KEV-0038Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Endpoint Manager Mobile (EPMM)') | CVE: CVE-2026-1340 | Ivanti Endpoint Manager Mobile (EPMM) | Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability | KEV added: 2026-04-08 | KEV due: 2026-04-11 | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-0039External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'forticlient' (in 'Fortinet FortiClient EMS') | CVE: CVE-2026-35616 | Fortinet FortiClient EMS | Fortinet FortiClient EMS Improper Access Control Vulnerability | KEV added: 2026-04-06 | KEV due: 2026-04-09 | Mapping: Product match: 'fortinet' → THR-005
EXP-KEV-0041Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0042Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0043Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0044Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0049Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'synacor' (in 'Synacor Zimbra Collaboration Suite (ZCS)') | CVE: CVE-2025-66376 | Synacor Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability | KEV added: 2026-03-18 | KEV due: 2026-04-01 | Mapping: CWE mapping: CWE-79 → THR-060
EXP-KEV-0050Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft sharepoint' (in 'Microsoft SharePoint') | CVE: CVE-2026-20963 | Microsoft SharePoint | Microsoft SharePoint Deserialization of Untrusted Data Vulnerability | KEV added: 2026-03-18 | KEV due: 2026-03-21 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0053Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'omnissa' (in 'Omnissa Workspace One UEM') | CVE: CVE-2021-22054 | Omnissa Workspace One UEM | Omnissa Workspace ONE Server-Side Request Forgery | KEV added: 2026-03-09 | KEV due: 2026-03-23 | Mapping: CWE mapping: CWE-918 → THR-006
EXP-KEV-0054Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'solarwinds' (in 'SolarWinds Web Help Desk') | CVE: CVE-2025-26399 | SolarWinds Web Help Desk | SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability | KEV added: 2026-03-09 | KEV due: 2026-03-12 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0055External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Endpoint Manager (EPM)') | CVE: CVE-2026-1603 | Ivanti Endpoint Manager (EPM) | Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability | KEV added: 2026-03-09 | KEV due: 2026-03-23 | Mapping: Product match: 'ivanti' → THR-005
EXP-KEV-0056Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'hikvision' (in 'Hikvision Multiple Products') | CVE: CVE-2017-7921 | Hikvision Multiple Products | Hikvision Multiple Products Improper Authentication Vulnerability | KEV added: 2026-03-05 | KEV due: 2026-03-26 | Mapping: CWE mapping: CWE-287 → THR-009
EXP-KEV-0060Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'broadcom' (in 'Broadcom VMware Aria Operations') | CVE: CVE-2026-22719 | Broadcom VMware Aria Operations | Broadcom VMware Aria Operations Command Injection Vulnerability | KEV added: 2026-03-03 | KEV due: 2026-03-24 | Mapping: CWE mapping: CWE-77 → THR-010
EXP-KEV-0061Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Catalyst SD-WAN Controller and Manager') | CVE: CVE-2026-20127 | Cisco Catalyst SD-WAN Controller and Manager | Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability | KEV added: 2026-02-25 | KEV due: 2026-02-27 | Mapping: CWE mapping: CWE-287 → THR-009
EXP-KEV-0062Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'soliton' (in 'Soliton Systems K.K FileZen') | CVE: CVE-2026-25108 | Soliton Systems K.K FileZen | Soliton Systems K.K FileZen OS Command Injection Vulnerability | KEV added: 2026-02-24 | KEV due: 2026-03-17 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0063Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'roundcube' (in 'Roundcube Webmail') | CVE: CVE-2025-49113 | Roundcube Webmail | RoundCube Webmail Deserialization of Untrusted Data Vulnerability | KEV added: 2026-02-20 | KEV due: 2026-03-13 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0064Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'roundcube' (in 'Roundcube Webmail') | CVE: CVE-2025-68461 | Roundcube Webmail | RoundCube Webmail Cross-site Scripting Vulnerability | KEV added: 2026-02-20 | KEV due: 2026-03-13 | Mapping: CWE mapping: CWE-79 → THR-060
EXP-KEV-0065Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'gitlab' (in 'GitLab GitLab') | CVE: CVE-2021-22175 | GitLab GitLab | GitLab Server-Side Request Forgery (SSRF) Vulnerability | KEV added: 2026-02-18 | KEV due: 2026-03-11 | Mapping: CWE mapping: CWE-918 → THR-006
EXP-KEV-0066Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'synacor' (in 'Synacor Zimbra Collaboration Suite') | CVE: CVE-2020-7796 | Synacor Zimbra Collaboration Suite | Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability | KEV added: 2026-02-17 | KEV due: 2026-03-10 | Mapping: CWE mapping: CWE-918 → THR-006
EXP-KEV-0067Web Shell (T1505.003)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'teamt5' (in 'TeamT5 ThreatSonar Anti-Ransomware') | CVE: CVE-2024-7694 | TeamT5 ThreatSonar Anti-Ransomware | TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability | KEV added: 2026-02-17 | KEV due: 2026-03-10 | Mapping: CWE mapping: CWE-434 → THR-017
EXP-KEV-0072SQL Injection (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft configuration manager' (in 'Microsoft Configuration Manager') | CVE: CVE-2024-43468 | Microsoft Configuration Manager | Microsoft Configuration Manager SQL Injection Vulnerability | KEV added: 2026-02-12 | KEV due: 2026-03-05 | Mapping: CWE mapping: CWE-89 → THR-059
EXP-KEV-0079Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'react native' (in 'React Native Community CLI') | CVE: CVE-2025-11953 | React Native Community CLI | React Native Community CLI OS Command Injection Vulnerability | KEV added: 2026-02-05 | KEV due: 2026-02-26 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0080Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'gitlab' (in 'GitLab Community and Enterprise Editions') | CVE: CVE-2021-39935 | GitLab Community and Enterprise Editions | GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability | KEV added: 2026-02-03 | KEV due: 2026-02-24 | Mapping: CWE mapping: CWE-918 → THR-006
EXP-KEV-0081Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0082Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sangoma' (in 'Sangoma FreePBX') | CVE: CVE-2019-19006 | Sangoma FreePBX | Sangoma FreePBX Improper Authentication Vulnerability | KEV added: 2026-02-03 | KEV due: 2026-02-24 | Mapping: CWE mapping: CWE-287 → THR-009
EXP-KEV-0083Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'solarwinds' (in 'SolarWinds Web Help Desk') | CVE: CVE-2025-40551 | SolarWinds Web Help Desk | SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability | KEV added: 2026-02-03 | KEV due: 2026-02-06 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0084Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Endpoint Manager Mobile (EPMM)') | CVE: CVE-2026-1281 | Ivanti Endpoint Manager Mobile (EPMM) | Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability | KEV added: 2026-01-29 | KEV due: 2026-02-01 | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-0089Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'broadcom' (in 'Broadcom VMware vCenter Server') | CVE: CVE-2024-37079 | Broadcom VMware vCenter Server | Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability | KEV added: 2026-01-23 | KEV due: 2026-02-13 | Mapping: CWE mapping: CWE-787 → THR-018
EXP-KEV-0090Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'synacor' (in 'Synacor Zimbra Collaboration Suite (ZCS)') | CVE: CVE-2025-68645 | Synacor Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability | KEV added: 2026-01-22 | KEV due: 2026-02-12 | Mapping: Product match: 'php' → THR-006
EXP-KEV-0091Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'prettier' (in 'Prettier eslint-config-prettier') | CVE: CVE-2025-54313 | Prettier eslint-config-prettier | Prettier eslint-config-prettier Embedded Malicious Code Vulnerability | KEV added: 2026-01-22 | KEV due: 2026-02-12 | Mapping: Product match: 'windows' → THR-018
EXP-KEV-0092Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Unified Communications Manager') | CVE: CVE-2026-20045 | Cisco Unified Communications Manager | Cisco Unified Communications Products Code Injection Vulnerability | KEV added: 2026-01-21 | KEV due: 2026-02-11 | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-0094Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0096Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'hewlett' (in 'Hewlett Packard Enterprise (HPE) OneView') | CVE: CVE-2025-37164 | Hewlett Packard Enterprise (HPE) OneView | Hewlett Packard Enterprise (HPE) OneView Code Injection Vulnerability | KEV added: 2026-01-07 | KEV due: 2026-01-28 | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-0097Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'mongodb' (in 'MongoDB MongoDB and MongoDB Server') | CVE: CVE-2025-14847 | MongoDB MongoDB and MongoDB Server | MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability | KEV added: 2025-12-29 | KEV due: 2026-01-19 | Mapping: Product match: 'mongodb' → THR-006
EXP-KEV-0098Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'digiever' (in 'Digiever DS-2105 Pro') | CVE: CVE-2023-52163 | Digiever DS-2105 Pro | Digiever DS-2105 Pro Missing Authorization Vulnerability | KEV added: 2025-12-22 | KEV due: 2026-01-12 | Mapping: CWE mapping: CWE-862 → THR-009
EXP-KEV-0099Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'watchguard' (in 'WatchGuard Firebox') | CVE: CVE-2025-14733 | WatchGuard Firebox | WatchGuard Firebox Out of Bounds Write Vulnerability | KEV added: 2025-12-19 | KEV due: 2025-12-26 | Mapping: CWE mapping: CWE-787 → THR-018
EXP-KEV-0100Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sonicwall' (in 'SonicWall SMA1000 appliance') | CVE: CVE-2025-40602 | SonicWall SMA1000 appliance | SonicWall SMA1000 Missing Authorization Vulnerability | KEV added: 2025-12-17 | KEV due: 2025-12-24 | Mapping: CWE mapping: CWE-862 → THR-009
EXP-KEV-0101Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Multiple Products') | CVE: CVE-2025-20393 | Cisco Multiple Products | Cisco Multiple Products Improper Input Validation Vulnerability | KEV added: 2025-12-17 | KEV due: 2025-12-24 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0104Web Shell (T1505.003)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sierra wireless' (in 'Sierra Wireless AirLink ALEOS') | CVE: CVE-2018-4063 | Sierra Wireless AirLink ALEOS | Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability | KEV added: 2025-12-12 | KEV due: 2026-01-02 | Mapping: CWE mapping: CWE-434 → THR-017
EXP-KEV-0106Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'rarlab' (in 'RARLAB WinRAR') | CVE: CVE-2025-6218 | RARLAB WinRAR | RARLAB WinRAR Path Traversal Vulnerability | KEV added: 2025-12-09 | KEV due: 2025-12-30 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0108Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'array networks' (in 'Array Networks ArrayOS AG') | CVE: CVE-2025-66644 | Array Networks ArrayOS AG | Array Networks ArrayOS AG OS Command Injection Vulnerability | KEV added: 2025-12-08 | KEV due: 2025-12-29 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0109Web Shell (T1505.003)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'openplc' (in 'OpenPLC ScadaBR') | CVE: CVE-2021-26828 | OpenPLC ScadaBR | OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability | KEV added: 2025-12-03 | KEV due: 2025-12-24 | Mapping: CWE mapping: CWE-434 → THR-017
EXP-KEV-0112Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0116Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'watchguard' (in 'WatchGuard Firebox') | CVE: CVE-2025-9242 | WatchGuard Firebox | WatchGuard Firebox Out-of-Bounds Write Vulnerability | KEV added: 2025-11-12 | KEV due: 2025-12-03 | Mapping: CWE mapping: CWE-787 → THR-018
EXP-KEV-0117Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'samsung' (in 'Samsung Mobile Devices') | CVE: CVE-2025-21042 | Samsung Mobile Devices | Samsung Mobile Devices Out-of-Bounds Write Vulnerability | KEV added: 2025-11-10 | KEV due: 2025-12-01 | Mapping: CWE mapping: CWE-787 → THR-018
EXP-KEV-0118Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cwp' (in 'CWP Control Web Panel') | CVE: CVE-2025-48703 | CWP Control Web Panel | CWP Control Web Panel OS Command Injection Vulnerability | KEV added: 2025-11-04 | KEV due: 2025-11-25 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0119Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'dassault' (in 'Dassault Systèmes DELMIA Apriso') | CVE: CVE-2025-6204 | Dassault Systèmes DELMIA Apriso | Dassault Systèmes DELMIA Apriso Code Injection Vulnerability | KEV added: 2025-10-28 | KEV due: 2025-11-18 | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-0120Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'dassault' (in 'Dassault Systèmes DELMIA Apriso') | CVE: CVE-2025-6205 | Dassault Systèmes DELMIA Apriso | Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability | KEV added: 2025-10-28 | KEV due: 2025-11-18 | Mapping: CWE mapping: CWE-862 → THR-009
EXP-KEV-0121Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe commerce' (in 'Adobe Commerce and Magento') | CVE: CVE-2025-54236 | Adobe Commerce and Magento | Adobe Commerce and Magento Improper Input Validation Vulnerability | KEV added: 2025-10-24 | KEV due: 2025-11-14 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0126Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'igel' (in 'IGEL IGEL OS') | CVE: CVE-2025-47827 | IGEL IGEL OS | IGEL OS Use of a Key Past its Expiration Date Vulnerability | KEV added: 2025-10-14 | KEV due: 2025-11-04 | Mapping: Product match: 'flash' → THR-004
EXP-KEV-0129Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'skysea' (in 'SKYSEA Client View') | CVE: CVE-2016-7836 | SKYSEA Client View | SKYSEA Client View Improper Authentication Vulnerability | KEV added: 2025-10-14 | KEV due: 2025-11-04 | Mapping: CWE mapping: CWE-287 → THR-009
EXP-KEV-0130Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'grafana' (in 'Grafana Labs Grafana') | CVE: CVE-2021-43798 | Grafana Labs Grafana | Grafana Path Traversal Vulnerability | KEV added: 2025-10-09 | KEV due: 2025-10-30 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0131Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'synacor' (in 'Synacor Zimbra Collaboration Suite (ZCS)') | CVE: CVE-2025-27915 | Synacor Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability | KEV added: 2025-10-07 | KEV due: 2025-10-28 | Mapping: CWE mapping: CWE-79 → THR-060
EXP-KEV-0136Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'mozilla' (in 'Mozilla Multiple Products') | CVE: CVE-2010-3765 | Mozilla Multiple Products | Mozilla Multiple Products Remote Code Execution Vulnerability | KEV added: 2025-10-06 | KEV due: 2025-10-27 | Mapping: Product match: 'firefox' → THR-004
EXP-KEV-0137Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0138Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'jenkins' (in 'Jenkins Jenkins') | CVE: CVE-2017-1000353 | Jenkins Jenkins | Jenkins Remote Code Execution Vulnerability | KEV added: 2025-10-02 | KEV due: 2025-10-23 | Mapping: Product match: 'jenkins' → THR-006
EXP-KEV-0139Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'juniper' (in 'Juniper ScreenOS') | CVE: CVE-2015-7755 | Juniper ScreenOS | Juniper ScreenOS Improper Authentication Vulnerability | KEV added: 2025-10-02 | KEV due: 2025-10-23 | Mapping: CWE mapping: CWE-287 → THR-009
EXP-KEV-0140Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'samsung' (in 'Samsung Mobile Devices') | CVE: CVE-2025-21043 | Samsung Mobile Devices | Samsung Mobile Devices Out-of-Bounds Write Vulnerability | KEV added: 2025-10-02 | KEV due: 2025-10-23 | Mapping: CWE mapping: CWE-787 → THR-018
EXP-KEV-0141Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'smartbedded' (in 'Smartbedded Meteobridge') | CVE: CVE-2025-4008 | Smartbedded Meteobridge | Smartbedded Meteobridge Command Injection Vulnerability | KEV added: 2025-10-02 | KEV due: 2025-10-23 | Mapping: CWE mapping: CWE-77 → THR-010
EXP-KEV-0142Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'libraesva' (in 'Libraesva Email Security Gateway') | CVE: CVE-2025-59689 | Libraesva Email Security Gateway | Libraesva Email Security Gateway Command Injection Vulnerability | KEV added: 2025-09-29 | KEV due: 2025-10-20 | Mapping: CWE mapping: CWE-77 → THR-010
EXP-KEV-0144External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS and IOS XE') | CVE: CVE-2025-20352 | Cisco IOS and IOS XE | Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability | KEV added: 2025-09-29 | KEV due: 2025-10-20 | Mapping: Product match: 'cisco ios' → THR-005
EXP-KEV-0145Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adminer' (in 'Adminer Adminer') | CVE: CVE-2021-21311 | Adminer Adminer | Adminer Server-Side Request Forgery Vulnerability | KEV added: 2025-09-29 | KEV due: 2025-10-20 | Mapping: CWE mapping: CWE-918 → THR-006
EXP-KEV-0146Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense') | CVE: CVE-2025-20362 | Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense | Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Missing Authorization Vulnerability | KEV added: 2025-09-25 | KEV due: 2025-09-26 | Mapping: CWE mapping: CWE-862 → THR-009
EXP-KEV-0147External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense') | CVE: CVE-2025-20333 | Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense | Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overflow Vulnerability | KEV added: 2025-09-25 | KEV due: 2025-09-26 | Mapping: Product match: 'vpn' → THR-005
EXP-KEV-0148Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'dassault' (in 'Dassault Systèmes DELMIA Apriso') | CVE: CVE-2025-5086 | Dassault Systèmes DELMIA Apriso | Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability | KEV added: 2025-09-11 | KEV due: 2025-10-02 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0151Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sitecore' (in 'Sitecore Multiple Products') | CVE: CVE-2025-53690 | Sitecore Multiple Products | Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability | KEV added: 2025-09-04 | KEV due: 2025-09-25 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0152Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'tp-link' (in 'TP-Link Multiple Routers') | CVE: CVE-2025-9377 | TP-Link Multiple Routers | TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability | KEV added: 2025-09-03 | KEV due: 2025-09-24 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0153Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'meta' (in 'Meta Platforms WhatsApp') | CVE: CVE-2025-55177 | Meta Platforms WhatsApp | Meta Platforms WhatsApp Incorrect Authorization Vulnerability | KEV added: 2025-09-02 | KEV due: 2025-09-23 | Mapping: CWE mapping: CWE-863 → THR-009
EXP-KEV-0154SQL Injection (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0155Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0156Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'citrix' (in 'Citrix Session Recording') | CVE: CVE-2024-8068 | Citrix Session Recording | Citrix Session Recording Improper Privilege Management Vulnerability | KEV added: 2025-08-25 | KEV due: 2025-09-15 | Mapping: CWE mapping: CWE-269 → THR-018
EXP-KEV-0157Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'citrix' (in 'Citrix Session Recording') | CVE: CVE-2024-8069 | Citrix Session Recording | Citrix Session Recording Deserialization of Untrusted Data Vulnerability | KEV added: 2025-08-25 | KEV due: 2025-09-15 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0159Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'trend micro' (in 'Trend Micro Apex One') | CVE: CVE-2025-54948 | Trend Micro Apex One | Trend Micro Apex One OS Command Injection Vulnerability | KEV added: 2025-08-18 | KEV due: 2025-09-08 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0160Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0163Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'papercut' (in 'PaperCut NG/MF') | CVE: CVE-2023-2533 | PaperCut NG/MF | PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability | KEV added: 2025-07-28 | KEV due: 2025-08-18 | Mapping: CWE mapping: CWE-352 → THR-006
EXP-KEV-0170Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'synacor' (in 'Synacor Zimbra Collaboration Suite (ZCS)') | CVE: CVE-2019-9621 | Synacor Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability | KEV added: 2025-07-07 | KEV due: 2025-07-28 | Mapping: CWE mapping: CWE-918 → THR-006
EXP-KEV-0171Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'rails' (in 'Rails Ruby on Rails') | CVE: CVE-2019-5418 | Rails Ruby on Rails | Rails Ruby on Rails Path Traversal Vulnerability | KEV added: 2025-07-07 | KEV due: 2025-07-28 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0172Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0173Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'looking glass' (in 'Looking Glass Multi-Router Looking Glass (MRLG)') | CVE: CVE-2014-3931 | Looking Glass Multi-Router Looking Glass (MRLG) | Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability | KEV added: 2025-07-07 | KEV due: 2025-07-28 | Mapping: CWE mapping: CWE-119 → THR-018
EXP-KEV-0175Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'telemessage' (in 'TeleMessage TM SGNL') | CVE: CVE-2025-48927 | TeleMessage TM SGNL | TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability | KEV added: 2025-07-01 | KEV due: 2025-07-22 | Mapping: Product match: 'spring' → THR-006
EXP-KEV-0176Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'citrix' (in 'Citrix NetScaler ADC and Gateway') | CVE: CVE-2025-6543 | Citrix NetScaler ADC and Gateway | Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability | KEV added: 2025-06-30 | KEV due: 2025-07-21 | Mapping: CWE mapping: CWE-119 → THR-018
EXP-KEV-0180Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'tp-link' (in 'TP-Link Multiple Routers') | CVE: CVE-2023-33538 | TP-Link Multiple Routers | TP-Link Multiple Routers Command Injection Vulnerability | KEV added: 2025-06-16 | KEV due: 2025-07-07 | Mapping: CWE mapping: CWE-77 → THR-010
EXP-KEV-0183Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'wazuh' (in 'Wazuh Wazuh Server') | CVE: CVE-2025-24016 | Wazuh Wazuh Server | Wazuh Server Deserialization of Untrusted Data Vulnerability | KEV added: 2025-06-10 | KEV due: 2025-07-01 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0184Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'roundcube' (in 'Roundcube Webmail') | CVE: CVE-2024-42009 | Roundcube Webmail | RoundCube Webmail Cross-Site Scripting Vulnerability | KEV added: 2025-06-09 | KEV due: 2025-06-30 | Mapping: CWE mapping: CWE-79 → THR-060
EXP-KEV-0186Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'qualcomm' (in 'Qualcomm Multiple Chipsets') | CVE: CVE-2025-21479 | Qualcomm Multiple Chipsets | Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability | KEV added: 2025-06-03 | KEV due: 2025-06-24 | Mapping: CWE mapping: CWE-863 → THR-009
EXP-KEV-0187Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'qualcomm' (in 'Qualcomm Multiple Chipsets') | CVE: CVE-2025-21480 | Qualcomm Multiple Chipsets | Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability | KEV added: 2025-06-03 | KEV due: 2025-06-24 | Mapping: CWE mapping: CWE-863 → THR-009
EXP-KEV-0188Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'qualcomm' (in 'Qualcomm Multiple Chipsets') | CVE: CVE-2025-27038 | Qualcomm Multiple Chipsets | Qualcomm Multiple Chipsets Use-After-Free Vulnerability | KEV added: 2025-06-03 | KEV due: 2025-06-24 | Mapping: CWE mapping: CWE-416 → THR-018
EXP-KEV-0189Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0190Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'connectwise' (in 'ConnectWise ScreenConnect') | CVE: CVE-2025-3935 | ConnectWise ScreenConnect | ConnectWise ScreenConnect Improper Authentication Vulnerability | KEV added: 2025-06-02 | KEV due: 2025-06-23 | Mapping: CWE mapping: CWE-287 → THR-009
EXP-KEV-0191Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'craft cms' (in 'Craft CMS Craft CMS') | CVE: CVE-2025-35939 | Craft CMS Craft CMS | Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability | KEV added: 2025-06-02 | KEV due: 2025-06-23 | Mapping: Product match: 'php' → THR-006
EXP-KEV-0192Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0193Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'asus' (in 'ASUS RT-AX55 Routers') | CVE: CVE-2023-39780 | ASUS RT-AX55 Routers | ASUS RT-AX55 Routers OS Command Injection Vulnerability | KEV added: 2025-06-02 | KEV due: 2025-06-23 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0194Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'samsung' (in 'Samsung MagicINFO 9 Server') | CVE: CVE-2025-4632 | Samsung MagicINFO 9 Server | Samsung MagicINFO 9 Server Path Traversal Vulnerability | KEV added: 2025-05-22 | KEV due: 2025-06-12 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0195Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'zkteco' (in 'ZKTeco BioTime') | CVE: CVE-2023-38950 | ZKTeco BioTime | ZKTeco BioTime Path Traversal Vulnerability | KEV added: 2025-05-19 | KEV due: 2025-06-09 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0196Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'synacor' (in 'Synacor Zimbra Collaboration Suite (ZCS)') | CVE: CVE-2024-27443 | Synacor Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability | KEV added: 2025-05-19 | KEV due: 2025-06-09 | Mapping: CWE mapping: CWE-79 → THR-060
EXP-KEV-0197Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'srimax' (in 'Srimax Output Messenger') | CVE: CVE-2025-27920 | Srimax Output Messenger | Srimax Output Messenger Directory Traversal Vulnerability | KEV added: 2025-05-19 | KEV due: 2025-06-09 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0198Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'mdaemon' (in 'MDaemon Email Server') | CVE: CVE-2024-11182 | MDaemon Email Server | MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability | KEV added: 2025-05-19 | KEV due: 2025-06-09 | Mapping: CWE mapping: CWE-79 → THR-060
EXP-KEV-0199Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Endpoint Manager Mobile (EPMM)') | CVE: CVE-2025-4428 | Ivanti Endpoint Manager Mobile (EPMM) | Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability | KEV added: 2025-05-19 | KEV due: 2025-06-09 | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-0200External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Endpoint Manager Mobile (EPMM)') | CVE: CVE-2025-4427 | Ivanti Endpoint Manager Mobile (EPMM) | Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability | KEV added: 2025-05-19 | KEV due: 2025-06-09 | Mapping: Product match: 'ivanti' → THR-005
EXP-KEV-0201Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sap' (in 'SAP NetWeaver') | CVE: CVE-2025-42999 | SAP NetWeaver | SAP NetWeaver Deserialization Vulnerability | KEV added: 2025-05-15 | KEV due: 2025-06-05 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0202Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'draytek' (in 'DrayTek Vigor Routers') | CVE: CVE-2024-12987 | DrayTek Vigor Routers | DrayTek Vigor Routers OS Command Injection Vulnerability | KEV added: 2025-05-15 | KEV due: 2025-06-05 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0209Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'geovision' (in 'GeoVision Multiple Devices') | CVE: CVE-2024-11120 | GeoVision Multiple Devices | GeoVision Devices OS Command Injection Vulnerability | KEV added: 2025-05-07 | KEV due: 2025-05-28 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0210Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'geovision' (in 'GeoVision Multiple Devices') | CVE: CVE-2024-6047 | GeoVision Multiple Devices | GeoVision Devices OS Command Injection Vulnerability | KEV added: 2025-05-07 | KEV due: 2025-05-28 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0211Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0212Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'commvault' (in 'Commvault Command Center') | CVE: CVE-2025-34028 | Commvault Command Center | Commvault Command Center Path Traversal Vulnerability | KEV added: 2025-05-02 | KEV due: 2025-05-23 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0214Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sonicwall' (in 'SonicWall SMA100 Appliances') | CVE: CVE-2023-44221 | SonicWall SMA100 Appliances | SonicWall SMA100 Appliances OS Command Injection Vulnerability | KEV added: 2025-05-01 | KEV due: 2025-05-22 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0216Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'broadcom' (in 'Broadcom Brocade Fabric OS') | CVE: CVE-2025-1976 | Broadcom Brocade Fabric OS | Broadcom Brocade Fabric OS Code Injection Vulnerability | KEV added: 2025-04-28 | KEV due: 2025-05-19 | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-0217Ransomware (Data Encrypted) (T1486)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'commvault' (in 'Commvault Web Server') | CVE: CVE-2025-3928 | Commvault Web Server | Commvault Web Server Unspecified Vulnerability | KEV added: 2025-04-28 | KEV due: 2025-05-19 | Mapping: Product match: 'commvault' → THR-040
EXP-KEV-0221Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sonicwall' (in 'SonicWall SMA100 Appliances') | CVE: CVE-2021-20035 | SonicWall SMA100 Appliances | SonicWall SMA100 Appliances OS Command Injection Vulnerability | KEV added: 2025-04-16 | KEV due: 2025-05-07 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0228Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sitecore' (in 'Sitecore CMS and Experience Platform (XP)') | CVE: CVE-2019-9875 | Sitecore CMS and Experience Platform (XP) | Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability | KEV added: 2025-03-26 | KEV due: 2025-04-16 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0229Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sitecore' (in 'Sitecore CMS and Experience Platform (XP)') | CVE: CVE-2019-9874 | Sitecore CMS and Experience Platform (XP) | Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability | KEV added: 2025-03-26 | KEV due: 2025-04-16 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0230Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sap' (in 'SAP NetWeaver') | CVE: CVE-2017-12637 | SAP NetWeaver | SAP NetWeaver Directory Traversal Vulnerability | KEV added: 2025-03-19 | KEV due: 2025-04-09 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0231Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'edimax' (in 'Edimax IC-7100 IP Camera') | CVE: CVE-2025-1316 | Edimax IC-7100 IP Camera | Edimax IC-7100 IP Camera OS Command Injection Vulnerability | KEV added: 2025-03-19 | KEV due: 2025-04-09 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0240External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Endpoint Manager (EPM)') | CVE: CVE-2024-13161 | Ivanti Endpoint Manager (EPM) | Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability | KEV added: 2025-03-10 | KEV due: 2025-03-31 | Mapping: Product match: 'ivanti' → THR-005
EXP-KEV-0241External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Endpoint Manager (EPM)') | CVE: CVE-2024-13160 | Ivanti Endpoint Manager (EPM) | Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability | KEV added: 2025-03-10 | KEV due: 2025-03-31 | Mapping: Product match: 'ivanti' → THR-005
EXP-KEV-0242External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Endpoint Manager (EPM)') | CVE: CVE-2024-13159 | Ivanti Endpoint Manager (EPM) | Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability | KEV added: 2025-03-10 | KEV due: 2025-03-31 | Mapping: Product match: 'ivanti' → THR-005
EXP-KEV-0243Web Shell (T1505.003)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'advantive' (in 'Advantive VeraCore') | CVE: CVE-2024-57968 | Advantive VeraCore | Advantive VeraCore Unrestricted File Upload Vulnerability | KEV added: 2025-03-10 | KEV due: 2025-03-31 | Mapping: CWE mapping: CWE-434 → THR-017
EXP-KEV-0244SQL Injection (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'advantive' (in 'Advantive VeraCore') | CVE: CVE-2025-25181 | Advantive VeraCore | Advantive VeraCore SQL Injection Vulnerability | KEV added: 2025-03-10 | KEV due: 2025-03-31 | Mapping: CWE mapping: CWE-89 → THR-059
EXP-KEV-0245Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'vmware' (in 'VMware ESXi, Workstation, and Fusion') | CVE: CVE-2025-22226 | VMware ESXi, Workstation, and Fusion | VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability | KEV added: 2025-03-04 | KEV due: 2025-03-25 | Mapping: CWE mapping: CWE-125 → THR-018
EXP-KEV-0247Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'progress' (in 'Progress WhatsUp Gold') | CVE: CVE-2024-4885 | Progress WhatsUp Gold | Progress WhatsUp Gold Path Traversal Vulnerability | KEV added: 2025-03-03 | KEV due: 2025-03-24 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0249Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'hitachi' (in 'Hitachi Vantara Pentaho Business Analytics (BA) Server') | CVE: CVE-2022-43769 | Hitachi Vantara Pentaho Business Analytics (BA) Server | Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability | KEV added: 2025-03-03 | KEV due: 2025-03-24 | Mapping: Product match: 'spring' → THR-006
EXP-KEV-0250Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Small Business RV Series Routers') | CVE: CVE-2023-20118 | Cisco Small Business RV Series Routers | Cisco Small Business RV Series Routers Command Injection Vulnerability | KEV added: 2025-03-03 | KEV due: 2025-03-24 | Mapping: CWE mapping: CWE-77 → THR-010
EXP-KEV-0251Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'synacor' (in 'Synacor Zimbra Collaboration Suite (ZCS)') | CVE: CVE-2023-34192 | Synacor Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability | KEV added: 2025-02-25 | KEV due: 2025-03-18 | Mapping: CWE mapping: CWE-79 → THR-060
EXP-KEV-0252Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft partner center' (in 'Microsoft Partner Center') | CVE: CVE-2024-49035 | Microsoft Partner Center | Microsoft Partner Center Improper Access Control Vulnerability | KEV added: 2025-02-25 | KEV due: 2025-03-18 | Mapping: CWE mapping: CWE-269 → THR-018
EXP-KEV-0253Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Agile Product Lifecycle Management (PLM)') | CVE: CVE-2024-20953 | Oracle Agile Product Lifecycle Management (PLM) | Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability | KEV added: 2025-02-24 | KEV due: 2025-03-17 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0254Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe coldfusion' (in 'Adobe ColdFusion') | CVE: CVE-2017-3066 | Adobe ColdFusion | Adobe ColdFusion Deserialization Vulnerability | KEV added: 2025-02-24 | KEV due: 2025-03-17 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0256Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0261Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'zyxel' (in 'Zyxel DSL CPE Devices') | CVE: CVE-2024-40891 | Zyxel DSL CPE Devices | Zyxel DSL CPE OS Command Injection Vulnerability | KEV added: 2025-02-11 | KEV due: 2025-03-04 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0262Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'zyxel' (in 'Zyxel DSL CPE Devices') | CVE: CVE-2024-40890 | Zyxel DSL CPE Devices | Zyxel DSL CPE OS Command Injection Vulnerability | KEV added: 2025-02-11 | KEV due: 2025-03-04 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0265Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'trimble' (in 'Trimble Cityworks') | CVE: CVE-2025-0994 | Trimble Cityworks | Trimble Cityworks Deserialization Vulnerability | KEV added: 2025-02-07 | KEV due: 2025-02-28 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0266SQL Injection (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0269Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'paessler' (in 'Paessler PRTG Network Monitor') | CVE: CVE-2018-9276 | Paessler PRTG Network Monitor | Paessler PRTG Network Monitor OS Command Injection Vulnerability | KEV added: 2025-02-04 | KEV due: 2025-02-25 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0270Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'apache ofbiz' (in 'Apache OFBiz') | CVE: CVE-2024-45195 | Apache OFBiz | Apache OFBiz Forced Browsing Vulnerability | KEV added: 2025-02-04 | KEV due: 2025-02-25 | Mapping: Product match: 'apache' → THR-006
EXP-KEV-0273Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0274Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'aviatrix' (in 'Aviatrix Controllers') | CVE: CVE-2024-50603 | Aviatrix Controllers | Aviatrix Controllers OS Command Injection Vulnerability | KEV added: 2025-01-16 | KEV due: 2025-02-06 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0279Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'beyondtrust' (in 'BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS)') | CVE: CVE-2024-12686 | BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) | BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability | KEV added: 2025-01-13 | KEV due: 2025-02-03 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0284Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'beyondtrust' (in 'BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS)') | CVE: CVE-2024-12356 | BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) | BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability | KEV added: 2024-12-19 | KEV due: 2024-12-27 | Mapping: CWE mapping: CWE-77 → THR-010
EXP-KEV-0285Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'reolink' (in 'Reolink RLC-410W IP Camera') | CVE: CVE-2021-40407 | Reolink RLC-410W IP Camera | Reolink RLC-410W IP Camera OS Command Injection Vulnerability | KEV added: 2024-12-18 | KEV due: 2025-01-08 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0286Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'reolink' (in 'Reolink Multiple IP Cameras') | CVE: CVE-2019-11001 | Reolink Multiple IP Cameras | Reolink Multiple IP Cameras OS Command Injection Vulnerability | KEV added: 2024-12-18 | KEV due: 2025-01-08 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0287Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'nuuo' (in 'NUUO NVRmini Devices') | CVE: CVE-2018-14933 | NUUO NVRmini Devices | NUUO NVRmini Devices OS Command Injection Vulnerability | KEV added: 2024-12-18 | KEV due: 2025-01-08 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0293Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'projectsend' (in 'ProjectSend ProjectSend') | CVE: CVE-2024-11680 | ProjectSend ProjectSend | ProjectSend Improper Authentication Vulnerability | KEV added: 2024-12-03 | KEV due: 2024-12-24 | Mapping: CWE mapping: CWE-287 → THR-009
EXP-KEV-0295Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Agile Product Lifecycle Management (PLM)') | CVE: CVE-2024-21287 | Oracle Agile Product Lifecycle Management (PLM) | Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability | KEV added: 2024-11-21 | KEV due: 2024-12-12 | Mapping: CWE mapping: CWE-863 → THR-009
EXP-KEV-0300Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'progress' (in 'Progress Kemp LoadMaster') | CVE: CVE-2024-1212 | Progress Kemp LoadMaster | Progress Kemp LoadMaster OS Command Injection Vulnerability | KEV added: 2024-11-18 | KEV due: 2024-12-09 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0304Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Adaptive Security Appliance (ASA)') | CVE: CVE-2014-2120 | Cisco Adaptive Security Appliance (ASA) | Cisco Adaptive Security Appliance (ASA) Cross-Site Scripting (XSS) Vulnerability | KEV added: 2024-11-12 | KEV due: 2024-12-03 | Mapping: CWE mapping: CWE-79 → THR-060
EXP-KEV-0307Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'nostromo' (in 'Nostromo nhttpd') | CVE: CVE-2019-16278 | Nostromo nhttpd | Nostromo nhttpd Directory Traversal Vulnerability | KEV added: 2024-11-07 | KEV due: 2024-11-28 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0310Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ptzoptics' (in 'PTZOptics PT30X-SDI/NDI Cameras') | CVE: CVE-2024-8956 | PTZOptics PT30X-SDI/NDI Cameras | PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability | KEV added: 2024-11-04 | KEV due: 2024-11-25 | Mapping: CWE mapping: CWE-287 → THR-009
EXP-KEV-0311Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ptzoptics' (in 'PTZOptics PT30X-SDI/NDI Cameras') | CVE: CVE-2024-8957 | PTZOptics PT30X-SDI/NDI Cameras | PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability | KEV added: 2024-11-04 | KEV due: 2024-11-25 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0312Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'roundcube' (in 'Roundcube Webmail') | CVE: CVE-2024-37383 | Roundcube Webmail | RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability | KEV added: 2024-10-24 | KEV due: 2024-11-14 | Mapping: CWE mapping: CWE-79 → THR-060
EXP-KEV-0313External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)') | CVE: CVE-2024-20481 | Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) | Cisco ASA and FTD Denial-of-Service Vulnerability | KEV added: 2024-10-24 | KEV due: 2024-11-14 | Mapping: Product match: 'vpn' → THR-005
EXP-KEV-0314External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'fortimanager' (in 'Fortinet FortiManager') | CVE: CVE-2024-47575 | Fortinet FortiManager | Fortinet FortiManager Missing Authentication Vulnerability | KEV added: 2024-10-23 | KEV due: 2024-11-13 | Mapping: Product match: 'fortinet' → THR-005
EXP-KEV-0319Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Cloud Services Appliance (CSA)') | CVE: CVE-2024-9380 | Ivanti Cloud Services Appliance (CSA) | Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability | KEV added: 2024-10-09 | KEV due: 2024-10-30 | Mapping: CWE mapping: CWE-77 → THR-010
EXP-KEV-0320SQL Injection (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Cloud Services Appliance (CSA)') | CVE: CVE-2024-9379 | Ivanti Cloud Services Appliance (CSA) | Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability | KEV added: 2024-10-09 | KEV due: 2024-10-30 | Mapping: CWE mapping: CWE-89 → THR-059
EXP-KEV-0324Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'qualcomm' (in 'Qualcomm Multiple Chipsets') | CVE: CVE-2024-43047 | Qualcomm Multiple Chipsets | Qualcomm Multiple Chipsets Use-After-Free Vulnerability | KEV added: 2024-10-08 | KEV due: 2024-10-29 | Mapping: CWE mapping: CWE-416 → THR-018
EXP-KEV-0325SQL Injection (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Endpoint Manager (EPM)') | CVE: CVE-2024-29824 | Ivanti Endpoint Manager (EPM) | Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability | KEV added: 2024-10-02 | KEV due: 2024-10-23 | Mapping: CWE mapping: CWE-89 → THR-059
EXP-KEV-0326Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sap' (in 'SAP Commerce Cloud') | CVE: CVE-2019-0344 | SAP Commerce Cloud | SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability | KEV added: 2024-09-30 | KEV due: 2024-10-21 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0327Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'draytek' (in 'DrayTek Multiple Vigor Routers') | CVE: CVE-2020-15415 | DrayTek Multiple Vigor Routers | DrayTek Multiple Vigor Routers OS Command Injection Vulnerability | KEV added: 2024-09-30 | KEV due: 2024-10-21 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0329Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Virtual Traffic Manager') | CVE: CVE-2024-7593 | Ivanti Virtual Traffic Manager | Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability | KEV added: 2024-09-24 | KEV due: 2024-10-15 | Mapping: CWE mapping: CWE-287 → THR-009
EXP-KEV-0330Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Cloud Services Appliance (CSA)') | CVE: CVE-2024-8963 | Ivanti Cloud Services Appliance (CSA) | Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability | KEV added: 2024-09-19 | KEV due: 2024-10-10 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0331Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle ADF Faces') | CVE: CVE-2022-21445 | Oracle ADF Faces | Oracle ADF Faces Deserialization of Untrusted Data Vulnerability | KEV added: 2024-09-18 | KEV due: 2024-10-09 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0333Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'apache hugegraph' (in 'Apache HugeGraph-Server') | CVE: CVE-2024-27348 | Apache HugeGraph-Server | Apache HugeGraph-Server Improper Access Control Vulnerability | KEV added: 2024-09-18 | KEV due: 2024-10-09 | Mapping: Product match: 'apache' → THR-006
EXP-KEV-0334Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2014-0502 | Adobe Flash Player | Adobe Flash Player Double Free Vulnerablity | KEV added: 2024-09-17 | KEV due: 2024-10-08 | Mapping: Product match: 'flash' → THR-004
EXP-KEV-0335Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2013-0648 | Adobe Flash Player | Adobe Flash Player Code Execution Vulnerability | KEV added: 2024-09-17 | KEV due: 2024-10-08 | Mapping: Product match: 'flash' → THR-004
EXP-KEV-0336Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2013-0643 | Adobe Flash Player | Adobe Flash Player Incorrect Default Permissions Vulnerability | KEV added: 2024-09-17 | KEV due: 2024-10-08 | Mapping: Product match: 'firefox' → THR-004
EXP-KEV-0337Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2014-0497 | Adobe Flash Player | Adobe Flash Player Integer Underflow Vulnerablity | KEV added: 2024-09-17 | KEV due: 2024-10-08 | Mapping: Product match: 'flash' → THR-004
EXP-KEV-0340Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Cloud Services Appliance') | CVE: CVE-2024-8190 | Ivanti Cloud Services Appliance | Ivanti Cloud Services Appliance OS Command Injection Vulnerability | KEV added: 2024-09-13 | KEV due: 2024-10-04 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0345Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'imagemagick' (in 'ImageMagick ImageMagick') | CVE: CVE-2016-3714 | ImageMagick ImageMagick | ImageMagick Improper Input Validation Vulnerability | KEV added: 2024-09-09 | KEV due: 2024-09-30 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0346Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'kingsoft' (in 'Kingsoft WPS Office') | CVE: CVE-2024-7262 | Kingsoft WPS Office | Kingsoft WPS Office Path Traversal Vulnerability | KEV added: 2024-09-03 | KEV due: 2024-09-24 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0347Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'draytek' (in 'DrayTek VigorConnect') | CVE: CVE-2021-20124 | DrayTek VigorConnect | Draytek VigorConnect Path Traversal Vulnerability | KEV added: 2024-09-03 | KEV due: 2024-09-24 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0348Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'draytek' (in 'DrayTek VigorConnect') | CVE: CVE-2021-20123 | DrayTek VigorConnect | Draytek VigorConnect Path Traversal Vulnerability | KEV added: 2024-09-03 | KEV due: 2024-09-24 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0350Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0352Web Shell (T1505.003)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0353Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft exchange' (in 'Microsoft Exchange Server') | CVE: CVE-2021-31196 | Microsoft Exchange Server | Microsoft Exchange Server Information Disclosure Vulnerability | KEV added: 2024-08-21 | KEV due: 2024-09-11 | Mapping: Product match: 'exchange' → THR-006
EXP-KEV-0355Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'dahua' (in 'Dahua IP Camera Firmware') | CVE: CVE-2021-33045 | Dahua IP Camera Firmware | Dahua IP Camera Authentication Bypass Vulnerability | KEV added: 2024-08-21 | KEV due: 2024-09-11 | Mapping: CWE mapping: CWE-287 → THR-009
EXP-KEV-0356Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'dahua' (in 'Dahua IP Camera Firmware') | CVE: CVE-2021-33044 | Dahua IP Camera Firmware | Dahua IP Camera Authentication Bypass Vulnerability | KEV added: 2024-08-21 | KEV due: 2024-09-11 | Mapping: CWE mapping: CWE-287 → THR-009
EXP-KEV-0358Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'solarwinds' (in 'SolarWinds Web Help Desk') | CVE: CVE-2024-28986 | SolarWinds Web Help Desk | SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability | KEV added: 2024-08-15 | KEV due: 2024-09-05 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0365Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'apache ofbiz' (in 'Apache OFBiz') | CVE: CVE-2024-32113 | Apache OFBiz | Apache OFBiz Path Traversal Vulnerability | KEV added: 2024-08-07 | KEV due: 2024-08-28 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0369Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2012-4792 | Microsoft Internet Explorer | Microsoft Internet Explorer Use-After-Free Vulnerability | KEV added: 2024-07-23 | KEV due: 2024-08-13 | Mapping: CWE mapping: CWE-416 → THR-018
EXP-KEV-0370Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'solarwinds' (in 'SolarWinds Serv-U') | CVE: CVE-2024-28995 | SolarWinds Serv-U | SolarWinds Serv-U Path Traversal Vulnerability | KEV added: 2024-07-17 | KEV due: 2024-08-07 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0371Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe commerce' (in 'Adobe Commerce and Magento Open Source') | CVE: CVE-2024-34102 | Adobe Commerce and Magento Open Source | Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability | KEV added: 2024-07-17 | KEV due: 2024-08-07 | Mapping: Product match: 'magento' → THR-006
EXP-KEV-0374Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0376Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0378Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'android pixel' (in 'Android Pixel') | CVE: CVE-2024-32896 | Android Pixel | Android Pixel Privilege Escalation Vulnerability | KEV added: 2024-06-13 | KEV due: 2024-07-04 | Mapping: Product match: 'android' → THR-018
EXP-KEV-0380Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'arm mali' (in 'Arm Mali GPU Kernel Driver') | CVE: CVE-2024-4610 | Arm Mali GPU Kernel Driver | Arm Mali GPU Kernel Driver Use-After-Free Vulnerability | KEV added: 2024-06-12 | KEV due: 2024-07-03 | Mapping: CWE mapping: CWE-416 → THR-018
EXP-KEV-0381Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle WebLogic Server') | CVE: CVE-2017-3506 | Oracle WebLogic Server | Oracle WebLogic Server OS Command Injection Vulnerability | KEV added: 2024-06-03 | KEV due: 2024-06-24 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0385Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'apache flink' (in 'Apache Flink') | CVE: CVE-2020-17519 | Apache Flink | Apache Flink Improper Access Control Vulnerability | KEV added: 2024-05-23 | KEV due: 2024-06-13 | Mapping: Product match: 'apache' → THR-006
EXP-KEV-0392Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'gitlab' (in 'GitLab GitLab CE/EE') | CVE: CVE-2023-7028 | GitLab GitLab CE/EE | GitLab Community and Enterprise Editions Improper Access Control Vulnerability | KEV added: 2024-05-01 | KEV due: 2024-05-22 | Mapping: Product match: 'gitlab' → THR-006
EXP-KEV-0393Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)') | CVE: CVE-2024-20359 | Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) | Cisco ASA and FTD Privilege Escalation Vulnerability | KEV added: 2024-04-24 | KEV due: 2024-05-01 | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-0394External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)') | CVE: CVE-2024-20353 | Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) | Cisco ASA and FTD Denial of Service Vulnerability | KEV added: 2024-04-24 | KEV due: 2024-05-01 | Mapping: Product match: 'cisco asa' → THR-005
EXP-KEV-0398Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'android pixel' (in 'Android Pixel') | CVE: CVE-2024-29748 | Android Pixel | Android Pixel Privilege Escalation Vulnerability | KEV added: 2024-04-04 | KEV due: 2024-04-25 | Mapping: Product match: 'android' → THR-018
EXP-KEV-0399Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'android pixel' (in 'Android Pixel') | CVE: CVE-2024-29745 | Android Pixel | Android Pixel Information Disclosure Vulnerability | KEV added: 2024-04-04 | KEV due: 2024-04-25 | Mapping: Product match: 'flash' → THR-004
EXP-KEV-0401Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'nice linear' (in 'Nice Linear eMerge E3-Series') | CVE: CVE-2019-7256 | Nice Linear eMerge E3-Series | Nice Linear eMerge E3-Series OS Command Injection Vulnerability | KEV added: 2024-03-25 | KEV due: 2024-04-15 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0406Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'android pixel' (in 'Android Pixel') | CVE: CVE-2023-21237 | Android Pixel | Android Pixel Information Disclosure Vulnerability | KEV added: 2024-03-05 | KEV due: 2024-03-26 | Mapping: Product match: 'android' → THR-018
EXP-KEV-0407Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sunhillo' (in 'Sunhillo SureLine') | CVE: CVE-2021-36380 | Sunhillo SureLine | Sunhillo SureLine OS Command Injection Vulnerablity | KEV added: 2024-03-05 | KEV due: 2024-03-26 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0410Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft exchange' (in 'Microsoft Exchange Server') | CVE: CVE-2024-21410 | Microsoft Exchange Server | Microsoft Exchange Server Privilege Escalation Vulnerability | KEV added: 2024-02-15 | KEV due: 2024-03-07 | Mapping: CWE mapping: CWE-287 → THR-009
EXP-KEV-0413Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'roundcube' (in 'Roundcube Webmail') | CVE: CVE-2023-43770 | Roundcube Webmail | Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability | KEV added: 2024-02-12 | KEV due: 2024-03-04 | Mapping: CWE mapping: CWE-79 → THR-060
EXP-KEV-0420Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'vmware' (in 'VMware vCenter Server') | CVE: CVE-2023-34048 | VMware vCenter Server | VMware vCenter Server Out-of-Bounds Write Vulnerability | KEV added: 2024-01-22 | KEV due: 2024-02-12 | Mapping: CWE mapping: CWE-787 → THR-018
EXP-KEV-0423Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'citrix' (in 'Citrix NetScaler ADC and NetScaler Gateway') | CVE: CVE-2023-6549 | Citrix NetScaler ADC and NetScaler Gateway | Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability | KEV added: 2024-01-17 | KEV due: 2024-02-07 | Mapping: CWE mapping: CWE-119 → THR-018
EXP-KEV-0424Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'citrix' (in 'Citrix NetScaler ADC and NetScaler Gateway') | CVE: CVE-2023-6548 | Citrix NetScaler ADC and NetScaler Gateway | Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability | KEV added: 2024-01-17 | KEV due: 2024-01-24 | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-0425Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'laravel' (in 'Laravel Laravel Framework') | CVE: CVE-2018-15133 | Laravel Laravel Framework | Laravel Deserialization of Untrusted Data Vulnerability | KEV added: 2024-01-16 | KEV due: 2024-02-06 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0429Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'joomla' (in 'Joomla! Joomla!') | CVE: CVE-2023-23752 | Joomla! Joomla! | Joomla! Improper Access Control Vulnerability | KEV added: 2024-01-08 | KEV due: 2024-01-29 | Mapping: Product match: 'joomla' → THR-006
EXP-KEV-0432Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'apache superset' (in 'Apache Superset') | CVE: CVE-2023-27524 | Apache Superset | Apache Superset Insecure Default Initialization of Resource Vulnerability | KEV added: 2024-01-08 | KEV due: 2024-01-29 | Mapping: Product match: 'apache' → THR-006
EXP-KEV-0435Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'webrtc' (in 'Google Chromium WebRTC') | CVE: CVE-2023-7024 | Google Chromium WebRTC | Google Chromium WebRTC Heap Buffer Overflow Vulnerability | KEV added: 2024-01-02 | KEV due: 2024-01-23 | Mapping: CWE mapping: CWE-787 → THR-018
EXP-KEV-0436Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'fxc' (in 'FXC AE1021, AE1021PE') | CVE: CVE-2023-49897 | FXC AE1021, AE1021PE | FXC AE1021, AE1021PE OS Command Injection Vulnerability | KEV added: 2023-12-21 | KEV due: 2024-01-11 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0437Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0439Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'qualcomm' (in 'Qualcomm Multiple Chipsets') | CVE: CVE-2023-33107 | Qualcomm Multiple Chipsets | Qualcomm Multiple Chipsets Integer Overflow Vulnerability | KEV added: 2023-12-05 | KEV due: 2023-12-26 | Mapping: Product match: 'linux' → THR-018
EXP-KEV-0440Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'qualcomm' (in 'Qualcomm Multiple Chipsets') | CVE: CVE-2023-33063 | Qualcomm Multiple Chipsets | Qualcomm Multiple Chipsets Use-After-Free Vulnerability | KEV added: 2023-12-05 | KEV due: 2023-12-26 | Mapping: CWE mapping: CWE-416 → THR-018
EXP-KEV-0441Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'qualcomm' (in 'Qualcomm Multiple Chipsets') | CVE: CVE-2022-22071 | Qualcomm Multiple Chipsets | Qualcomm Multiple Chipsets Use-After-Free Vulnerability | KEV added: 2023-12-05 | KEV due: 2023-12-26 | Mapping: CWE mapping: CWE-416 → THR-018
EXP-KEV-0445Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'owncloud' (in 'ownCloud ownCloud graphapi') | CVE: CVE-2023-49103 | ownCloud ownCloud graphapi | ownCloud graphapi Information Disclosure Vulnerability | KEV added: 2023-11-30 | KEV due: 2023-12-21 | Mapping: Product match: 'php' → THR-006
EXP-KEV-0447Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sophos' (in 'Sophos Web Appliance') | CVE: CVE-2023-1671 | Sophos Web Appliance | Sophos Web Appliance Command Injection Vulnerability | KEV added: 2023-11-16 | KEV due: 2023-12-07 | Mapping: CWE mapping: CWE-77 → THR-010
EXP-KEV-0452Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'juniper' (in 'Juniper Junos OS') | CVE: CVE-2023-36844 | Juniper Junos OS | Juniper Junos OS EX Series PHP External Variable Modification Vulnerability | KEV added: 2023-11-13 | KEV due: 2023-11-17 | Mapping: Product match: 'php' → THR-006
EXP-KEV-0453Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'juniper' (in 'Juniper Junos OS') | CVE: CVE-2023-36845 | Juniper Junos OS | Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability | KEV added: 2023-11-13 | KEV due: 2023-11-17 | Mapping: Product match: 'php' → THR-006
EXP-KEV-0454Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'juniper' (in 'Juniper Junos OS') | CVE: CVE-2023-36846 | Juniper Junos OS | Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability | KEV added: 2023-11-13 | KEV due: 2023-11-17 | Mapping: Product match: 'php' → THR-006
EXP-KEV-0455Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'juniper' (in 'Juniper Junos OS') | CVE: CVE-2023-36847 | Juniper Junos OS | Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability | KEV added: 2023-11-13 | KEV due: 2023-11-17 | Mapping: Product match: 'php' → THR-006
EXP-KEV-0456Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'juniper' (in 'Juniper Junos OS') | CVE: CVE-2023-36851 | Juniper Junos OS | Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability | KEV added: 2023-11-13 | KEV due: 2023-11-17 | Mapping: Product match: 'php' → THR-006
EXP-KEV-0459SQL Injection (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'f5' (in 'F5 BIG-IP Configuration Utility') | CVE: CVE-2023-46748 | F5 BIG-IP Configuration Utility | F5 BIG-IP Configuration Utility SQL Injection Vulnerability | KEV added: 2023-10-31 | KEV due: 2023-11-21 | Mapping: CWE mapping: CWE-89 → THR-059
EXP-KEV-0460Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'roundcube' (in 'Roundcube Webmail') | CVE: CVE-2023-5631 | Roundcube Webmail | Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability | KEV added: 2023-10-26 | KEV due: 2023-11-16 | Mapping: CWE mapping: CWE-79 → THR-060
EXP-KEV-0461Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Cisco IOS XE Web UI') | CVE: CVE-2023-20273 | Cisco Cisco IOS XE Web UI | Cisco IOS XE Web UI Command Injection Vulnerability | KEV added: 2023-10-23 | KEV due: 2023-10-27 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0463External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS XE Web UI') | CVE: CVE-2023-20198 | Cisco IOS XE Web UI | Cisco IOS XE Web UI Privilege Escalation Vulnerability | KEV added: 2023-10-16 | KEV due: 2023-10-20 | Mapping: Product match: 'cisco ios' → THR-005
EXP-KEV-0465Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS and IOS XE') | CVE: CVE-2023-20109 | Cisco IOS and IOS XE | Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerability | KEV added: 2023-10-10 | KEV due: 2023-10-31 | Mapping: CWE mapping: CWE-787 → THR-018
EXP-KEV-0472Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'arm mali' (in 'Arm Mali GPU Kernel Driver') | CVE: CVE-2023-4211 | Arm Mali GPU Kernel Driver | Arm Mali GPU Kernel Driver Use-After-Free Vulnerability | KEV added: 2023-10-03 | KEV due: 2023-10-24 | Mapping: CWE mapping: CWE-416 → THR-018
EXP-KEV-0474Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'red hat' (in 'Red Hat JBoss RichFaces Framework') | CVE: CVE-2018-14667 | Red Hat JBoss RichFaces Framework | Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability | KEV added: 2023-09-28 | KEV due: 2023-10-19 | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-0478Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0479Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'realtek' (in 'Realtek SDK') | CVE: CVE-2014-8361 | Realtek SDK | Realtek SDK Improper Input Validation Vulnerability | KEV added: 2023-09-18 | KEV due: 2023-10-09 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0488Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'apache rocketmq' (in 'Apache RocketMQ') | CVE: CVE-2023-33246 | Apache RocketMQ | Apache RocketMQ Command Execution Vulnerability | KEV added: 2023-09-06 | KEV due: 2023-09-27 | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-0489Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ignite realtime' (in 'Ignite Realtime Openfire') | CVE: CVE-2023-32315 | Ignite Realtime Openfire | Ignite Realtime Openfire Path Traversal Vulnerability | KEV added: 2023-08-24 | KEV due: 2023-09-14 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0492Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe coldfusion' (in 'Adobe ColdFusion') | CVE: CVE-2023-26359 | Adobe ColdFusion | Adobe ColdFusion Deserialization of Untrusted Data Vulnerability | KEV added: 2023-08-21 | KEV due: 2023-09-11 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0493Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'zyxel' (in 'Zyxel P660HN-T1A Routers') | CVE: CVE-2017-18368 | Zyxel P660HN-T1A Routers | Zyxel P660HN-T1A Routers Command Injection Vulnerability | KEV added: 2023-08-07 | KEV due: 2023-08-28 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0494Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Endpoint Manager Mobile (EPMM)') | CVE: CVE-2023-35081 | Ivanti Endpoint Manager Mobile (EPMM) | Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability | KEV added: 2023-07-31 | KEV due: 2023-08-21 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0495Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'synacor' (in 'Synacor Zimbra Collaboration Suite (ZCS)') | CVE: CVE-2023-37580 | Synacor Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability | KEV added: 2023-07-27 | KEV due: 2023-08-17 | Mapping: CWE mapping: CWE-79 → THR-060
EXP-KEV-0500Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'solarview' (in 'SolarView Compact') | CVE: CVE-2022-29303 | SolarView Compact | SolarView Compact Command Injection Vulnerability | KEV added: 2023-07-13 | KEV due: 2023-08-03 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0507Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'arm mali' (in 'Arm Mali Graphics Processing Unit (GPU)') | CVE: CVE-2021-29256 | Arm Mali Graphics Processing Unit (GPU) | Arm Mali GPU Kernel Driver Use-After-Free Vulnerability | KEV added: 2023-07-07 | KEV due: 2023-07-28 | Mapping: CWE mapping: CWE-416 → THR-018
EXP-KEV-0510Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'samsung' (in 'Samsung Mobile Devices') | CVE: CVE-2021-25487 | Samsung Mobile Devices | Samsung Mobile Devices Out-of-Bounds Read Vulnerability | KEV added: 2023-06-29 | KEV due: 2023-07-20 | Mapping: CWE mapping: CWE-125 → THR-018
EXP-KEV-0511Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'samsung' (in 'Samsung Mobile Devices') | CVE: CVE-2021-25489 | Samsung Mobile Devices | Samsung Mobile Devices Improper Input Validation Vulnerability | KEV added: 2023-06-29 | KEV due: 2023-07-20 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0512Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'samsung' (in 'Samsung Mobile Devices') | CVE: CVE-2021-25394 | Samsung Mobile Devices | Samsung Mobile Devices Race Condition Vulnerability | KEV added: 2023-06-29 | KEV due: 2023-07-20 | Mapping: CWE mapping: CWE-416 → THR-018
EXP-KEV-0513Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'samsung' (in 'Samsung Mobile Devices') | CVE: CVE-2021-25372 | Samsung Mobile Devices | Samsung Mobile Devices Improper Boundary Check Vulnerability | KEV added: 2023-06-29 | KEV due: 2023-07-20 | Mapping: CWE mapping: CWE-787 → THR-018
EXP-KEV-0517Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0518Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'zyxel' (in 'Zyxel Multiple Network-Attached Storage (NAS) Devices') | CVE: CVE-2023-27992 | Zyxel Multiple Network-Attached Storage (NAS) Devices | Zyxel Multiple NAS Devices Command Injection Vulnerability | KEV added: 2023-06-23 | KEV due: 2023-07-14 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0519Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'vmware' (in 'VMware Aria Operations for Networks') | CVE: CVE-2023-20887 | VMware Aria Operations for Networks | Vmware Aria Operations for Networks Command Injection Vulnerability | KEV added: 2023-06-22 | KEV due: 2023-07-13 | Mapping: CWE mapping: CWE-77 → THR-010
EXP-KEV-0520Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'roundcube' (in 'Roundcube Roundcube Webmail') | CVE: CVE-2020-35730 | Roundcube Roundcube Webmail | Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability | KEV added: 2023-06-22 | KEV due: 2023-07-13 | Mapping: CWE mapping: CWE-79 → THR-060
EXP-KEV-0521Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'roundcube' (in 'Roundcube Roundcube Webmail') | CVE: CVE-2020-12641 | Roundcube Roundcube Webmail | Roundcube Webmail Remote Code Execution Vulnerability | KEV added: 2023-06-22 | KEV due: 2023-07-13 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0522SQL Injection (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'roundcube' (in 'Roundcube Roundcube Webmail') | CVE: CVE-2021-44026 | Roundcube Roundcube Webmail | Roundcube Webmail SQL Injection Vulnerability | KEV added: 2023-06-22 | KEV due: 2023-07-13 | Mapping: CWE mapping: CWE-89 → THR-059
EXP-KEV-0523Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'mozilla' (in 'Mozilla Firefox, Firefox ESR, and Thunderbird') | CVE: CVE-2016-9079 | Mozilla Firefox, Firefox ESR, and Thunderbird | Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability | KEV added: 2023-06-22 | KEV due: 2023-07-13 | Mapping: CWE mapping: CWE-416 → THR-018
EXP-KEV-0526External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'zyxel' (in 'Zyxel Multiple Firewalls') | CVE: CVE-2023-33009 | Zyxel Multiple Firewalls | Zyxel Multiple Firewalls Buffer Overflow Vulnerability | KEV added: 2023-06-05 | KEV due: 2023-06-26 | Mapping: Product match: 'vpn' → THR-005
EXP-KEV-0527External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'zyxel' (in 'Zyxel Multiple Firewalls') | CVE: CVE-2023-33010 | Zyxel Multiple Firewalls | Zyxel Multiple Firewalls Buffer Overflow Vulnerability | KEV added: 2023-06-05 | KEV due: 2023-06-26 | Mapping: Product match: 'vpn' → THR-005
EXP-KEV-0529Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'zyxel' (in 'Zyxel Multiple Firewalls') | CVE: CVE-2023-28771 | Zyxel Multiple Firewalls | Zyxel Multiple Firewalls OS Command Injection Vulnerability | KEV added: 2023-05-31 | KEV due: 2023-06-21 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0530Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'barracuda' (in 'Barracuda Networks Email Security Gateway (ESG) Appliance') | CVE: CVE-2023-2868 | Barracuda Networks Email Security Gateway (ESG) Appliance | Barracuda Networks ESG Appliance Improper Input Validation Vulnerability | KEV added: 2023-05-26 | KEV due: 2023-06-16 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0534External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0535Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS, IOS XR, and IOS XE') | CVE: CVE-2016-6415 | Cisco IOS, IOS XR, and IOS XE | Cisco IOS, IOS XR, and IOS XE IKEv1 Information Disclosure Vulnerability | KEV added: 2023-05-19 | KEV due: 2023-06-09 | Mapping: Product match: 'exchange' → THR-006
EXP-KEV-0536Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'samsung' (in 'Samsung Mobile Devices') | CVE: CVE-2023-21492 | Samsung Mobile Devices | Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability | KEV added: 2023-05-19 | KEV due: 2023-06-09 | Mapping: Product match: 'android' → THR-018
EXP-KEV-0537Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ruckus' (in 'Ruckus Wireless Multiple Products') | CVE: CVE-2023-25717 | Ruckus Wireless Multiple Products | Multiple Ruckus Wireless Products CSRF and RCE Vulnerability | KEV added: 2023-05-12 | KEV due: 2023-06-02 | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-0538Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0541Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'jenkins' (in 'Jenkins Jenkins User Interface (UI)') | CVE: CVE-2015-5317 | Jenkins Jenkins User Interface (UI) | Jenkins User Interface (UI) Information Disclosure Vulnerability | KEV added: 2023-05-12 | KEV due: 2023-06-02 | Mapping: Product match: 'jenkins' → THR-006
EXP-KEV-0544Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'tp-link' (in 'TP-Link Archer AX21') | CVE: CVE-2023-1389 | TP-Link Archer AX21 | TP-Link Archer AX-21 Command Injection Vulnerability | KEV added: 2023-05-01 | KEV due: 2023-05-22 | Mapping: CWE mapping: CWE-77 → THR-010
EXP-KEV-0547Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS and IOS XE Software') | CVE: CVE-2017-6742 | Cisco IOS and IOS XE Software | Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability | KEV added: 2023-04-19 | KEV due: 2023-05-10 | Mapping: CWE mapping: CWE-119 → THR-018
EXP-KEV-0551Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'novi' (in 'Novi Survey Novi Survey') | CVE: CVE-2023-29492 | Novi Survey Novi Survey | Novi Survey Insecure Deserialization Vulnerability | KEV added: 2023-04-13 | KEV due: 2023-05-04 | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-0559Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'synacor' (in 'Synacor Zimbra Collaboration Suite (ZCS)') | CVE: CVE-2022-27926 | Synacor Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability | KEV added: 2023-04-03 | KEV due: 2023-04-24 | Mapping: CWE mapping: CWE-79 → THR-060
EXP-KEV-0560Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2013-3163 | Microsoft Internet Explorer | Microsoft Internet Explorer Memory Corruption Vulnerability | KEV added: 2023-03-30 | KEV due: 2023-04-20 | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-0562Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'fortra' (in 'Fortra Cobalt Strike') | CVE: CVE-2022-42948 | Fortra Cobalt Strike | Fortra Cobalt Strike User Interface Remote Code Execution Vulnerability | KEV added: 2023-03-30 | KEV due: 2023-04-20 | Mapping: CWE mapping: CWE-79 → THR-060
EXP-KEV-0563Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'fortra' (in 'Fortra Cobalt Strike') | CVE: CVE-2022-39197 | Fortra Cobalt Strike | Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability | KEV added: 2023-03-30 | KEV due: 2023-04-20 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0565Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'arm mali' (in 'Arm Mali Graphics Processing Unit (GPU)') | CVE: CVE-2022-38181 | Arm Mali Graphics Processing Unit (GPU) | Arm Mali GPU Kernel Driver Use-After-Free Vulnerability | KEV added: 2023-03-30 | KEV due: 2023-04-20 | Mapping: CWE mapping: CWE-416 → THR-018
EXP-KEV-0568Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'arm mali' (in 'Arm Mali Graphics Processing Unit (GPU)') | CVE: CVE-2022-22706 | Arm Mali Graphics Processing Unit (GPU) | Arm Mali GPU Kernel Driver Unspecified Vulnerability | KEV added: 2023-03-30 | KEV due: 2023-04-20 | Mapping: CWE mapping: CWE-119 → THR-018
EXP-KEV-0572Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0573Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'plex' (in 'Plex Media Server') | CVE: CVE-2020-5741 | Plex Media Server | Plex Media Server Remote Code Execution Vulnerability | KEV added: 2023-03-10 | KEV due: 2023-03-31 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0574Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'zoho' (in 'Zoho ManageEngine') | CVE: CVE-2022-28810 | Zoho ManageEngine | Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability | KEV added: 2023-03-07 | KEV due: 2023-03-28 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0575Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0585Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sugarcrm' (in 'SugarCRM Multiple Products') | CVE: CVE-2023-22952 | SugarCRM Multiple Products | Multiple SugarCRM Products Remote Code Execution Vulnerability | KEV added: 2023-02-02 | KEV due: 2023-02-23 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0588Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cwp' (in 'CWP Control Web Panel') | CVE: CVE-2022-44877 | CWP Control Web Panel | CWP Control Web Panel OS Command Injection Vulnerability | KEV added: 2023-01-17 | KEV due: 2023-02-07 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0591Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'tibco' (in 'TIBCO JasperReports') | CVE: CVE-2018-5430 | TIBCO JasperReports | TIBCO JasperReports Server Information Disclosure Vulnerability | KEV added: 2022-12-29 | KEV due: 2023-01-19 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0592Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'tibco' (in 'TIBCO JasperReports') | CVE: CVE-2018-18809 | TIBCO JasperReports | TIBCO JasperReports Library Directory Traversal Vulnerability | KEV added: 2022-12-29 | KEV due: 2023-01-19 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0595Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'citrix' (in 'Citrix Application Delivery Controller (ADC) and Gateway') | CVE: CVE-2022-27518 | Citrix Application Delivery Controller (ADC) and Gateway | Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability | KEV added: 2022-12-13 | KEV due: 2023-01-03 | Mapping: Product match: 'saml' → THR-009
EXP-KEV-0599Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Fusion Middleware') | CVE: CVE-2021-35587 | Oracle Fusion Middleware | Oracle Fusion Middleware Unspecified Vulnerability | KEV added: 2022-11-28 | KEV due: 2022-12-19 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0606Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'samsung' (in 'Samsung Mobile Devices') | CVE: CVE-2021-25337 | Samsung Mobile Devices | Samsung Mobile Devices Improper Access Control Vulnerability | KEV added: 2022-11-08 | KEV due: 2022-11-29 | Mapping: CWE mapping: CWE-269 → THR-018
EXP-KEV-0607Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'samsung' (in 'Samsung Mobile Devices') | CVE: CVE-2021-25370 | Samsung Mobile Devices | Samsung Mobile Devices Memory Corruption Vulnerability | KEV added: 2022-11-08 | KEV due: 2022-11-29 | Mapping: CWE mapping: CWE-416 → THR-018
EXP-KEV-0612Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'synacor' (in 'Synacor Zimbra Collaboration Suite (ZCS)') | CVE: CVE-2022-41352 | Synacor Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability | KEV added: 2022-10-20 | KEV due: 2022-11-10 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0619Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0620Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'zoho' (in 'Zoho ManageEngine') | CVE: CVE-2022-35405 | Zoho ManageEngine | Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability | KEV added: 2022-09-22 | KEV due: 2022-10-13 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0622Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'code aurora' (in 'Code Aurora ACDB Audio Driver') | CVE: CVE-2013-2597 | Code Aurora ACDB Audio Driver | Code Aurora ACDB Audio Driver Stack-based Buffer Overflow Vulnerability | KEV added: 2022-09-15 | KEV due: 2022-10-06 | Mapping: CWE mapping: CWE-119 → THR-018
EXP-KEV-0631Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'mikrotik' (in 'MikroTik RouterOS') | CVE: CVE-2018-7445 | MikroTik RouterOS | MikroTik RouterOS Stack-Based Buffer Overflow Vulnerability | KEV added: 2022-09-08 | KEV due: 2022-09-29 | Mapping: CWE mapping: CWE-119 → THR-018
EXP-KEV-0633Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle WebLogic Server') | CVE: CVE-2018-2628 | Oracle WebLogic Server | Oracle WebLogic Server Unspecified Vulnerability | KEV added: 2022-09-08 | KEV due: 2022-09-29 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0637Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'apache couchdb' (in 'Apache CouchDB') | CVE: CVE-2022-24706 | Apache CouchDB | Apache CouchDB Insecure Default Initialization of Resource Vulnerability | KEV added: 2022-08-25 | KEV due: 2022-09-15 | Mapping: Product match: 'apache' → THR-006
EXP-KEV-0638Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'apache apisix' (in 'Apache APISIX') | CVE: CVE-2022-24112 | Apache APISIX | Apache APISIX Authentication Bypass Vulnerability | KEV added: 2022-08-25 | KEV due: 2022-09-15 | Mapping: Product match: 'apache' → THR-006
EXP-KEV-0639Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'vmware' (in 'VMware Tanzu Spring Cloud') | CVE: CVE-2022-22963 | VMware Tanzu Spring Cloud | VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability | KEV added: 2022-08-25 | KEV due: 2022-09-15 | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-0641Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'grafana' (in 'Grafana Labs Grafana') | CVE: CVE-2021-39226 | Grafana Labs Grafana | Grafana Authentication Bypass Vulnerability | KEV added: 2022-08-25 | KEV due: 2022-09-15 | Mapping: CWE mapping: CWE-287 → THR-009
EXP-KEV-0642Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'delta electronics' (in 'Delta Electronics DOPSoft 2') | CVE: CVE-2021-38406 | Delta Electronics DOPSoft 2 | Delta Electronics DOPSoft 2 Improper Input Validation Vulnerability | KEV added: 2022-08-25 | KEV due: 2022-09-15 | Mapping: CWE mapping: CWE-787 → THR-018
EXP-KEV-0644Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'pear' (in 'PEAR Archive_Tar') | CVE: CVE-2020-36193 | PEAR Archive_Tar | PEAR Archive_Tar Improper Link Resolution Vulnerability | KEV added: 2022-08-25 | KEV due: 2022-09-15 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0645Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'pear' (in 'PEAR Archive_Tar') | CVE: CVE-2020-28949 | PEAR Archive_Tar | PEAR Archive_Tar Deserialization of Untrusted Data Vulnerability | KEV added: 2022-08-25 | KEV due: 2022-09-15 | Mapping: Product match: 'drupal' → THR-006
EXP-KEV-0661Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'red hat' (in 'Red Hat Polkit') | CVE: CVE-2021-4034 | Red Hat Polkit | Red Hat Polkit Out-of-Bounds Read and Write Vulnerability | KEV added: 2022-06-27 | KEV due: 2022-07-18 | Mapping: CWE mapping: CWE-787 → THR-018
EXP-KEV-0668SQL Injection (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0674Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco RV Series Routers') | CVE: CVE-2019-15271 | Cisco RV Series Routers | Cisco RV Series Routers Deserialization of Untrusted Data Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0678Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'netgear' (in 'NETGEAR Multiple Devices') | CVE: CVE-2017-6862 | NETGEAR Multiple Devices | NETGEAR Multiple Devices Buffer Overflow Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Mapping: CWE mapping: CWE-119 → THR-018
EXP-KEV-0684Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2012-5054 | Adobe Flash Player | Adobe Flash Player Integer Overflow Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Mapping: Product match: 'flash' → THR-004
EXP-KEV-0686Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2012-0767 | Adobe Flash Player | Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Mapping: CWE mapping: CWE-79 → THR-060
EXP-KEV-0687Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2012-0754 | Adobe Flash Player | Adobe Flash Player Memory Corruption Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Mapping: CWE mapping: CWE-787 → THR-018
EXP-KEV-0690Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2011-0609 | Adobe Flash Player | Adobe Flash Player Unspecified Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Mapping: Product match: 'flash' → THR-004
EXP-KEV-0693Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2010-1297 | Adobe Flash Player | Adobe Flash Player Memory Corruption Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Mapping: CWE mapping: CWE-787 → THR-018
EXP-KEV-0702Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player and AIR') | CVE: CVE-2016-1010 | Adobe Flash Player and AIR | Adobe Flash Player and AIR Integer Overflow Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Mapping: Product match: 'flash' → THR-004
EXP-KEV-0703Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player and AIR') | CVE: CVE-2016-0984 | Adobe Flash Player and AIR | Adobe Flash Player and AIR Use-After-Free Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Mapping: CWE mapping: CWE-416 → THR-018
EXP-KEV-0705Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2015-0310 | Adobe Flash Player | Adobe Flash Player ASLR Bypass Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Mapping: Product match: 'flash' → THR-004
EXP-KEV-0708Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2015-2425 | Microsoft Internet Explorer | Microsoft Internet Explorer Memory Corruption Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Mapping: CWE mapping: CWE-119 → THR-018
EXP-KEV-0710Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'mozilla' (in 'Mozilla Firefox') | CVE: CVE-2015-4495 | Mozilla Firefox | Mozilla Firefox Security Feature Bypass Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Mapping: Product match: 'firefox' → THR-004
EXP-KEV-0711Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2015-8651 | Adobe Flash Player | Adobe Flash Player Integer Overflow Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Mapping: Product match: 'flash' → THR-004
EXP-KEV-0715Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2014-8439 | Adobe Flash Player | Adobe Flash Player Dereferenced Pointer Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Mapping: CWE mapping: CWE-119 → THR-018
EXP-KEV-0717Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft input method editor' (in 'Microsoft Input Method Editor (IME) Japanese') | CVE: CVE-2014-4077 | Microsoft Input Method Editor (IME) Japanese | Microsoft IME Japanese Privilege Escalation Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Mapping: Product match: 'windows' → THR-018
EXP-KEV-0719Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft silverlight' (in 'Microsoft Silverlight') | CVE: CVE-2013-3896 | Microsoft Silverlight | Microsoft Silverlight Information Disclosure Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0728Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2017-0149 | Microsoft Internet Explorer | Microsoft Internet Explorer Memory Corruption Vulnerability | KEV added: 2022-05-24 | KEV due: 2022-06-14 | Mapping: CWE mapping: CWE-119 → THR-018
EXP-KEV-0735Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Adaptive Security Appliance (ASA)') | CVE: CVE-2016-6366 | Cisco Adaptive Security Appliance (ASA) | Cisco Adaptive Security Appliance (ASA) SNMP Buffer Overflow Vulnerability | KEV added: 2022-05-24 | KEV due: 2022-06-14 | Mapping: CWE mapping: CWE-119 → THR-018
EXP-KEV-0736Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Adaptive Security Appliance (ASA)') | CVE: CVE-2016-6367 | Cisco Adaptive Security Appliance (ASA) | Cisco Adaptive Security Appliance (ASA) CLI Remote Code Execution Vulnerability | KEV added: 2022-05-24 | KEV due: 2022-06-14 | Mapping: CWE mapping: CWE-77 → THR-010
EXP-KEV-0737External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0748Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'mozilla' (in 'Mozilla Firefox and Thunderbird') | CVE: CVE-2019-11707 | Mozilla Firefox and Thunderbird | Mozilla Firefox and Thunderbird Type Confusion Vulnerability | KEV added: 2022-05-23 | KEV due: 2022-06-13 | Mapping: Product match: 'firefox' → THR-004
EXP-KEV-0749Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'mozilla' (in 'Mozilla Firefox and Thunderbird') | CVE: CVE-2019-11708 | Mozilla Firefox and Thunderbird | Mozilla Firefox and Thunderbird Sandbox Escape Vulnerability | KEV added: 2022-05-23 | KEV due: 2022-06-13 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0750Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0751Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'meta' (in 'Meta Platforms WhatsApp') | CVE: CVE-2019-18426 | Meta Platforms WhatsApp | WhatsApp Cross-Site Scripting Vulnerability | KEV added: 2022-05-23 | KEV due: 2022-06-13 | Mapping: CWE mapping: CWE-79 → THR-060
EXP-KEV-0754Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2018-5002 | Adobe Flash Player | Adobe Flash Player Stack-based Buffer Overflow Vulnerability | KEV added: 2022-05-23 | KEV due: 2022-06-13 | Mapping: CWE mapping: CWE-787 → THR-018
EXP-KEV-0756Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'zyxel' (in 'Zyxel Multiple Firewalls') | CVE: CVE-2022-30525 | Zyxel Multiple Firewalls | Zyxel Multiple Firewalls OS Command Injection Vulnerability | KEV added: 2022-05-16 | KEV due: 2022-06-06 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0757Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'vmware' (in 'VMware Spring Cloud Gateway') | CVE: CVE-2022-22947 | VMware Spring Cloud Gateway | VMware Spring Cloud Gateway Code Injection Vulnerability | KEV added: 2022-05-16 | KEV due: 2022-06-06 | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-0758Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2014-0322 | Microsoft Internet Explorer | Microsoft Internet Explorer Use-After-Free Vulnerability | KEV added: 2022-05-04 | KEV due: 2022-05-25 | Mapping: CWE mapping: CWE-416 → THR-018
EXP-KEV-0759Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0764Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'jenkins' (in 'Jenkins Script Security Plugin') | CVE: CVE-2019-1003029 | Jenkins Script Security Plugin | Jenkins Script Security Plugin Sandbox Bypass Vulnerability | KEV added: 2022-04-25 | KEV due: 2022-05-16 | Mapping: Product match: 'jenkins' → THR-006
EXP-KEV-0768Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'crestron' (in 'Crestron Multiple Products') | CVE: CVE-2019-3929 | Crestron Multiple Products | Crestron Multiple Products Command Injection Vulnerability | KEV added: 2022-04-15 | KEV due: 2022-05-06 | Mapping: CWE mapping: CWE-79 → THR-060
EXP-KEV-0770SQL Injection (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'schneider' (in 'Schneider Electric U.motion Builder') | CVE: CVE-2018-7841 | Schneider Electric U.motion Builder | Schneider Electric U.motion Builder SQL Injection Vulnerability | KEV added: 2022-04-15 | KEV due: 2022-05-06 | Mapping: CWE mapping: CWE-89 → THR-059
EXP-KEV-0771Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'trihedral' (in 'Trihedral VTScada (formerly VTS)') | CVE: CVE-2016-4523 | Trihedral VTScada (formerly VTS) | Trihedral VTScada (formerly VTS) Denial-of-Service Vulnerability | KEV added: 2022-04-15 | KEV due: 2022-05-06 | Mapping: CWE mapping: CWE-119 → THR-018
EXP-KEV-0772Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'indusoft' (in 'InduSoft Web Studio') | CVE: CVE-2014-0780 | InduSoft Web Studio | InduSoft Web Studio NTWebServer Directory Traversal Vulnerability | KEV added: 2022-04-15 | KEV due: 2022-05-06 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0773Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0774Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'alcatel' (in 'Alcatel OmniPCX Enterprise') | CVE: CVE-2007-3010 | Alcatel OmniPCX Enterprise | Alcatel OmniPCX Enterprise Remote Code Execution Vulnerability | KEV added: 2022-04-15 | KEV due: 2022-05-06 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0779Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2015-5123 | Adobe Flash Player | Adobe Flash Player Use-After-Free Vulnerability | KEV added: 2022-04-13 | KEV due: 2022-05-04 | Mapping: CWE mapping: CWE-416 → THR-018
EXP-KEV-0780Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2015-5122 | Adobe Flash Player | Adobe Flash Player Use-After-Free Vulnerability | KEV added: 2022-04-13 | KEV due: 2022-05-04 | Mapping: CWE mapping: CWE-416 → THR-018
EXP-KEV-0781Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2015-3113 | Adobe Flash Player | Adobe Flash Player Heap-Based Buffer Overflow Vulnerability | KEV added: 2022-04-13 | KEV due: 2022-05-04 | Mapping: CWE mapping: CWE-119 → THR-018
EXP-KEV-0782Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2015-2502 | Microsoft Internet Explorer | Microsoft Internet Explorer Memory Corruption Vulnerability | KEV added: 2022-04-13 | KEV due: 2022-05-04 | Mapping: CWE mapping: CWE-119 → THR-018
EXP-KEV-0783Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2015-0313 | Adobe Flash Player | Adobe Flash Player Use-After-Free Vulnerability | KEV added: 2022-04-13 | KEV due: 2022-05-04 | Mapping: CWE mapping: CWE-416 → THR-018
EXP-KEV-0784Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2015-0311 | Adobe Flash Player | Adobe Flash Player Remote Code Execution Vulnerability | KEV added: 2022-04-13 | KEV due: 2022-05-04 | Mapping: Product match: 'flash' → THR-004
EXP-KEV-0785Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2014-9163 | Adobe Flash Player | Adobe Flash Player Stack-Based Buffer Overflow Vulnerability | KEV added: 2022-04-13 | KEV due: 2022-05-04 | Mapping: Product match: 'flash' → THR-004
EXP-KEV-0788Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0789Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'checkbox' (in 'Checkbox Checkbox Survey') | CVE: CVE-2021-27852 | Checkbox Checkbox Survey | Checkbox Survey Deserialization of Untrusted Data Vulnerability | KEV added: 2022-04-11 | KEV due: 2022-05-02 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0791Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'qnap' (in 'QNAP QNAP Network-Attached Storage (NAS)') | CVE: CVE-2020-2509 | QNAP QNAP Network-Attached Storage (NAS) | QNAP Network-Attached Storage (NAS) Command Injection Vulnerability | KEV added: 2022-04-11 | KEV due: 2022-05-02 | Mapping: CWE mapping: CWE-77 → THR-010
EXP-KEV-0794Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'vmware' (in 'VMware Spring Framework') | CVE: CVE-2022-22965 | VMware Spring Framework | Spring Framework JDK 9+ Remote Code Execution Vulnerability | KEV added: 2022-04-04 | KEV due: 2022-04-25 | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-0800Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'dasan' (in 'Dasan Gigabit Passive Optical Network (GPON) Routers') | CVE: CVE-2018-10561 | Dasan Gigabit Passive Optical Network (GPON) Routers | Dasan GPON Routers Authentication Bypass Vulnerability | KEV added: 2022-03-31 | KEV due: 2022-04-21 | Mapping: CWE mapping: CWE-287 → THR-009
EXP-KEV-0802Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'redis' (in 'Redis Debian-specific Redis Servers') | CVE: CVE-2022-0543 | Redis Debian-specific Redis Servers | Debian-specific Redis Server Lua Sandbox Escape Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | Mapping: CWE mapping: CWE-862 → THR-009
EXP-KEV-0807Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sonicwall' (in 'SonicWall SMA100') | CVE: CVE-2019-7483 | SonicWall SMA100 | SonicWall SMA100 Directory Traversal Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0813Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2016-0189 | Microsoft Internet Explorer | Microsoft Internet Explorer Memory Corruption Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | Mapping: CWE mapping: CWE-119 → THR-018
EXP-KEV-0817Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2015-2419 | Microsoft Internet Explorer | Microsoft Internet Explorer Memory Corruption Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | Mapping: CWE mapping: CWE-119 → THR-018
EXP-KEV-0821Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'mozilla' (in 'Mozilla Firefox and Thunderbird') | CVE: CVE-2013-1690 | Mozilla Firefox and Thunderbird | Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | Mapping: CWE mapping: CWE-119 → THR-018
EXP-KEV-0822Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2012-2034 | Adobe Flash Player | Adobe Flash Player Memory Corruption Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | Mapping: CWE mapping: CWE-119 → THR-018
EXP-KEV-0828Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'zyxel' (in 'Zyxel Multiple Network-Attached Storage (NAS) Devices') | CVE: CVE-2020-9054 | Zyxel Multiple Network-Attached Storage (NAS) Devices | Zyxel Multiple NAS Devices OS Command Injection Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0829Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0830Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'vmware' (in 'VMware Tanzu Spring Cloud Configuration (Config) Server') | CVE: CVE-2020-5410 | VMware Tanzu Spring Cloud Configuration (Config) Server | VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: Product match: 'spring' → THR-006
EXP-KEV-0831Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0833Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0834Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'juniper' (in 'Juniper Junos OS') | CVE: CVE-2020-1631 | Juniper Junos OS | Juniper Junos OS Path Traversal Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0835Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'drupal' (in 'Drupal Core') | CVE: CVE-2019-6340 | Drupal Core | Drupal Core Remote Code Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0838Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'citrix' (in 'Citrix SD-WAN and NetScaler') | CVE: CVE-2019-12991 | Citrix SD-WAN and NetScaler | Citrix SD-WAN and NetScaler Command Injection Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0839SQL Injection (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'citrix' (in 'Citrix SD-WAN and NetScaler') | CVE: CVE-2019-12989 | Citrix SD-WAN and NetScaler | Citrix SD-WAN and NetScaler SQL Injection Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-89 → THR-059
EXP-KEV-0841Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'kentico' (in 'Kentico Xperience') | CVE: CVE-2019-10068 | Kentico Xperience | Kentico Xperience Deserialization of Untrusted Data Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0842Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'jenkins' (in 'Jenkins Matrix Project Plugin') | CVE: CVE-2019-1003030 | Jenkins Matrix Project Plugin | Jenkins Matrix Project Plugin Remote Code Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: Product match: 'jenkins' → THR-006
EXP-KEV-0845Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer Scripting Engine') | CVE: CVE-2018-8373 | Microsoft Internet Explorer Scripting Engine | Microsoft Scripting Engine Memory Corruption Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-787 → THR-018
EXP-KEV-0846Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'vmware' (in 'VMware SD-WAN Edge') | CVE: CVE-2018-6961 | VMware SD-WAN Edge | VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0847Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0850Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Secure Access Control System (ACS)') | CVE: CVE-2018-0147 | Cisco Secure Access Control System (ACS) | Cisco Secure Access Control System Java Deserialization Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0851Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco VPN Routers') | CVE: CVE-2018-0125 | Cisco VPN Routers | Cisco VPN Routers Remote Code Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0852Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'netgear' (in 'NETGEAR DGN2200 Devices') | CVE: CVE-2017-6334 | NETGEAR DGN2200 Devices | NETGEAR DGN2200 Devices OS Command Injection Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0853Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'citrix' (in 'Citrix NetScaler SD-WAN Enterprise, CloudBridge Virtual WAN, and XenMobile Server') | CVE: CVE-2017-6316 | Citrix NetScaler SD-WAN Enterprise, CloudBridge Virtual WAN, and XenMobile Server | Citrix Multiple Products Remote Code Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0854Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS and IOS XE') | CVE: CVE-2017-3881 | Cisco IOS and IOS XE | Cisco IOS and IOS XE Remote Code Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0858Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2016-7892 | Adobe Flash Player | Adobe Flash Player Use-After-Free Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-416 → THR-018
EXP-KEV-0859Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2016-4171 | Adobe Flash Player | Adobe Flash Player Remote Code Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: Product match: 'flash' → THR-004
EXP-KEV-0860Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'netgear' (in 'NETGEAR Wireless Access Point (WAP) Devices') | CVE: CVE-2016-1555 | NETGEAR Wireless Access Point (WAP) Devices | NETGEAR Multiple WAP Devices Command Injection Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-77 → THR-010
EXP-KEV-0862Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'netgear' (in 'NETGEAR WNR2000v5 Router') | CVE: CVE-2016-10174 | NETGEAR WNR2000v5 Router | NETGEAR WNR2000v5 Router Buffer Overflow Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-119 → THR-018
EXP-KEV-0863Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'rails' (in 'Rails Ruby on Rails') | CVE: CVE-2016-0752 | Rails Ruby on Rails | Ruby on Rails Directory Traversal Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0864Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'arcserve' (in 'Arcserve Unified Data Protection (UDP)') | CVE: CVE-2015-4068 | Arcserve Unified Data Protection (UDP) | Arcserve Unified Data Protection (UDP) Directory Traversal Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0865Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'tp-link' (in 'TP-Link Multiple Archer Devices') | CVE: CVE-2015-3035 | TP-Link Multiple Archer Devices | TP-Link Multiple Archer Devices Directory Traversal Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0867Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Prime Data Center Network Manager (DCNM)') | CVE: CVE-2015-0666 | Cisco Prime Data Center Network Manager (DCNM) | Cisco Prime Data Center Network Manager (DCNM) Directory Traversal Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0870Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'rejetto' (in 'Rejetto HTTP File Server (HFS)') | CVE: CVE-2014-6287 | Rejetto HTTP File Server (HFS) | Rejetto HTTP File Server (HFS) Remote Code Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-0871Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'rails' (in 'Rails Ruby on Rails') | CVE: CVE-2014-0130 | Rails Ruby on Rails | Ruby on Rails Directory Traversal Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-0873Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'hewlett' (in 'Hewlett Packard (HP) ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management') | CVE: CVE-2013-4810 | Hewlett Packard (HP) ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management | HP Multiple Products Remote Code Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-0874Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'apache struts' (in 'Apache Struts') | CVE: CVE-2013-2251 | Apache Struts | Apache Struts Improper Input Validation Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0875Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0876Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0877Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS XR') | CVE: CVE-2010-3035 | Cisco IOS XR | Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0879Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS XR') | CVE: CVE-2009-2055 | Cisco IOS XR | Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0880Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'php' (in 'phpMyAdmin phpMyAdmin') | CVE: CVE-2009-1151 | phpMyAdmin phpMyAdmin | phpMyAdmin Remote Code Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-0895Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0896Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0897Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'vmware' (in 'VMware vCenter Server and Cloud Foundation') | CVE: CVE-2021-21973 | VMware vCenter Server and Cloud Foundation | VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability | KEV added: 2022-03-07 | KEV due: 2022-03-21 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0898Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'pulse secure' (in 'Pulse Secure Pulse Connect Secure') | CVE: CVE-2020-8218 | Pulse Secure Pulse Connect Secure | Pulse Connect Secure Code Injection Vulnerability | KEV added: 2022-03-07 | KEV due: 2022-09-07 | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-0900Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'netgear' (in 'NETGEAR Wireless Router DGN2200') | CVE: CVE-2017-6077 | NETGEAR Wireless Router DGN2200 | NETGEAR DGN2200 Remote Code Execution Vulnerability | KEV added: 2022-03-07 | KEV due: 2022-09-07 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-0901Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'netgear' (in 'NETGEAR Multiple Routers') | CVE: CVE-2016-6277 | NETGEAR Multiple Routers | NETGEAR Multiple Routers Remote Code Execution Vulnerability | KEV added: 2022-03-07 | KEV due: 2022-09-07 | Mapping: CWE mapping: CWE-352 → THR-006
EXP-KEV-0904Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'treck' (in 'Treck TCP/IP stack IPv6') | CVE: CVE-2020-11899 | Treck TCP/IP stack IPv6 | Treck TCP/IP stack Out-of-Bounds Read Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Mapping: CWE mapping: CWE-125 → THR-018
EXP-KEV-0905Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'exim' (in 'Exim Exim Internet Mailer') | CVE: CVE-2019-16928 | Exim Exim Internet Mailer | Exim Out-of-bounds Write Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Mapping: CWE mapping: CWE-787 → THR-018
EXP-KEV-0906Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers') | CVE: CVE-2019-1652 | Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers | Cisco Small Business Routers Improper Input Validation Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0908External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS Software') | CVE: CVE-2018-0180 | Cisco IOS Software | Cisco IOS Software Denial-of-Service Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Mapping: Product match: 'cisco ios' → THR-005
EXP-KEV-0909External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS Software') | CVE: CVE-2018-0179 | Cisco IOS Software | Cisco IOS Software Denial-of-Service Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Mapping: Product match: 'cisco ios' → THR-005
EXP-KEV-0910Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS, XR, and XE Software') | CVE: CVE-2018-0175 | Cisco IOS, XR, and XE Software | Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Mapping: CWE mapping: CWE-119 → THR-018
EXP-KEV-0911Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS XE Software') | CVE: CVE-2018-0174 | Cisco IOS XE Software | Cisco IOS Software and Cisco IOS XE Software Improper Input Validation Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0912Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS and IOS XE Software') | CVE: CVE-2018-0173 | Cisco IOS and IOS XE Software | Cisco IOS and IOS XE Software Improper Input Validation Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0913Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS and IOS XE Software') | CVE: CVE-2018-0172 | Cisco IOS and IOS XE Software | Cisco IOS and IOS XE Software Improper Input Validation Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0914Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS, XR, and XE Software') | CVE: CVE-2018-0167 | Cisco IOS, XR, and XE Software | Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Mapping: CWE mapping: CWE-119 → THR-018
EXP-KEV-0915External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS Software') | CVE: CVE-2018-0161 | Cisco IOS Software | Cisco IOS Software Resource Management Errors Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Mapping: Product match: 'cisco ios' → THR-005
EXP-KEV-0916Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS Software and Cisco IOS XE Software') | CVE: CVE-2018-0159 | Cisco IOS Software and Cisco IOS XE Software | Cisco IOS and XE Software Internet Key Exchange Version 1 Denial-of-Service Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0917Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS Software and Cisco IOS XE Software') | CVE: CVE-2018-0158 | Cisco IOS Software and Cisco IOS XE Software | Cisco IOS and XE Software Internet Key Exchange Memory Leak Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0918External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS Software and Cisco IOS XE Software') | CVE: CVE-2018-0156 | Cisco IOS Software and Cisco IOS XE Software | Cisco IOS Software and Cisco IOS XE Software Smart Install Denial-of-Service Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Mapping: Product match: 'cisco ios' → THR-005
EXP-KEV-0919Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches') | CVE: CVE-2018-0155 | Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches | Cisco Catalyst Bidirectional Forwarding Detection Denial-of-Service Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Mapping: Product match: 'ios' → THR-018
EXP-KEV-0920External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS Software') | CVE: CVE-2018-0154 | Cisco IOS Software | Cisco IOS Software Integrated Services Module for VPN Denial-of-Service Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Mapping: Product match: 'vpn' → THR-005
EXP-KEV-0921Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS and IOS XE Software') | CVE: CVE-2018-0151 | Cisco IOS and IOS XE Software | Cisco IOS Software and Cisco IOS XE Software Quality of Service Remote Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Mapping: CWE mapping: CWE-119 → THR-018
EXP-KEV-0923Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS software') | CVE: CVE-2017-6744 | Cisco IOS software | Cisco IOS Software SNMP Remote Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-119 → THR-018
EXP-KEV-0924Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS and IOS XE Software') | CVE: CVE-2017-6743 | Cisco IOS and IOS XE Software | Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-119 → THR-018
EXP-KEV-0925Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS and IOS XE Software') | CVE: CVE-2017-6740 | Cisco IOS and IOS XE Software | Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-119 → THR-018
EXP-KEV-0926Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS and IOS XE Software') | CVE: CVE-2017-6739 | Cisco IOS and IOS XE Software | Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-119 → THR-018
EXP-KEV-0927Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS and IOS XE Software') | CVE: CVE-2017-6738 | Cisco IOS and IOS XE Software | Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-119 → THR-018
EXP-KEV-0928Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS and IOS XE Software') | CVE: CVE-2017-6737 | Cisco IOS and IOS XE Software | Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-119 → THR-018
EXP-KEV-0929Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS and IOS XE Software') | CVE: CVE-2017-6736 | Cisco IOS and IOS XE Software | Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-119 → THR-018
EXP-KEV-0930External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS and IOS XE Software') | CVE: CVE-2017-6663 | Cisco IOS and IOS XE Software | Cisco IOS Software and Cisco IOS XE Software Denial-of-Service Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: Product match: 'cisco ios' → THR-005
EXP-KEV-0931External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS and IOS XE Software') | CVE: CVE-2017-6627 | Cisco IOS and IOS XE Software | Cisco IOS Software and Cisco IOS XE Software UDP Packet Processing Denial-of-Service Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: Product match: 'cisco ios' → THR-005
EXP-KEV-0932Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS XE Software') | CVE: CVE-2017-12319 | Cisco IOS XE Software | Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial-of-Service Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0933Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS and IOS XE Software') | CVE: CVE-2017-12240 | Cisco IOS and IOS XE Software | Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0934External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Catalyst 6800 Series Switches') | CVE: CVE-2017-12238 | Cisco Catalyst 6800 Series Switches | Cisco Catalyst 6800 Series Switches VPLS Denial-of-Service Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: Product match: 'cisco ios' → THR-005
EXP-KEV-0935Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS and IOS XE Software') | CVE: CVE-2017-12237 | Cisco IOS and IOS XE Software | Cisco IOS and IOS XE Software Internet Key Exchange Denial-of-Service Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: Product match: 'exchange' → THR-006
EXP-KEV-0936Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS software') | CVE: CVE-2017-12235 | Cisco IOS software | Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial-of-Service Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0937Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS software') | CVE: CVE-2017-12234 | Cisco IOS software | Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0938Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS software') | CVE: CVE-2017-12233 | Cisco IOS software | Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0939External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS software') | CVE: CVE-2017-12232 | Cisco IOS software | Cisco IOS Software for Cisco Integrated Services Routers Denial-of-Service Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: Product match: 'cisco ios' → THR-005
EXP-KEV-0940External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS software') | CVE: CVE-2017-12231 | Cisco IOS software | Cisco IOS Software Network Address Translation Denial-of-Service Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: Product match: 'cisco ios' → THR-005
EXP-KEV-0942Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2017-11292 | Adobe Flash Player | Adobe Flash Player Type Confusion Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: Product match: 'flash' → THR-004
EXP-KEV-0945Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'siemens' (in 'Siemens SIMATIC CP') | CVE: CVE-2016-8562 | Siemens SIMATIC CP | Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0946Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2016-7855 | Adobe Flash Player | Adobe Flash Player Use-After-Free Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-416 → THR-018
EXP-KEV-0950Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2016-4117 | Adobe Flash Player | Adobe Flash Player Arbitrary Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: Product match: 'flash' → THR-004
EXP-KEV-0954Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2015-5119 | Adobe Flash Player | Adobe Flash Player Use-After-Free Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-119 → THR-018
EXP-KEV-0955Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2015-3043 | Adobe Flash Player | Adobe Flash Player Memory Corruption Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-787 → THR-018
EXP-KEV-0964Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0965Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2013-1347 | Microsoft Internet Explorer | Microsoft Internet Explorer Remote Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-0968Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2012-1535 | Adobe Flash Player | Adobe Flash Player Arbitrary Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: Product match: 'flash' → THR-004
EXP-KEV-0969Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft forefront' (in 'Microsoft Forefront Threat Management Gateway (TMG)') | CVE: CVE-2011-1889 | Microsoft Forefront Threat Management Gateway (TMG) | Microsoft Forefront TMG Remote Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-119 → THR-018
EXP-KEV-0970Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2011-0611 | Adobe Flash Player | Adobe Flash Player Remote Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: Product match: 'flash' → THR-004
EXP-KEV-0981Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2017-0222 | Microsoft Internet Explorer | Microsoft Internet Explorer Remote Code Execution Vulnerability | KEV added: 2022-02-25 | KEV due: 2022-08-25 | Mapping: CWE mapping: CWE-119 → THR-018
EXP-KEV-0983Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0984Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe commerce' (in 'Adobe Commerce and Magento Open Source') | CVE: CVE-2022-24086 | Adobe Commerce and Magento Open Source | Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability | KEV added: 2022-02-15 | KEV due: 2022-03-01 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-0988Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-0994Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'jenkins' (in 'Jenkins Jenkins Stapler Web Framework') | CVE: CVE-2018-1000861 | Jenkins Jenkins Stapler Web Framework | Jenkins Stapler Web Framework Deserialization of Untrusted Data Vulnerability | KEV added: 2022-02-10 | KEV due: 2022-08-10 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-0995Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'apache struts' (in 'Apache Struts 1') | CVE: CVE-2017-9791 | Apache Struts 1 | Apache Struts 1 Improper Input Validation Vulnerability | KEV added: 2022-02-10 | KEV due: 2022-08-10 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-1001Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'apache activemq' (in 'Apache ActiveMQ') | CVE: CVE-2016-3088 | Apache ActiveMQ | Apache ActiveMQ Improper Input Validation Vulnerability | KEV added: 2022-02-10 | KEV due: 2022-08-10 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-1007SQL Injection (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'grandstream' (in 'Grandstream UCM6200') | CVE: CVE-2020-5722 | Grandstream UCM6200 | Grandstream Networks UCM6200 Series SQL Injection Vulnerability | KEV added: 2022-01-28 | KEV due: 2022-07-28 | Mapping: CWE mapping: CWE-89 → THR-059
EXP-KEV-1009Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2014-1776 | Microsoft Internet Explorer | Microsoft Internet Explorer Memory Corruption Vulnerability | KEV added: 2022-01-28 | KEV due: 2022-07-28 | Mapping: CWE mapping: CWE-416 → THR-018
EXP-KEV-1010Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'gnu' (in 'GNU Bourne-Again Shell (Bash)') | CVE: CVE-2014-6271 | GNU Bourne-Again Shell (Bash) | GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability | KEV added: 2022-01-28 | KEV due: 2022-07-28 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-1011Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'gnu' (in 'GNU Bourne-Again Shell (Bash)') | CVE: CVE-2014-7169 | GNU Bourne-Again Shell (Bash) | GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability | KEV added: 2022-01-28 | KEV due: 2022-07-28 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-1012Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'apache struts' (in 'Apache Struts 1') | CVE: CVE-2006-1547 | Apache Struts 1 | Apache Struts 1 ActionForm Denial-of-Service Vulnerability | KEV added: 2022-01-21 | KEV due: 2022-07-21 | Mapping: Product match: 'apache' → THR-006
EXP-KEV-1013Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'apache struts' (in 'Apache Struts 2') | CVE: CVE-2012-0391 | Apache Struts 2 | Apache Struts 2 Improper Input Validation Vulnerability | KEV added: 2022-01-21 | KEV due: 2022-07-21 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-1015Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'solarwinds' (in 'SolarWinds Serv-U') | CVE: CVE-2021-35247 | SolarWinds Serv-U | SolarWinds Serv-U Improper Input Validation Vulnerability | KEV added: 2022-01-21 | KEV due: 2022-02-04 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-1016Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'october cms' (in 'October CMS October CMS') | CVE: CVE-2021-32648 | October CMS October CMS | October CMS Improper Authentication | KEV added: 2022-01-18 | KEV due: 2022-02-01 | Mapping: CWE mapping: CWE-287 → THR-009
EXP-KEV-1017Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-1018Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-1019Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-1020Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft exchange' (in 'Microsoft Exchange Server') | CVE: CVE-2021-33766 | Microsoft Exchange Server | Microsoft Exchange Server Information Disclosure | KEV added: 2022-01-18 | KEV due: 2022-02-01 | Mapping: CWE mapping: CWE-287 → THR-009
EXP-KEV-1022Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'npm package' (in 'Npm package System Information Library for Node.JS') | CVE: CVE-2021-21315 | Npm package System Information Library for Node.JS | System Information Library for Node.JS Command Injection | KEV added: 2022-01-18 | KEV due: 2022-02-01 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-1023Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'f5' (in 'F5 BIG-IP Traffic Management Microkernel') | CVE: CVE-2021-22991 | F5 BIG-IP Traffic Management Microkernel | F5 BIG-IP Traffic Management Microkernel Buffer Overflow | KEV added: 2022-01-18 | KEV due: 2022-02-01 | Mapping: CWE mapping: CWE-119 → THR-018
EXP-KEV-1024Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'intel' (in 'Oracle Intelligence Enterprise Edition') | CVE: CVE-2020-14864 | Oracle Intelligence Enterprise Edition | Oracle Business Intelligence Enterprise Edition Path Transversal | KEV added: 2022-01-18 | KEV due: 2022-07-18 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-1025Web Shell (T1505.003)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-1026Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-1027Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'apache airflow' (in 'Apache Airflow's Experimental API') | CVE: CVE-2020-13927 | Apache Airflow's Experimental API | Apache Airflow's Experimental API Authentication Bypass | KEV added: 2022-01-18 | KEV due: 2022-07-18 | Mapping: Product match: 'apache' → THR-006
EXP-KEV-1028Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'hikvision' (in 'Hikvision Security cameras web server') | CVE: CVE-2021-36260 | Hikvision Security cameras web server | Hikvision Improper Input Validation | KEV added: 2022-01-10 | KEV due: 2022-01-24 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-1035Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'exim' (in 'Exim Mail Transfer Agent (MTA)') | CVE: CVE-2019-10149 | Exim Mail Transfer Agent (MTA) | Exim Mail Transfer Agent (MTA) Improper Input Validation | KEV added: 2022-01-10 | KEV due: 2022-07-10 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-1036Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ibm' (in 'IBM WebSphere Application Server and Server Hypervisor Edition') | CVE: CVE-2015-7450 | IBM WebSphere Application Server and Server Hypervisor Edition | IBM WebSphere Application Server and Server Hypervisor Edition Code Injection. | KEV added: 2022-01-10 | KEV due: 2022-07-10 | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-1037Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-1038Web Shell (T1505.003)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'fatpipe' (in 'FatPipe WARP, IPVPN, and MPVPN software') | CVE: CVE-2021-27860 | FatPipe WARP, IPVPN, and MPVPN software | FatPipe WARP, IPVPN, and MPVPN Configuration Upload exploit | KEV added: 2022-01-10 | KEV due: 2022-01-24 | Mapping: CWE mapping: CWE-434 → THR-017
EXP-KEV-1042Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'realtek' (in 'Realtek Jungle Software Development Kit (SDK)') | CVE: CVE-2021-35394 | Realtek Jungle Software Development Kit (SDK) | Realtek Jungle SDK Remote Code Execution Vulnerability | KEV added: 2021-12-10 | KEV due: 2021-12-24 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-1043Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'apache solr' (in 'Apache Solr') | CVE: CVE-2019-0193 | Apache Solr | Apache Solr DataImportHandler Code Injection Vulnerability | KEV added: 2021-12-10 | KEV due: 2022-06-10 | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-1045Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'embedthis' (in 'Embedthis GoAhead') | CVE: CVE-2017-17562 | Embedthis GoAhead | Embedthis GoAhead Remote Code Execution Vulnerability | KEV added: 2021-12-10 | KEV due: 2022-06-10 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-1047Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'red hat' (in 'Red Hat JBoss Seam 2') | CVE: CVE-2010-1871 | Red Hat JBoss Seam 2 | Red Hat Linux JBoss Seam 2 Remote Code Execution Vulnerability | KEV added: 2021-12-10 | KEV due: 2022-06-10 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-1048SQL Injection (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-1049Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'pi-hole' (in 'Pi-hole AdminLTE') | CVE: CVE-2020-8816 | Pi-hole AdminLTE | Pi-Hole AdminLTE Remote Code Execution Vulnerability | KEV added: 2021-12-10 | KEV due: 2022-06-10 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-1050Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'mongodb' (in 'MongoDB mongo-express') | CVE: CVE-2019-10758 | MongoDB mongo-express | MongoDB mongo-express Remote Code Execution Vulnerability | KEV added: 2021-12-10 | KEV due: 2022-06-10 | Mapping: Product match: 'mongodb' → THR-006
EXP-KEV-1052Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'qualcomm' (in 'Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables') | CVE: CVE-2020-11261 | Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | Qualcomm Multiple Chipsets Improper Input Validation Vulnerability | KEV added: 2021-12-01 | KEV due: 2022-06-01 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-1053Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'mikrotik' (in 'MikroTik RouterOS') | CVE: CVE-2018-14847 | MikroTik RouterOS | MikroTik Router OS Directory Traversal Vulnerability | KEV added: 2021-12-01 | KEV due: 2022-06-01 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-1063Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe coldfusion' (in 'Adobe ColdFusion') | CVE: CVE-2018-4939 | Adobe ColdFusion | Adobe ColdFusion Deserialization of Untrusted Data Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-1064Web Shell (T1505.003)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe coldfusion' (in 'Adobe ColdFusion') | CVE: CVE-2018-15961 | Adobe ColdFusion | Adobe ColdFusion Unrestricted File Upload Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-434 → THR-017
EXP-KEV-1068Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'mediatek' (in 'MediaTek Multiple Chipsets') | CVE: CVE-2020-0069 | MediaTek Multiple Chipsets | Mediatek Multiple Chipsets Insufficient Input Validation Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-787 → THR-018
EXP-KEV-1069Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'apache struts' (in 'Apache Struts') | CVE: CVE-2017-9805 | Apache Struts | Apache Struts Deserialization of Untrusted Data Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-1073Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'apache shiro' (in 'Apache Shiro') | CVE: CVE-2016-4437 | Apache Shiro | Apache Shiro Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'apache' → THR-006
EXP-KEV-1074Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'apache solr' (in 'Apache Solr') | CVE: CVE-2019-17558 | Apache Solr | Apache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'apache' → THR-006
EXP-KEV-1075Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'apache struts' (in 'Apache Struts') | CVE: CVE-2020-17530 | Apache Struts | Apache Struts Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'apache' → THR-006
EXP-KEV-1077Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'apache struts' (in 'Apache Struts') | CVE: CVE-2018-11776 | Apache Struts | Apache Struts Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-1101Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'arcadyan' (in 'Arcadyan Buffalo Firmware') | CVE: CVE-2021-20090 | Arcadyan Buffalo Firmware | Arcadyan Buffalo Firmware Path Traversal Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-1102Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'arm trusted firmware' (in 'Arm Trusted Firmware') | CVE: CVE-2021-27562 | Arm Trusted Firmware | Arm Trusted Firmware Out-of-Bounds Write Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-787 → THR-018
EXP-KEV-1103Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'arm mali' (in 'Arm Mali Graphics Processing Unit (GPU)') | CVE: CVE-2021-28664 | Arm Mali Graphics Processing Unit (GPU) | Arm Mali Graphics Processing Unit (GPU) Unspecified Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-787 → THR-018
EXP-KEV-1104Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'arm mali' (in 'Arm Mali Graphics Processing Unit (GPU)') | CVE: CVE-2021-28663 | Arm Mali Graphics Processing Unit (GPU) | Arm Mali Graphics Processing Unit (GPU) Use-After-Free Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-416 → THR-018
EXP-KEV-1109Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)') | CVE: CVE-2020-3452 | Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) | Cisco ASA and FTD Read-Only Path Traversal Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-1111Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco HyperFlex HX') | CVE: CVE-2021-1497 | Cisco HyperFlex HX | Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-1112Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco HyperFlex HX') | CVE: CVE-2021-1498 | Cisco HyperFlex HX | Cisco HyperFlex HX Data Platform Command Injection Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-1113Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS and IOS XE') | CVE: CVE-2018-0171 | Cisco IOS and IOS XE | Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-1114External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS XR') | CVE: CVE-2020-3118 | Cisco IOS XR | Cisco IOS XR Software Discovery Protocol Format String Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'cisco ios' → THR-005
EXP-KEV-1115External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS XR') | CVE: CVE-2020-3566 | Cisco IOS XR | Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'cisco ios' → THR-005
EXP-KEV-1116External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS XR') | CVE: CVE-2020-3569 | Cisco IOS XR | Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'cisco ios' → THR-005
EXP-KEV-1117Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Cisco IP Phones') | CVE: CVE-2020-3161 | Cisco Cisco IP Phones | Cisco IP Phones Web Server Remote Code Execution and Denial-of-Service Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-1118External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Small Business RV320 and RV325 Routers') | CVE: CVE-2019-1653 | Cisco Small Business RV320 and RV325 Routers | Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'vpn' → THR-005
EXP-KEV-1119Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Adaptive Security Appliance (ASA)') | CVE: CVE-2018-0296 | Cisco Adaptive Security Appliance (ASA) | Cisco Adaptive Security Appliance (ASA) Denial-of-Service Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-1120External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'citrix' (in 'Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance') | CVE: CVE-2020-8193 | Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance | Citrix ADC, Gateway, and SD-WAN WANOP Appliance Authorization Bypass Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'citrix adc' → THR-005
EXP-KEV-1121Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'citrix' (in 'Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance') | CVE: CVE-2020-8195 | Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance | Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-1122External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'citrix' (in 'Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance') | CVE: CVE-2020-8196 | Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance | Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'citrix adc' → THR-005
EXP-KEV-1128Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'docker' (in 'Docker Desktop Community Edition') | CVE: CVE-2019-15752 | Docker Desktop Community Edition | Docker Desktop Community Edition Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'docker' → THR-006
EXP-KEV-1129Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'draytek' (in 'DrayTek Multiple Vigor Routers') | CVE: CVE-2020-8515 | DrayTek Multiple Vigor Routers | Multiple DrayTek Vigor Routers Web Management Page Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-1133Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'eyesofnetwork' (in 'EyesOfNetwork EyesOfNetwork') | CVE: CVE-2020-8655 | EyesOfNetwork EyesOfNetwork | EyesOfNetwork Improper Privilege Management Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-269 → THR-018
EXP-KEV-1141Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'freetype' (in 'Google Chrome FreeType') | CVE: CVE-2020-15999 | Google Chrome FreeType | Google Chrome FreeType Heap Buffer Overflow Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-787 → THR-018
EXP-KEV-1162Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ibm' (in 'IBM Data Risk Manager') | CVE: CVE-2020-4430 | IBM Data Risk Manager | IBM Data Risk Manager Directory Traversal Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-1163Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ibm' (in 'IBM Data Risk Manager') | CVE: CVE-2020-4427 | IBM Data Risk Manager | IBM Data Risk Manager Security Bypass Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'saml' → THR-009
EXP-KEV-1164Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ibm' (in 'IBM Data Risk Manager') | CVE: CVE-2020-4428 | IBM Data Risk Manager | IBM Data Risk Manager Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-1165Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ibm' (in 'IBM Planning Analytics') | CVE: CVE-2019-4716 | IBM Planning Analytics | IBM Planning Analytics Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-1166Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'imagemagick' (in 'ImageMagick ImageMagick') | CVE: CVE-2016-3718 | ImageMagick ImageMagick | ImageMagick Server-Side Request Forgery (SSRF) Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-1167External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti MobileIron Multiple Products') | CVE: CVE-2020-15505 | Ivanti MobileIron Multiple Products | Ivanti MobileIron Multiple Products Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'ivanti' → THR-005
EXP-KEV-1168Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'liferay' (in 'Liferay Liferay Portal') | CVE: CVE-2020-7961 | Liferay Liferay Portal | Liferay Portal Deserialization of Untrusted Data Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-1169Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'micro focus' (in 'Micro Focus Micro Focus Access Manager') | CVE: CVE-2021-22506 | Micro Focus Micro Focus Access Manager | Micro Focus Access Manager Information Leakage Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: Product match: 'saml' → THR-009
EXP-KEV-1170Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'micro focus' (in 'Micro Focus Operation Bridge Reporter (OBR)') | CVE: CVE-2021-22502 | Micro Focus Operation Bridge Reporter (OBR) | Micro Focus Operation Bridge Report (OBR) Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-1183Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft exchange' (in 'Microsoft Exchange Server') | CVE: CVE-2020-17144 | Microsoft Exchange Server | Microsoft Exchange Server Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-1197Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft hyper-v' (in 'Microsoft Hyper-V RemoteFX') | CVE: CVE-2020-1040 | Microsoft Hyper-V RemoteFX | Microsoft Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-1203Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2018-8653 | Microsoft Internet Explorer | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-787 → THR-018
EXP-KEV-1208Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft mscomctl' (in 'Microsoft MSCOMCTL.OCX') | CVE: CVE-2012-0158 | Microsoft MSCOMCTL.OCX | Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-1212Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2020-0674 | Microsoft Internet Explorer | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-416 → THR-018
EXP-KEV-1216Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2020-1380 | Microsoft Internet Explorer | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-787 → THR-018
EXP-KEV-1217Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2019-1429 | Microsoft Internet Explorer | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-416 → THR-018
EXP-KEV-1219Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2020-0968 | Microsoft Internet Explorer | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-787 → THR-018
EXP-KEV-1229Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'visual studio' (in 'Microsoft .NET Framework, SharePoint, Visual Studio') | CVE: CVE-2020-1147 | Microsoft .NET Framework, SharePoint, Visual Studio | Microsoft .NET Framework, SharePoint, and Visual Studio Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'sharepoint' → THR-006
EXP-KEV-1234Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'mozilla' (in 'Mozilla Firefox and Thunderbird') | CVE: CVE-2020-6819 | Mozilla Firefox and Thunderbird | Mozilla Firefox And Thunderbird Use-After-Free Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-416 → THR-018
EXP-KEV-1235Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'mozilla' (in 'Mozilla Firefox and Thunderbird') | CVE: CVE-2020-6820 | Mozilla Firefox and Thunderbird | Mozilla Firefox And Thunderbird Use-After-Free Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'firefox' → THR-004
EXP-KEV-1236Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'mozilla' (in 'Mozilla Firefox and Thunderbird') | CVE: CVE-2019-17026 | Mozilla Firefox and Thunderbird | Mozilla Firefox And Thunderbird Type Confusion Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'firefox' → THR-004
EXP-KEV-1237Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-1238Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'netis' (in 'Netis WF2419 Devices') | CVE: CVE-2019-19356 | Netis WF2419 Devices | Netis WF2419 Devices Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-1239Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Multiple Products') | CVE: CVE-2020-2555 | Oracle Multiple Products | Oracle Multiple Products Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-1240Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Solaris and Zettabyte File System (ZFS)') | CVE: CVE-2020-14871 | Oracle Solaris and Zettabyte File System (ZFS) | Oracle Solaris and Zettabyte File System (ZFS) Unspecified Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-787 → THR-018
EXP-KEV-1241Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle WebLogic Server') | CVE: CVE-2015-4852 | Oracle WebLogic Server | Oracle WebLogic Server Deserialization of Untrusted Data Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-1242Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-1245Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Pulse Connect Secure') | CVE: CVE-2020-8243 | Ivanti Pulse Connect Secure | Ivanti Pulse Connect Secure Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-1246Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Pulse Connect Secure') | CVE: CVE-2021-22900 | Ivanti Pulse Connect Secure | Ivanti Pulse Connect Secure Unrestricted File Upload Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-1247Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Pulse Connect Secure') | CVE: CVE-2021-22894 | Ivanti Pulse Connect Secure | Ivanti Pulse Connect Secure Collaboration Suite Buffer Overflow Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-1248Web Shell (T1505.003)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Pulse Connect Secure') | CVE: CVE-2020-8260 | Ivanti Pulse Connect Secure | Ivanti Pulse Connect Secure Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-434 → THR-017
EXP-KEV-1249Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Pulse Connect Secure') | CVE: CVE-2021-22899 | Ivanti Pulse Connect Secure | Ivanti Pulse Connect Secure Command Injection Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-77 → THR-010
EXP-KEV-1252Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'qualcomm' (in 'Qualcomm Multiple Chipsets') | CVE: CVE-2021-1905 | Qualcomm Multiple Chipsets | Qualcomm Multiple Chipsets Use-After-Free Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-416 → THR-018
EXP-KEV-1253Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-1254Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'realtek' (in 'Realtek AP-Router SDK') | CVE: CVE-2021-35395 | Realtek AP-Router SDK | Realtek AP-Router SDK Buffer Overflow Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-1255Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'saltstack' (in 'SaltStack Salt') | CVE: CVE-2020-11652 | SaltStack Salt | SaltStack Salt Path Traversal Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-1256Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-1258Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sap' (in 'SAP NetWeaver') | CVE: CVE-2016-3976 | SAP NetWeaver | SAP NetWeaver Directory Traversal Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-1265Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sumavision' (in 'Sumavision Enhanced Multimedia Router (EMR)') | CVE: CVE-2020-10181 | Sumavision Enhanced Multimedia Router (EMR) | Sumavision EMR Cross-Site Request Forgery (CSRF) Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-352 → THR-006
EXP-KEV-1266Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'symantec' (in 'Symantec Symantec Messaging Gateway') | CVE: CVE-2017-6327 | Symantec Symantec Messaging Gateway | Symantec Messaging Gateway Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-1267Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'tenda' (in 'Tenda AC11 Router') | CVE: CVE-2021-31755 | Tenda AC11 Router | Tenda AC11 Router Stack Buffer Overflow Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-787 → THR-018
EXP-KEV-1268Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'tenda' (in 'Tenda AC1900 Router AC15 Model') | CVE: CVE-2020-10987 | Tenda AC1900 Router AC15 Model | Tenda AC1900 Router AC15 Model Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-1269Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'tenda' (in 'Tenda AC7, AC9, and AC10 Routers') | CVE: CVE-2018-14558 | Tenda AC7, AC9, and AC10 Routers | Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-1270Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'php' (in 'ThinkPHP noneCms') | CVE: CVE-2018-20062 | ThinkPHP noneCms | ThinkPHP "noneCms" Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-1271Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-1272Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'trend micro' (in 'Trend Micro OfficeScan') | CVE: CVE-2019-18187 | Trend Micro OfficeScan | Trend Micro OfficeScan Directory Traversal Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-1273User Execution (T1204)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'trend micro' (in 'Trend Micro Apex One and OfficeScan') | CVE: CVE-2020-8467 | Trend Micro Apex One and OfficeScan | Trend Micro Apex One and OfficeScan Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'office' → THR-012
EXP-KEV-1274User Execution (T1204)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'trend micro' (in 'Trend Micro Apex One, OfficeScan and Worry-Free Business Security Agents') | CVE: CVE-2020-8468 | Trend Micro Apex One, OfficeScan and Worry-Free Business Security Agents | Trend Micro Multiple Products Content Validation Escape Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'office' → THR-012
EXP-KEV-1275User Execution (T1204)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'trend micro' (in 'Trend Micro Apex One, OfficeScan, and Worry-Free Business Security') | CVE: CVE-2020-24557 | Trend Micro Apex One, OfficeScan, and Worry-Free Business Security | Trend Micro Multiple Products Improper Access Control Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'office' → THR-012
EXP-KEV-1276User Execution (T1204)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'trend micro' (in 'Trend Micro Apex One and OfficeScan') | CVE: CVE-2020-8599 | Trend Micro Apex One and OfficeScan | Trend Micro Apex One and OfficeScan Authentication Bypass Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'office' → THR-012
EXP-KEV-1277Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'trend micro' (in 'Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security') | CVE: CVE-2021-36742 | Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security | Trend Micro Multiple Products Improper Input Validation Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-20 → THR-006
EXP-KEV-1278Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'trend micro' (in 'Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security') | CVE: CVE-2021-36741 | Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security | Trend Micro Multiple Products Improper Input Validation Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-1279Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'tvt nvms' (in 'TVT NVMS-1000') | CVE: CVE-2019-20085 | TVT NVMS-1000 | TVT NVMS-1000 Directory Traversal Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-1280Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
EXP-KEV-1281Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'unraid' (in 'Unraid Unraid') | CVE: CVE-2020-5847 | Unraid Unraid | Unraid Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'php' → THR-006
EXP-KEV-1282Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'vbulletin' (in 'vBulletin vBulletin') | CVE: CVE-2019-16759 | vBulletin vBulletin | vBulletin PHP Module Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-94 → THR-010
EXP-KEV-1283Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'vbulletin' (in 'vBulletin vBulletin') | CVE: CVE-2020-17496 | vBulletin vBulletin | vBulletin PHP Module Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'php' → THR-006
EXP-KEV-1286Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'vmware' (in 'VMware Multiple Products') | CVE: CVE-2020-3950 | VMware Multiple Products | VMware Multiple Products Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-269 → THR-018
EXP-KEV-1288Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'vmware' (in 'VMware Multiple Products') | CVE: CVE-2020-4006 | VMware Multiple Products | Multiple VMware Products Command Injection Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-1289Web Shell (T1505.003)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'wordpress' (in 'WordPress File Manager Plugin') | CVE: CVE-2020-25213 | WordPress File Manager Plugin | WordPress File Manager Plugin Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-434 → THR-017
EXP-KEV-1290Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'wordpress' (in 'WordPress Snap Creek Duplicator Plugin') | CVE: CVE-2020-11738 | WordPress Snap Creek Duplicator Plugin | WordPress Snap Creek Duplicator Plugin File Download Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-22 → THR-006
EXP-KEV-1291Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'wordpress' (in 'WordPress Social Warfare Plugin') | CVE: CVE-2019-9978 | WordPress Social Warfare Plugin | WordPress Social Warfare Plugin Cross-Site Scripting (XSS) Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-79 → THR-060
EXP-KEV-1292Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'yealink' (in 'Yealink Device Management') | CVE: CVE-2021-27561 | Yealink Device Management | Yealink Device Management Server-Side Request Forgery (SSRF) Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-78 → THR-010
EXP-KEV-1293Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'zoho' (in 'Zoho ManageEngine') | CVE: CVE-2020-10189 | Zoho ManageEngine | Zoho ManageEngine Desktop Central File Upload Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-502 → THR-006
EXP-KEV-1294Web Shell (T1505.003)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'zoho' (in 'Zoho ManageEngine') | CVE: CVE-2019-8394 | Zoho ManageEngine | Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-434 → THR-017
EXP-KEV-1296Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'arista' (in 'Arista Extensible Operating System') | CVE: CVE-2026-7473 | Arista Extensible Operating System | Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability | KEV added: 2026-06-09 | KEV due: 2026-06-23 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1297Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Catalyst SD-WAN Manager') | CVE: CVE-2026-20245 | Cisco Catalyst SD-WAN Manager | Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability | KEV added: 2026-06-09 | KEV due: 2026-06-23 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1298Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'solarwinds' (in 'SolarWinds Serv-U') | CVE: CVE-2026-28318 | SolarWinds Serv-U | SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability | KEV added: 2026-06-05 | KEV due: 2026-06-19 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1299Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle WebLogic Server') | CVE: CVE-2024-21182 | Oracle WebLogic Server | Oracle WebLogic Server Unspecified Vulnerability | KEV added: 2026-06-01 | KEV due: 2026-06-04 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1302Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'daemon tools' (in 'Daemon Daemon Tools Lite') | CVE: CVE-2026-8398 | Daemon Daemon Tools Lite | Daemon Tools Lite Embedded Malicious Code Vulnerability | KEV added: 2026-05-27 | KEV due: 2026-05-30 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1303Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'litespeed' (in 'LiteSpeed cPanel Plugin') | CVE: CVE-2026-48172 | LiteSpeed cPanel Plugin | LiteSpeed cPanel Plugin Privilege Escalation Vulnerability | KEV added: 2026-05-26 | KEV due: 2026-05-29 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1304Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'langflow' (in 'Langflow Langflow') | CVE: CVE-2025-34291 | Langflow Langflow | Langflow Origin Validation Error Vulnerability | KEV added: 2026-05-21 | KEV due: 2026-06-04 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1305Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'trend micro' (in 'Trend Micro Apex One') | CVE: CVE-2026-34926 | Trend Micro Apex One | Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability | KEV added: 2026-05-21 | KEV due: 2026-06-04 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1307Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2010-0806 | Microsoft Internet Explorer | Microsoft Internet Explorer Use-After-Free Vulnerability | KEV added: 2026-05-20 | KEV due: 2026-06-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1310Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'marimo' (in 'Marimo Marimo') | CVE: CVE-2026-39987 | Marimo Marimo | Marimo Remote Code Execution Vulnerability | KEV added: 2026-04-23 | KEV due: 2026-05-07 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1312Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Catalyst SD-WAN Manger') | CVE: CVE-2026-20122 | Cisco Catalyst SD-WAN Manger | Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability | KEV added: 2026-04-20 | KEV due: 2026-04-23 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1313Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Catalyst SD-WAN Manager') | CVE: CVE-2026-20133 | Cisco Catalyst SD-WAN Manager | Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability | KEV added: 2026-04-20 | KEV due: 2026-04-23 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1314Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Catalyst SD-WAN Manager') | CVE: CVE-2026-20128 | Cisco Catalyst SD-WAN Manager | Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability | KEV added: 2026-04-20 | KEV due: 2026-04-23 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1318Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'trueconf' (in 'TrueConf Client') | CVE: CVE-2026-3502 | TrueConf Client | TrueConf Client Download of Code Without Integrity Check Vulnerability | KEV added: 2026-04-02 | KEV due: 2026-04-16 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1319Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'f5' (in 'F5 BIG-IP') | CVE: CVE-2025-53521 | F5 BIG-IP | F5 BIG-IP Stack-Based Buffer Overflow Vulnerability | KEV added: 2026-03-27 | KEV due: 2026-03-30 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1320Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'aquasecurity' (in 'Aquasecurity Trivy') | CVE: CVE-2026-33634 | Aquasecurity Trivy | Aquasecurity Trivy Embedded Malicious Code Vulnerability | KEV added: 2026-03-26 | KEV due: 2026-04-09 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1321Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'wing' (in 'Wing FTP Server Wing FTP Server') | CVE: CVE-2025-47813 | Wing FTP Server Wing FTP Server | Wing FTP Server Information Disclosure Vulnerability | KEV added: 2026-03-16 | KEV due: 2026-03-30 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1322Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'n8n' (in 'n8n n8n') | CVE: CVE-2025-68613 | n8n n8n | n8n Improper Control of Dynamically-Managed Code Resources Vulnerability | KEV added: 2026-03-11 | KEV due: 2026-03-25 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1323Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'rockwell' (in 'Rockwell Multiple Products') | CVE: CVE-2021-22681 | Rockwell Multiple Products | Rockwell Multiple Products Insufficient Protected Credentials Vulnerability | KEV added: 2026-03-05 | KEV due: 2026-03-26 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1324Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'qualcomm' (in 'Qualcomm Multiple Chipsets') | CVE: CVE-2026-21385 | Qualcomm Multiple Chipsets | Qualcomm Multiple Chipsets Memory Corruption Vulnerability | KEV added: 2026-03-03 | KEV due: 2026-03-24 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1325Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco SD-WAN') | CVE: CVE-2022-20775 | Cisco SD-WAN | Cisco SD-WAN Path Traversal Vulnerability | KEV added: 2026-02-25 | KEV due: 2026-02-27 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1326Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'dell' (in 'Dell RecoverPoint for Virtual Machines (RP4VMs)') | CVE: CVE-2026-22769 | Dell RecoverPoint for Virtual Machines (RP4VMs) | Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability | KEV added: 2026-02-18 | KEV due: 2026-02-21 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1327Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'notepad++' (in 'Notepad++ Notepad++') | CVE: CVE-2025-15556 | Notepad++ Notepad++ | Notepad++ Download of Code Without Integrity Check Vulnerability | KEV added: 2026-02-12 | KEV due: 2026-03-05 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1328Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'solarwinds' (in 'SolarWinds Web Help Desk') | CVE: CVE-2025-40536 | SolarWinds Web Help Desk | SolarWinds Web Help Desk Security Control Bypass Vulnerability | KEV added: 2026-02-12 | KEV due: 2026-02-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1331Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'gnu' (in 'GNU InetUtils') | CVE: CVE-2026-24061 | GNU InetUtils | GNU InetUtils Argument Injection Vulnerability | KEV added: 2026-01-26 | KEV due: 2026-02-16 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1332Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'versa' (in 'Versa Concerto') | CVE: CVE-2025-34026 | Versa Concerto | Versa Concerto Improper Authentication Vulnerability | KEV added: 2026-01-22 | KEV due: 2026-02-12 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1333Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'vitejs' (in 'Vite Vitejs') | CVE: CVE-2025-31125 | Vite Vitejs | Vite Vitejs Improper Access Control Vulnerability | KEV added: 2026-01-22 | KEV due: 2026-02-12 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1334Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'asus' (in 'ASUS Live Update') | CVE: CVE-2025-59374 | ASUS Live Update | ASUS Live Update Embedded Malicious Code Vulnerability | KEV added: 2025-12-17 | KEV due: 2026-01-07 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1335Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'gladinet' (in 'Gladinet CentreStack and Triofox') | CVE: CVE-2025-14611 | Gladinet CentreStack and Triofox | Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability | KEV added: 2025-12-15 | KEV due: 2026-01-05 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1336Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'osgeo' (in 'OSGeo GeoServer') | CVE: CVE-2025-58360 | OSGeo GeoServer | OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability | KEV added: 2025-12-11 | KEV due: 2026-01-01 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1339Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Fusion Middleware') | CVE: CVE-2025-61757 | Oracle Fusion Middleware | Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability | KEV added: 2025-11-21 | KEV due: 2025-12-12 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1341Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'gladinet' (in 'Gladinet Triofox') | CVE: CVE-2025-12480 | Gladinet Triofox | Gladinet Triofox Improper Access Control Vulnerability | KEV added: 2025-11-12 | KEV due: 2025-12-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1342Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'gladinet' (in 'Gladinet CentreStack and Triofox') | CVE: CVE-2025-11371 | Gladinet CentreStack and Triofox | Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability | KEV added: 2025-11-04 | KEV due: 2025-11-25 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1343Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'broadcom' (in 'Broadcom VMware Aria Operations and VMware Tools') | CVE: CVE-2025-41244 | Broadcom VMware Aria Operations and VMware Tools | Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability | KEV added: 2025-10-30 | KEV due: 2025-11-20 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1344Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'xwiki' (in 'XWiki Platform') | CVE: CVE-2025-24893 | XWiki Platform | XWiki Platform Eval Injection Vulnerability | KEV added: 2025-10-30 | KEV due: 2025-11-20 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1345Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'motex' (in 'Motex LANSCOPE Endpoint Manager') | CVE: CVE-2025-61932 | Motex LANSCOPE Endpoint Manager | Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability | KEV added: 2025-10-22 | KEV due: 2025-11-12 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1346Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'kentico' (in 'Kentico Xperience CMS') | CVE: CVE-2025-2746 | Kentico Xperience CMS | Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability | KEV added: 2025-10-20 | KEV due: 2025-11-10 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1347Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'kentico' (in 'Kentico Xperience CMS') | CVE: CVE-2025-2747 | Kentico Xperience CMS | Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability | KEV added: 2025-10-20 | KEV due: 2025-11-10 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1348Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe experience manager' (in 'Adobe Experience Manager (AEM) Forms') | CVE: CVE-2025-54253 | Adobe Experience Manager (AEM) Forms | Adobe Experience Manager Forms Code Execution Vulnerability | KEV added: 2025-10-15 | KEV due: 2025-11-05 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1349Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2010-3962 | Microsoft Internet Explorer | Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability | KEV added: 2025-10-06 | KEV due: 2025-10-27 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1351Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sudo' (in 'Sudo Sudo') | CVE: CVE-2025-32463 | Sudo Sudo | Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability | KEV added: 2025-09-29 | KEV due: 2025-10-20 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1353Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'tp-link' (in 'TP-Link TL-WR841N') | CVE: CVE-2023-50224 | TP-Link TL-WR841N | TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability | KEV added: 2025-09-03 | KEV due: 2025-09-24 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1354Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'tp-link' (in 'TP-Link TL-WA855RE') | CVE: CVE-2020-24363 | TP-Link TL-WA855RE | TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability | KEV added: 2025-09-02 | KEV due: 2025-09-23 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1355Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'git git' (in 'Git Git') | CVE: CVE-2025-48384 | Git Git | Git Link Following Vulnerability | KEV added: 2025-08-25 | KEV due: 2025-09-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1356Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'n-able' (in 'N-able N-Central') | CVE: CVE-2025-8876 | N-able N-Central | N-able N-Central Command Injection Vulnerability | KEV added: 2025-08-13 | KEV due: 2025-08-20 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1357Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'n-able' (in 'N-able N-Central') | CVE: CVE-2025-8875 | N-able N-Central | N-able N-Central Insecure Deserialization Vulnerability | KEV added: 2025-08-13 | KEV due: 2025-08-20 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1358Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2013-3893 | Microsoft Internet Explorer | Microsoft Internet Explorer Resource Management Errors Vulnerability | KEV added: 2025-08-12 | KEV due: 2025-09-02 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1361Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Identity Services Engine') | CVE: CVE-2025-20337 | Cisco Identity Services Engine | Cisco Identity Services Engine Injection Vulnerability | KEV added: 2025-07-28 | KEV due: 2025-08-18 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1362Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Identity Services Engine') | CVE: CVE-2025-20281 | Cisco Identity Services Engine | Cisco Identity Services Engine Injection Vulnerability | KEV added: 2025-07-28 | KEV due: 2025-08-18 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1363Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sysaid' (in 'SysAid SysAid On-Prem') | CVE: CVE-2025-2775 | SysAid SysAid On-Prem | SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability | KEV added: 2025-07-22 | KEV due: 2025-08-12 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1364Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sysaid' (in 'SysAid SysAid On-Prem') | CVE: CVE-2025-2776 | SysAid SysAid On-Prem | SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability | KEV added: 2025-07-22 | KEV due: 2025-08-12 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1365Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'crushftp' (in 'CrushFTP CrushFTP') | CVE: CVE-2025-54309 | CrushFTP CrushFTP | CrushFTP Unprotected Alternate Channel Vulnerability | KEV added: 2025-07-22 | KEV due: 2025-08-12 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1366Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'wing' (in 'Wing FTP Server Wing FTP Server') | CVE: CVE-2025-47812 | Wing FTP Server Wing FTP Server | Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability | KEV added: 2025-07-14 | KEV due: 2025-08-04 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1367Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'telemessage' (in 'TeleMessage TM SGNL') | CVE: CVE-2025-48928 | TeleMessage TM SGNL | TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability | KEV added: 2025-07-01 | KEV due: 2025-07-22 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1368Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ami megarac' (in 'AMI MegaRAC SPx') | CVE: CVE-2024-54085 | AMI MegaRAC SPx | AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability | KEV added: 2025-06-25 | KEV due: 2025-07-16 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1369Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'erlang' (in 'Erlang Erlang/OTP') | CVE: CVE-2025-32433 | Erlang Erlang/OTP | Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability | KEV added: 2025-06-09 | KEV due: 2025-06-30 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1370Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'telemessage' (in 'TeleMessage TM SGNL') | CVE: CVE-2025-47729 | TeleMessage TM SGNL | TeleMessage TM SGNL Hidden Functionality Vulnerability | KEV added: 2025-05-12 | KEV due: 2025-06-02 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1371Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'langflow' (in 'Langflow Langflow') | CVE: CVE-2025-3248 | Langflow Langflow | Langflow Missing Authentication Vulnerability | KEV added: 2025-05-05 | KEV due: 2025-05-26 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1372Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'yiiframework' (in 'Yiiframework Yii') | CVE: CVE-2024-58136 | Yiiframework Yii | Yiiframework Yii Improper Protection of Alternate Path Vulnerability | KEV added: 2025-05-02 | KEV due: 2025-05-23 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1373Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'qualitia' (in 'Qualitia Active! Mail') | CVE: CVE-2025-42599 | Qualitia Active! Mail | Qualitia Active! Mail Stack-Based Buffer Overflow Vulnerability | KEV added: 2025-04-28 | KEV due: 2025-05-19 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1374Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'gladinet' (in 'Gladinet CentreStack') | CVE: CVE-2025-30406 | Gladinet CentreStack | Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability | KEV added: 2025-04-08 | KEV due: 2025-04-29 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1376Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Smart Licensing Utility') | CVE: CVE-2024-20439 | Cisco Smart Licensing Utility | Cisco Smart Licensing Utility Static Credential Vulnerability | KEV added: 2025-03-31 | KEV due: 2025-04-21 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1377Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'reviewdog' (in 'reviewdog action-setup GitHub Action') | CVE: CVE-2025-30154 | reviewdog action-setup GitHub Action | reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability | KEV added: 2025-03-24 | KEV due: 2025-04-14 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1378Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'nakivo' (in 'NAKIVO Backup and Replication') | CVE: CVE-2024-48248 | NAKIVO Backup and Replication | NAKIVO Backup and Replication Absolute Path Traversal Vulnerability | KEV added: 2025-03-19 | KEV due: 2025-04-09 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1379Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'tj-actions' (in 'tj-actions changed-files GitHub Action') | CVE: CVE-2025-30066 | tj-actions changed-files GitHub Action | tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability | KEV added: 2025-03-18 | KEV due: 2025-04-08 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1380Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'juniper' (in 'Juniper Junos OS') | CVE: CVE-2025-21590 | Juniper Junos OS | Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability | KEV added: 2025-03-13 | KEV due: 2025-04-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1382Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'vmware' (in 'VMware ESXi and Workstation') | CVE: CVE-2025-22224 | VMware ESXi and Workstation | VMware ESXi and Workstation TOCTOU Race Condition Vulnerability | KEV added: 2025-03-04 | KEV due: 2025-03-25 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1383Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'hitachi' (in 'Hitachi Vantara Pentaho Business Analytics (BA) Server') | CVE: CVE-2022-43939 | Hitachi Vantara Pentaho Business Analytics (BA) Server | Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability | KEV added: 2025-03-03 | KEV due: 2025-03-24 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1384Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft power pages' (in 'Microsoft Power Pages') | CVE: CVE-2025-24989 | Microsoft Power Pages | Microsoft Power Pages Improper Access Control Vulnerability | KEV added: 2025-02-21 | KEV due: 2025-03-14 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1385Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'mitel' (in 'Mitel SIP Phones') | CVE: CVE-2024-41710 | Mitel SIP Phones | Mitel SIP Phones Argument Injection Vulnerability | KEV added: 2025-02-12 | KEV due: 2025-03-05 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1386Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sophos' (in 'Sophos XG Firewall') | CVE: CVE-2020-15069 | Sophos XG Firewall | Sophos XG Firewall Buffer Overflow Vulnerability | KEV added: 2025-02-06 | KEV due: 2025-02-27 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1387Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'audinate' (in 'Audinate Dante Discovery') | CVE: CVE-2022-23748 | Audinate Dante Discovery | Dante Discovery Process Control Vulnerability | KEV added: 2025-02-06 | KEV due: 2025-02-27 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1388Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched '7-zip' (in '7-Zip 7-Zip') | CVE: CVE-2025-0411 | 7-Zip 7-Zip | 7-Zip Mark of the Web Bypass Vulnerability | KEV added: 2025-02-06 | KEV due: 2025-02-27 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1389Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'paessler' (in 'Paessler PRTG Network Monitor') | CVE: CVE-2018-19410 | Paessler PRTG Network Monitor | Paessler PRTG Network Monitor Local File Inclusion Vulnerability | KEV added: 2025-02-04 | KEV due: 2025-02-25 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1392Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle WebLogic Server') | CVE: CVE-2020-2883 | Oracle WebLogic Server | Oracle WebLogic Server Unspecified Vulnerability | KEV added: 2025-01-07 | KEV due: 2025-01-28 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1393Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'acclaim' (in 'Acclaim Systems USAHERDS') | CVE: CVE-2021-44207 | Acclaim Systems USAHERDS | Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability | KEV added: 2024-12-23 | KEV due: 2025-01-13 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1394Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'nuuo' (in 'NUUO NVRmini2 Devices') | CVE: CVE-2022-23227 | NUUO NVRmini2 Devices | NUUO NVRmini2 Devices Missing Authentication Vulnerability | KEV added: 2024-12-18 | KEV due: 2025-01-08 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1395Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe coldfusion' (in 'Adobe ColdFusion') | CVE: CVE-2024-20767 | Adobe ColdFusion | Adobe ColdFusion Improper Access Control Vulnerability | KEV added: 2024-12-16 | KEV due: 2025-01-06 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1397Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'north grid' (in 'North Grid Proself') | CVE: CVE-2023-45727 | North Grid Proself | North Grid Proself Improper Restriction of XML External Entity (XXE) Reference Vulnerability | KEV added: 2024-12-03 | KEV due: 2024-12-24 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1398Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'vmware' (in 'VMware vCenter Server') | CVE: CVE-2024-38813 | VMware vCenter Server | VMware vCenter Server Privilege Escalation Vulnerability | KEV added: 2024-11-20 | KEV due: 2024-12-11 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1399Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'vmware' (in 'VMware vCenter Server') | CVE: CVE-2024-38812 | VMware vCenter Server | VMware vCenter Server Heap-Based Buffer Overflow Vulnerability | KEV added: 2024-11-20 | KEV due: 2024-12-11 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1400Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'meta' (in 'Metabase Metabase') | CVE: CVE-2021-41277 | Metabase Metabase | Metabase GeoJSON API Local File Inclusion Vulnerability | KEV added: 2024-11-12 | KEV due: 2024-12-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1402Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sciencelogic' (in 'ScienceLogic SL1') | CVE: CVE-2024-9537 | ScienceLogic SL1 | ScienceLogic SL1 Unspecified Vulnerability | KEV added: 2024-10-21 | KEV due: 2024-11-11 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1403Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'solarwinds' (in 'SolarWinds Web Help Desk') | CVE: CVE-2024-28987 | SolarWinds Web Help Desk | SolarWinds Web Help Desk Hardcoded Credential Vulnerability | KEV added: 2024-10-15 | KEV due: 2024-11-05 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1404Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'synacor' (in 'Synacor Zimbra Collaboration Suite (ZCS)') | CVE: CVE-2024-45519 | Synacor Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) Command Execution Vulnerability | KEV added: 2024-10-03 | KEV due: 2024-10-24 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1405Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle WebLogic Server') | CVE: CVE-2020-14644 | Oracle WebLogic Server | Oracle WebLogic Server Remote Code Execution Vulnerability | KEV added: 2024-09-18 | KEV due: 2024-10-09 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1407Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'acronis' (in 'Acronis Cyber Infrastructure (ACI)') | CVE: CVE-2023-45249 | Acronis Cyber Infrastructure (ACI) | Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability | KEV added: 2024-07-29 | KEV due: 2024-08-19 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1408Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'servicenow' (in 'ServiceNow Utah, Vancouver, and Washington DC Now Platform') | CVE: CVE-2024-5217 | ServiceNow Utah, Vancouver, and Washington DC Now Platform | ServiceNow Incomplete List of Disallowed Inputs Vulnerability | KEV added: 2024-07-29 | KEV due: 2024-08-19 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1409Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'servicenow' (in 'ServiceNow Utah, Vancouver, and Washington DC Now Platform') | CVE: CVE-2024-4879 | ServiceNow Utah, Vancouver, and Washington DC Now Platform | ServiceNow Improper Input Validation Vulnerability | KEV added: 2024-07-29 | KEV due: 2024-08-19 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1410Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'twilio' (in 'Twilio Authy') | CVE: CVE-2024-39891 | Twilio Authy | Twilio Authy Information Disclosure Vulnerability | KEV added: 2024-07-23 | KEV due: 2024-08-13 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1411Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'vmware' (in 'VMware vCenter Server') | CVE: CVE-2022-22948 | VMware vCenter Server | VMware vCenter Server Incorrect Default File Permissions Vulnerability | KEV added: 2024-07-17 | KEV due: 2024-08-07 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1412Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'osgeo' (in 'OSGeo GeoServer') | CVE: CVE-2024-36401 | OSGeo GeoServer | OSGeo GeoServer GeoTools Eval Injection Vulnerability | KEV added: 2024-07-15 | KEV due: 2024-08-05 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1413Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'rejetto' (in 'Rejetto HTTP File Server') | CVE: CVE-2024-23692 | Rejetto HTTP File Server | Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability | KEV added: 2024-07-09 | KEV due: 2024-07-30 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1414Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'roundcube' (in 'Roundcube Webmail') | CVE: CVE-2020-13965 | Roundcube Webmail | Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability | KEV added: 2024-06-26 | KEV due: 2024-07-17 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1415Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'progress' (in 'Progress Telerik Report Server') | CVE: CVE-2024-4358 | Progress Telerik Report Server | Progress Telerik Report Server Authentication Bypass by Spoofing Vulnerability | KEV added: 2024-06-13 | KEV due: 2024-07-04 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1416Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'justice av' (in 'Justice AV Solutions Viewer') | CVE: CVE-2024-4978 | Justice AV Solutions Viewer | Justice AV Solutions (JAVS) Viewer Installer Embedded Malicious Code Vulnerability | KEV added: 2024-05-29 | KEV due: 2024-06-19 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1420Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'crushftp' (in 'CrushFTP CrushFTP') | CVE: CVE-2024-4040 | CrushFTP CrushFTP | CrushFTP VFS Sandbox Escape Vulnerability | KEV added: 2024-04-24 | KEV due: 2024-05-01 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1425Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'spreadsheet::parseexcel' (in 'Spreadsheet::ParseExcel Spreadsheet::ParseExcel') | CVE: CVE-2023-7101 | Spreadsheet::ParseExcel Spreadsheet::ParseExcel | Spreadsheet::ParseExcel Remote Code Execution Vulnerability | KEV added: 2024-01-02 | KEV due: 2024-01-23 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1426Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'unitronics' (in 'Unitronics Vision PLC and HMI') | CVE: CVE-2023-6448 | Unitronics Vision PLC and HMI | Unitronics Vision PLC and HMI Insecure Default Password Vulnerability | KEV added: 2023-12-11 | KEV due: 2023-12-18 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1428Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'qualcomm' (in 'Qualcomm Multiple Chipsets') | CVE: CVE-2023-33106 | Qualcomm Multiple Chipsets | Qualcomm Multiple Chipsets Use of Out-of-Range Pointer Offset Vulnerability | KEV added: 2023-12-05 | KEV due: 2023-12-26 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1429Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'gnu' (in 'GNU GNU C Library') | CVE: CVE-2023-4911 | GNU GNU C Library | GNU C Library Buffer Overflow Vulnerability | KEV added: 2023-11-21 | KEV due: 2023-12-12 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1430Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Fusion Middleware') | CVE: CVE-2020-2551 | Oracle Fusion Middleware | Oracle Fusion Middleware Unspecified Vulnerability | KEV added: 2023-11-16 | KEV due: 2023-12-07 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1431Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ietf' (in 'IETF Service Location Protocol (SLP)') | CVE: CVE-2023-29552 | IETF Service Location Protocol (SLP) | Service Location Protocol (SLP) Denial-of-Service Vulnerability | KEV added: 2023-11-08 | KEV due: 2023-11-29 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1433Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'ietf' (in 'IETF HTTP/2') | CVE: CVE-2023-44487 | IETF HTTP/2 | HTTP/2 Rapid Reset Attack Vulnerability | KEV added: 2023-10-10 | KEV due: 2023-10-31 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1435Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'trend micro' (in 'Trend Micro Apex One and Worry-Free Business Security') | CVE: CVE-2023-41179 | Trend Micro Apex One and Worry-Free Business Security | Trend Micro Apex One and Worry-Free Business Security Remote Code Execution Vulnerability | KEV added: 2023-09-21 | KEV due: 2023-10-12 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1436Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'samsung' (in 'Samsung Mobile Devices') | CVE: CVE-2022-22265 | Samsung Mobile Devices | Samsung Mobile Devices Use-After-Free Vulnerability | KEV added: 2023-09-18 | KEV due: 2023-10-09 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1440Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'citrix' (in 'Citrix Content Collaboration') | CVE: CVE-2023-24489 | Citrix Content Collaboration | Citrix Content Collaboration ShareFile Improper Access Control Vulnerability | KEV added: 2023-08-16 | KEV due: 2023-09-06 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1441Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'visual studio' (in 'Microsoft .NET Core and Visual Studio') | CVE: CVE-2023-38180 | Microsoft .NET Core and Visual Studio | Microsoft .NET Core and Visual Studio Denial-of-Service Vulnerability | KEV added: 2023-08-09 | KEV due: 2023-08-30 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1442Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe coldfusion' (in 'Adobe ColdFusion') | CVE: CVE-2023-29298 | Adobe ColdFusion | Adobe ColdFusion Improper Access Control Vulnerability | KEV added: 2023-07-20 | KEV due: 2023-08-10 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1443Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe coldfusion' (in 'Adobe ColdFusion') | CVE: CVE-2023-38205 | Adobe ColdFusion | Adobe ColdFusion Improper Access Control Vulnerability | KEV added: 2023-07-20 | KEV due: 2023-08-10 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1444Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'samsung' (in 'Samsung Mobile Devices') | CVE: CVE-2021-25395 | Samsung Mobile Devices | Samsung Mobile Devices Race Condition Vulnerability | KEV added: 2023-06-29 | KEV due: 2023-07-20 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1445Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'samsung' (in 'Samsung Mobile Devices') | CVE: CVE-2021-25371 | Samsung Mobile Devices | Samsung Mobile Devices Unspecified Vulnerability | KEV added: 2023-06-29 | KEV due: 2023-07-20 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1447Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Java SE and JRockit') | CVE: CVE-2016-3427 | Oracle Java SE and JRockit | Oracle Java SE and JRockit Unspecified Vulnerability | KEV added: 2023-05-12 | KEV due: 2023-06-02 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1448Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle WebLogic Server') | CVE: CVE-2023-21839 | Oracle WebLogic Server | Oracle WebLogic Server Unspecified Vulnerability | KEV added: 2023-05-01 | KEV due: 2023-05-22 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1449Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'minio' (in 'MinIO MinIO') | CVE: CVE-2023-28432 | MinIO MinIO | MinIO Information Disclosure Vulnerability | KEV added: 2023-04-21 | KEV due: 2023-05-12 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1451Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'arm mali' (in 'Arm Mali Graphics Processing Unit (GPU)') | CVE: CVE-2023-26083 | Arm Mali Graphics Processing Unit (GPU) | Arm Mali GPU Kernel Driver Information Disclosure Vulnerability | KEV added: 2023-04-07 | KEV due: 2023-04-28 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1452Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe coldfusion' (in 'Adobe ColdFusion') | CVE: CVE-2023-26360 | Adobe ColdFusion | Adobe ColdFusion Deserialization of Untrusted Data Vulnerability | KEV added: 2023-03-15 | KEV due: 2023-04-05 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1453Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'teclib' (in 'Teclib GLPI') | CVE: CVE-2022-35914 | Teclib GLPI | Teclib GLPI Remote Code Execution Vulnerability | KEV added: 2023-03-07 | KEV due: 2023-03-28 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1455Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cacti' (in 'Cacti Cacti') | CVE: CVE-2022-46169 | Cacti Cacti | Cacti Command Injection Vulnerability | KEV added: 2023-02-16 | KEV due: 2023-03-09 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1459Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'samsung' (in 'Samsung Mobile Devices') | CVE: CVE-2021-25369 | Samsung Mobile Devices | Samsung Mobile Devices Improper Access Control Vulnerability | KEV added: 2022-11-08 | KEV due: 2022-11-29 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1464Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'trend micro' (in 'Trend Micro Apex One and Apex One as a Service') | CVE: CVE-2022-40139 | Trend Micro Apex One and Apex One as a Service | Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability | KEV added: 2022-09-15 | KEV due: 2022-10-06 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1466Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'netgear' (in 'NETGEAR Multiple Devices') | CVE: CVE-2017-5521 | NETGEAR Multiple Devices | NETGEAR Multiple Devices Exposure of Sensitive Information Vulnerability | KEV added: 2022-09-08 | KEV due: 2022-09-29 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1468Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sap' (in 'SAP Multiple Products') | CVE: CVE-2022-22536 | SAP Multiple Products | SAP Multiple Products HTTP Request Smuggling Vulnerability | KEV added: 2022-08-18 | KEV due: 2022-09-08 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1471Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sap' (in 'SAP NetWeaver') | CVE: CVE-2021-38163 | SAP NetWeaver | SAP NetWeaver Unrestricted File Upload Vulnerability | KEV added: 2022-06-09 | KEV due: 2022-06-30 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1472Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sap' (in 'SAP NetWeaver') | CVE: CVE-2016-2388 | SAP NetWeaver | SAP NetWeaver Information Disclosure Vulnerability | KEV added: 2022-06-09 | KEV due: 2022-06-30 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1474Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2012-4969 | Microsoft Internet Explorer | Microsoft Internet Explorer Use-After-Free Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1478Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Solaris') | CVE: CVE-2019-3010 | Oracle Solaris | Oracle Solaris Privilege Escalation Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1479Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2015-0071 | Microsoft Internet Explorer | Microsoft Internet Explorer ASLR Bypass Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1480Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2014-4123 | Microsoft Internet Explorer | Microsoft Internet Explorer Privilege Escalation Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1481Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2014-2817 | Microsoft Internet Explorer | Microsoft Internet Explorer Privilege Escalation Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1482Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2013-7331 | Microsoft Internet Explorer | Microsoft Internet Explorer Information Disclosure Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1484Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Java Runtime Environment (JRE)') | CVE: CVE-2013-2423 | Oracle Java Runtime Environment (JRE) | Oracle JRE Unspecified Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1489Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Java Runtime Environment (JRE)') | CVE: CVE-2010-0840 | Oracle Java Runtime Environment (JRE) | Oracle JRE Unspecified Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1491Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2017-0210 | Microsoft Internet Explorer | Microsoft Internet Explorer Privilege Escalation Vulnerability | KEV added: 2022-05-24 | KEV due: 2022-06-14 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1492Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'artifex' (in 'Artifex Ghostscript') | CVE: CVE-2017-8291 | Artifex Ghostscript | Artifex Ghostscript Type Confusion Vulnerability | KEV added: 2022-05-24 | KEV due: 2022-06-14 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1493Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2016-0162 | Microsoft Internet Explorer | Microsoft Internet Explorer Information Disclosure Vulnerability | KEV added: 2022-05-24 | KEV due: 2022-06-14 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1494Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2016-3298 | Microsoft Internet Explorer | Microsoft Internet Explorer Messaging API Information Disclosure Vulnerability | KEV added: 2022-05-24 | KEV due: 2022-06-14 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1496Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2019-0676 | Microsoft Internet Explorer | Microsoft Internet Explorer Information Disclosure Vulnerability | KEV added: 2022-05-23 | KEV due: 2022-06-13 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1503Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'meta' (in 'Meta Platforms WhatsApp') | CVE: CVE-2019-3568 | Meta Platforms WhatsApp | WhatsApp VOIP Stack Buffer Overflow Vulnerability | KEV added: 2022-04-19 | KEV due: 2022-05-10 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1504Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'vmware' (in 'VMware Multiple Products') | CVE: CVE-2022-22960 | VMware Multiple Products | VMware Multiple Products Privilege Escalation Vulnerability | KEV added: 2022-04-15 | KEV due: 2022-05-06 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1505Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'watchguard' (in 'WatchGuard Firebox and XTM') | CVE: CVE-2022-23176 | WatchGuard Firebox and XTM | WatchGuard Firebox and XTM Privilege Escalation Vulnerability | KEV added: 2022-04-11 | KEV due: 2022-05-02 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1506Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'telerik' (in 'Telerik User Interface (UI) for ASP.NET AJAX') | CVE: CVE-2017-11317 | Telerik User Interface (UI) for ASP.NET AJAX | Telerik UI for ASP.NET AJAX Unrestricted File Upload Vulnerability | KEV added: 2022-04-11 | KEV due: 2022-05-02 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1507Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sudo' (in 'Sudo Sudo') | CVE: CVE-2021-3156 | Sudo Sudo | Sudo Heap-Based Buffer Overflow Vulnerability | KEV added: 2022-04-06 | KEV due: 2022-04-27 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1508Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'trend micro' (in 'Trend Micro Apex Central') | CVE: CVE-2022-26871 | Trend Micro Apex Central | Trend Micro Apex Central Arbitrary File Upload Vulnerability | KEV added: 2022-03-31 | KEV due: 2022-04-21 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1509Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sophos' (in 'Sophos Firewall') | CVE: CVE-2022-1040 | Sophos Firewall | Sophos Firewall Authentication Bypass Vulnerability | KEV added: 2022-03-31 | KEV due: 2022-04-21 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1511Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'dell' (in 'Dell dbutil Driver') | CVE: CVE-2021-21551 | Dell dbutil Driver | Dell dbutil Driver Insufficient Access Control Vulnerability | KEV added: 2022-03-31 | KEV due: 2022-04-21 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1514Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2017-0059 | Microsoft Internet Explorer | Microsoft Internet Explorer Information Disclosure Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1517Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Java SE') | CVE: CVE-2012-5076 | Oracle Java SE | Oracle Java SE Sandbox Bypass Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1519Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Fusion Middleware') | CVE: CVE-2012-0518 | Oracle Fusion Middleware | Oracle Fusion Middleware Unspecified Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1520Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'watchguard' (in 'WatchGuard Firebox and XTM Appliances') | CVE: CVE-2022-26318 | WatchGuard Firebox and XTM Appliances | WatchGuard Firebox and XTM Appliances Arbitrary Code Execution | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1521Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'mitel' (in 'Mitel MiCollab, MiVoice Business Express') | CVE: CVE-2022-26143 | Mitel MiCollab, MiVoice Business Express | MiCollab, MiVoice Business Express Access Control Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1523Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'qnap' (in 'QNAP Systems Helpdesk') | CVE: CVE-2020-2506 | QNAP Systems Helpdesk | QNAP Helpdesk Improper Access Control Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1524Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle BI Publisher (Formerly XML Publisher)') | CVE: CVE-2019-2616 | Oracle BI Publisher (Formerly XML Publisher) | Oracle BI Publisher Unauthorized Access Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1525Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'elastic' (in 'Elastic Elasticsearch') | CVE: CVE-2015-1427 | Elastic Elasticsearch | Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1526Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'elastic' (in 'Elastic Elasticsearch') | CVE: CVE-2014-3120 | Elastic Elasticsearch | Elasticsearch Remote Code Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1527Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'exim' (in 'Exim Exim') | CVE: CVE-2010-4345 | Exim Exim | Exim Privilege Escalation Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1528Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'hewlett' (in 'Hewlett Packard (HP) OpenView Network Node Manager') | CVE: CVE-2005-2773 | Hewlett Packard (HP) OpenView Network Node Manager | HP OpenView Network Node Manager Remote Code Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1529Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sonicwall' (in 'SonicWall SonicOS') | CVE: CVE-2020-5135 | SonicWall SonicOS | SonicWall SonicOS Buffer Overflow Vulnerability | KEV added: 2022-03-15 | KEV due: 2022-04-05 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1531Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe coldfusion' (in 'Adobe ColdFusion') | CVE: CVE-2013-0631 | Adobe ColdFusion | Adobe ColdFusion Information Disclosure Vulnerability | KEV added: 2022-03-07 | KEV due: 2022-09-07 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1532Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe coldfusion' (in 'Adobe ColdFusion') | CVE: CVE-2013-0629 | Adobe ColdFusion | Adobe ColdFusion Directory Traversal Vulnerability | KEV added: 2022-03-07 | KEV due: 2022-09-07 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1533Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe coldfusion' (in 'Adobe ColdFusion') | CVE: CVE-2013-0625 | Adobe ColdFusion | Adobe ColdFusion Authentication Bypass Vulnerability | KEV added: 2022-03-07 | KEV due: 2022-09-07 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1535Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers') | CVE: CVE-2022-20708 | Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers | Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1536Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers') | CVE: CVE-2022-20703 | Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers | Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1537Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers') | CVE: CVE-2022-20701 | Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers | Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1538Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers') | CVE: CVE-2022-20700 | Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers | Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1539Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers') | CVE: CVE-2022-20699 | Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers | Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1541Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'chakracore' (in 'ChakraCore ChakraCore scripting engine') | CVE: CVE-2018-8298 | ChakraCore ChakraCore scripting engine | ChakraCore Scripting Engine Type Confusion Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1542Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Java SE') | CVE: CVE-2015-4902 | Oracle Java SE | Oracle Java SE Integrity Check Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1543Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Java SE') | CVE: CVE-2015-2590 | Oracle Java SE | Oracle Java SE and Java SE Embedded Remote Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1545Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2013-3897 | Microsoft Internet Explorer | Microsoft Internet Explorer Use-After-Free Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1547Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'adobe coldfusion' (in 'Adobe ColdFusion') | CVE: CVE-2013-0632 | Adobe ColdFusion | Adobe ColdFusion Authentication Bypass Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1551Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Java SE JDK and JRE') | CVE: CVE-2011-3544 | Oracle Java SE JDK and JRE | Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1552Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle VirtualBox') | CVE: CVE-2008-3431 | Oracle VirtualBox | Oracle VirtualBox Insufficient Input Validation Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1553Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'zabbix' (in 'Zabbix Frontend') | CVE: CVE-2022-23134 | Zabbix Frontend | Zabbix Frontend Improper Access Control Vulnerability | KEV added: 2022-02-22 | KEV due: 2022-03-08 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1559Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'intel' (in 'Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability') | CVE: CVE-2017-5689 | Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability | Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability Privilege Escalation Vulnerability | KEV added: 2022-01-28 | KEV due: 2022-07-28 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1560Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'aviatrix' (in 'Aviatrix Aviatrix Controller') | CVE: CVE-2021-40870 | Aviatrix Aviatrix Controller | Aviatrix Controller Unrestricted Upload of File | KEV added: 2022-01-18 | KEV due: 2022-02-01 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1561Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'vmware' (in 'VMware vCenter Server') | CVE: CVE-2021-22017 | VMware vCenter Server | VMware vCenter Server Improper Access Control | KEV added: 2022-01-10 | KEV due: 2022-01-24 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1563Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'synacor' (in 'Synacor Zimbra Collaboration Suite (ZCS)') | CVE: CVE-2019-9670 | Synacor Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) Improper Restriction of XML External Entity Reference | KEV added: 2022-01-10 | KEV due: 2022-07-10 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1564Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'primetek' (in 'Primetek Primefaces Application') | CVE: CVE-2017-1000486 | Primetek Primefaces Application | Primetek Primefaces Remote Code Execution Vulnerability | KEV added: 2022-01-10 | KEV due: 2022-07-10 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1565Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'zoho' (in 'Zoho Desktop Central') | CVE: CVE-2021-44515 | Zoho Desktop Central | Zoho Desktop Central Authentication Bypass Vulnerability | KEV added: 2021-12-10 | KEV due: 2021-12-24 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1566Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sonatype' (in 'Sonatype Nexus Repository Manager') | CVE: CVE-2019-7238 | Sonatype Nexus Repository Manager | Sonatype Nexus Repository Manager Incorrect Access Control Vulnerability | KEV added: 2021-12-10 | KEV due: 2022-06-10 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1567Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'zoho' (in 'Zoho ManageEngine ServiceDesk Plus (SDP)') | CVE: CVE-2021-37415 | Zoho ManageEngine ServiceDesk Plus (SDP) | Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability | KEV added: 2021-12-01 | KEV due: 2021-12-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1568Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'zoho' (in 'Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus') | CVE: CVE-2021-44077 | Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus | Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability | KEV added: 2021-12-01 | KEV due: 2021-12-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1569Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'perl exiftool' (in 'Perl Exiftool') | CVE: CVE-2021-22204 | Perl Exiftool | ExifTool Remote Code Execution Vulnerability | KEV added: 2021-11-17 | KEV due: 2021-12-01 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1571Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'amcrest' (in 'Amcrest Cameras and Network Video Recorder (NVR)') | CVE: CVE-2020-5735 | Amcrest Cameras and Network Video Recorder (NVR) | Amcrest Cameras and NVR Stack-based Buffer Overflow Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1574Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'dotnetnuke' (in 'DotNetNuke (DNN) DotNetNuke (DNN)') | CVE: CVE-2018-15811 | DotNetNuke (DNN) DotNetNuke (DNN) | DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1575Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'dotnetnuke' (in 'DotNetNuke (DNN) DotNetNuke (DNN)') | CVE: CVE-2018-18325 | DotNetNuke (DNN) DotNetNuke (DNN) | DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1576Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'eyesofnetwork' (in 'EyesOfNetwork EyesOfNetwork') | CVE: CVE-2020-8657 | EyesOfNetwork EyesOfNetwork | EyesOfNetwork Use of Hard-Coded Credentials Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1577Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'imagemagick' (in 'ImageMagick ImageMagick') | CVE: CVE-2016-3715 | ImageMagick ImageMagick | ImageMagick Arbitrary File Deletion Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1579Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'mcafee' (in 'McAfee McAfee Total Protection (MTP)') | CVE: CVE-2021-23874 | McAfee McAfee Total Protection (MTP) | McAfee Total Protection (MTP) Improper Privilege Management Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1585Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft open management infrastructure' (in 'Microsoft Open Management Infrastructure (OMI)') | CVE: CVE-2021-38645 | Microsoft Open Management Infrastructure (OMI) | Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1586Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft open management infrastructure' (in 'Microsoft Open Management Infrastructure (OMI)') | CVE: CVE-2021-38649 | Microsoft Open Management Infrastructure (OMI) | Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1591Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2021-27085 | Microsoft Internet Explorer | Microsoft Internet Explorer Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1595Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'microsoft open management infrastructure' (in 'Microsoft Open Management Infrastructure (OMI)') | CVE: CVE-2021-38648 | Microsoft Open Management Infrastructure (OMI) | Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1596Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'netgear' (in 'NETGEAR JGS516PE Devices') | CVE: CVE-2020-26919 | NETGEAR JGS516PE Devices | Netgear JGS516PE Devices Missing Function Level Access Control Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1597Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Fusion Middleware') | CVE: CVE-2012-3152 | Oracle Fusion Middleware | Oracle Fusion Middleware Unspecified Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1598Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle WebLogic Server') | CVE: CVE-2020-14750 | Oracle WebLogic Server | Oracle WebLogic Server Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1599Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle WebLogic Server') | CVE: CVE-2020-14882 | Oracle WebLogic Server | Oracle WebLogic Server Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1600Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'oracle' (in 'Oracle WebLogic Server') | CVE: CVE-2020-14883 | Oracle WebLogic Server | Oracle WebLogic Server Unspecified Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1601Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'qualcomm' (in 'Qualcomm Multiple Chipsets') | CVE: CVE-2021-1906 | Qualcomm Multiple Chipsets | Qualcomm Multiple Chipsets Detection of Error Condition Without Action Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1602Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'roundcube' (in 'Roundcube Roundcube Webmail') | CVE: CVE-2017-16651 | Roundcube Roundcube Webmail | Roundcube Webmail File Disclosure Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1603Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'saltstack' (in 'SaltStack Salt') | CVE: CVE-2020-11651 | SaltStack Salt | SaltStack Salt Authentication Bypass Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1604Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sap' (in 'SAP NetWeaver') | CVE: CVE-2010-5326 | SAP NetWeaver | SAP NetWeaver Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1605Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sap' (in 'SAP NetWeaver') | CVE: CVE-2016-9563 | SAP NetWeaver | SAP NetWeaver XML External Entity (XXE) Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1606Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sap' (in 'SAP NetWeaver') | CVE: CVE-2020-6287 | SAP NetWeaver | SAP NetWeaver Missing Authentication for Critical Function Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1607Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sap' (in 'SAP Solution Manager') | CVE: CVE-2020-6207 | SAP Solution Manager | SAP Solution Manager Missing Authentication for Critical Function Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1608Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'simalliance' (in 'SIMalliance Toolbox Browser') | CVE: CVE-2019-16256 | SIMalliance Toolbox Browser | SIMalliance Toolbox Browser Command Injection Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1609Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'solarwinds' (in 'SolarWinds Orion') | CVE: CVE-2020-10148 | SolarWinds Orion | SolarWinds Orion Authentication Bypass Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1610Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'solarwinds' (in 'SolarWinds Virtualization Manager') | CVE: CVE-2016-3643 | SolarWinds Virtualization Manager | SolarWinds Virtualization Manager Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1611Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'sonatype' (in 'Sonatype Nexus Repository') | CVE: CVE-2020-10199 | Sonatype Nexus Repository | Sonatype Nexus Repository Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1613Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'teamviewer' (in 'TeamViewer Desktop') | CVE: CVE-2019-18988 | TeamViewer Desktop | TeamViewer Desktop Bypass Remote Login Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1614Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'progress' (in 'Progress ASP.NET AJAX and Sitefinity') | CVE: CVE-2017-9248 | Progress ASP.NET AJAX and Sitefinity | Progress Telerik UI for ASP.NET AJAX and Sitefinity Cryptographic Weakness Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1616Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'vmware' (in 'VMware vCenter Server') | CVE: CVE-2020-3952 | VMware vCenter Server | VMware vCenter Server Information Disclosure Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
EXP-KEV-1619Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Treating Controls
Detection Controls
OUT_OF_SCOPE: matched 'zyxel' (in 'Zyxel Multiple Products') | CVE: CVE-2020-29583 | Zyxel Multiple Products | Zyxel Multiple Products Use of Hard-Coded Credentials Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application
Threat Catalogue 60
Stable taxonomy — MITRE ATT&CK aligned plus AI-specific entries.
THR-001PhishingInitial AccessCriticalT1566SOC Manager
THR-002Spear Phishing AttachmentInitial AccessHighT1566.001SOC Manager
THR-003Spear Phishing LinkInitial AccessHighT1566.002SOC Manager
THR-004Drive-By CompromiseInitial AccessMediumT1189SOC Manager
THR-005External Remote ServicesInitial AccessCriticalT1133Identity & Access Manager
THR-006Exploit Public-Facing ApplicationInitial AccessCriticalT1190AppSec Lead
THR-007Supply Chain CompromiseInitial AccessHighT1195Vendor Risk Manager
THR-008Trusted RelationshipInitial AccessHighT1199Vendor Risk Manager
THR-009Valid Accounts (Credential Reuse)Initial AccessCriticalT1078Identity & Access Manager
THR-010Command and Scripting InterpreterExecutionHighT1059SOC Manager
THR-011PowerShell AbuseExecutionHighT1059.001SOC Manager
THR-012User ExecutionExecutionHighT1204CISO
THR-013LOLBins AbuseExecutionMediumT1218SOC Manager
THR-014Account ManipulationPersistenceHighT1098Identity & Access Manager
THR-015Scheduled Task / Cron JobPersistenceMediumT1053SOC Manager
THR-016Autostart ExecutionPersistenceMediumT1547SOC Manager
THR-017Web ShellPersistenceHighT1505.003AppSec Lead
THR-018Exploitation for Privilege EscalationPrivilege EscalationHighT1068SOC Manager
THR-019Access Token ManipulationPrivilege EscalationMediumT1134SOC Manager
THR-020Process InjectionPrivilege EscalationHighT1055SOC Manager
THR-021Impair DefensesDefense EvasionHighT1562SOC Manager
THR-022Indicator RemovalDefense EvasionMediumT1070SOC Manager
THR-023MasqueradingDefense EvasionMediumT1036SOC Manager
THR-024OS Credential DumpingCredential AccessCriticalT1003Identity & Access Manager
THR-025Brute ForceCredential AccessHighT1110Identity & Access Manager
THR-026Credential StuffingCredential AccessCriticalT1110.004Identity & Access Manager
THR-027Steal Kerberos TicketsCredential AccessHighT1558Identity & Access Manager
THR-028MFA Request GenerationCredential AccessHighT1621Identity & Access Manager
THR-029Account DiscoveryDiscoveryMediumT1087SOC Manager
Description. Adversary enumerates accounts to identify targets.
Treating Controls
Detection Controls
THR-030Network Service DiscoveryDiscoveryMediumT1046SOC Manager
THR-031Lateral Tool TransferLateral MovementHighT1570SOC Manager
THR-032Remote Services (RDP, SSH)Lateral MovementHighT1021Identity & Access Manager
THR-033Exploitation of Remote ServicesLateral MovementHighT1210SOC Manager
THR-034Data from Information RepositoriesCollectionMediumT1213DPO
THR-035Email CollectionCollectionMediumT1114DPO
THR-036Application Layer ProtocolCommand and ControlHighT1071SOC Manager
THR-037Encrypted ChannelCommand and ControlHighT1573SOC Manager
THR-038Exfiltration Over C2 ChannelExfiltrationHighT1041SOC Manager
THR-039Exfiltration Over Cloud StorageExfiltrationHighT1567SOC Manager
THR-040Ransomware (Data Encrypted)ImpactCriticalT1486Incident Response Lead
THR-041Data DestructionImpactCriticalT1485Business Continuity Manager
THR-042Account Access RemovalImpactMediumT1531Identity & Access Manager
THR-043Endpoint Denial of ServiceImpactMediumT1499SOC Manager
THR-044Network Denial of ServiceImpactMediumT1498SOC Manager
THR-045Resource Hijacking (Cryptojacking)ImpactLowT1496SOC Manager
THR-046Phishing for InformationReconnaissanceMediumT1598CISO
THR-047Gather Victim Identity InformationReconnaissanceLowT1589CISO
Description. Adversary collects employee names, roles, contact info (OSINT).
Treating Controls
Detection Controls
THR-048Compromise AccountsResource DevelopmentMediumT1586Vendor Risk Manager
Description. Adversary uses compromised accounts (legitimate-seeming) for operations.
Treating Controls
Detection Controls
THR-049Cloud Service DiscoveryDiscoveryHighT1526CIO
THR-050Multi-Factor Authentication InterceptionCredential AccessHighT1111Identity & Access Manager
THR-051Prompt Injection (LLM)AI-specific (OWASP LLM01)HighAI.001Chief AI Officer
THR-052Model Inversion / Data ExtractionAI-specific (OWASP LLM06)HighAI.002Chief AI Officer
THR-053Training Data PoisoningAI-specific (OWASP LLM03)MediumAI.003Chief AI Officer
THR-054Model Theft / ExtractionAI-specific (OWASP LLM10)MediumAI.004Chief AI Officer
THR-055Adversarial ExamplesAI-specific (OWASP LLM02)MediumAI.005Chief AI Officer
Description. Adversary crafts inputs to cause model misclassification.
Treating Controls
Detection Controls
THR-056LLM JailbreakAI-specific (OWASP LLM01)HighAI.006Chief AI Officer
THR-057AI Supply Chain CompromiseAI-specific (OWASP LLM05)MediumAI.007Chief AI Officer
THR-058Sensitive Disclosure via LLMAI-specific (OWASP LLM06)HighAI.008Chief AI Officer
THR-059SQL InjectionInitial Access (Web)HighT1190 (Web)AppSec Lead
Validations 15
Empirical results from BAS, red team, and pen-test exercises. Closes the loop between catalogued treating Controls and reality.
Sources 12
Data feeds powering Discovery and Validation. Stale feeds become hygiene flags below.
Governance Hygiene
Automated flags — items needing CTEM programme attention.
Active Critical / High exposures 608
Critical/High threats not validated in 90 days 26
Training
Mandatory training catalogue, completion rates, and role-based programmes. People-side execution layer for the framework.
TRN-009Acceptable Use Policy AcknowledgementMandatoryAll Staff2026-05-3097% / 100%CISO
TRN-011Physical Security AwarenessMandatoryOn-Site Staff2026-04-1095% / 98%Facilities
TRN-001Annual Security AwarenessMandatoryAll Staff2026-04-3094% / 98%CISO
Compliance Requirement. ISO 27001 A.6.3; SOC 2 CC1.4
Linked Controls
KnowBe4-delivered; awareness modules + assessment.
TRN-012Insider Threat AwarenessMandatoryAll Staff2026-04-3094% / 98%CISO
TRN-005Data Protection & GDPRMandatoryAll Staff2026-02-2892% / 98%DPO
TRN-007AI Acceptable UseMandatoryAll Staff2026-05-0578% / 95%Chief AI Officer
TRN-006Incident Response TabletopRole-BasedIR Team + Leadership2026-04-15100% / 100%Incident Response Lead
TRN-010Cloud Security FundamentalsRole-BasedCloud Platform Team2026-03-20100% / 100%CTO
TRN-008Vendor Risk ManagementRole-BasedProcurement + IT + Legal2026-01-2596% / 100%Vendor Risk Manager
TRN-003Privileged Access TrainingRole-BasedPrivileged Users2026-03-1591% / 100%Identity & Access Manager
TRN-013Business Continuity AwarenessRole-BasedAll Staff (Critical Functions)2026-03-3089% / 95%Business Continuity Manager
TRN-015Software Composition Analysis (SCA) ProcessRole-BasedEngineering2026-05-2588% / 95%AppSec Lead
TRN-004Secure Coding PracticesRole-BasedEngineering2026-05-0187% / 95%AppSec Lead
TRN-014Records ManagementRole-BasedRecords Owners2025-09-2083% / 95%DPO
Governance Hygiene
Automated flags — items needing management attention.
Below target completion 12
Audits
Internal and external audits, findings, response status, and Control test history. Closes the loop between scored maturity and external validation — Controls audit-tested carry higher credibility.
AUD-001ISO 27001 Surveillance Audit 2026ExternalBSI2026-09-15—Planned
Findings Breakdown
Critical: 0 · Major: 0 · Minor: 0 · Observations: 0
Linked Controls
Annual surveillance; preparation in progress.
AUD-010TISAX Assessment Level 2ExternalAuditor X2026-07-01—Planned
Findings Breakdown
Critical: 0 · Major: 0 · Minor: 0 · Observations: 0
Linked Controls
Scheduled — preparation under way; gap assessment scheduled June.
AUD-011Pen Test — Internal Network 2026ExternalSecureCo2026-06-01—In Progress
AUD-006Internal Audit — AI GovernanceInternalInternal Audit2026-05-100C / 2M / 5m / 4OResponse Due
AUD-008Backup & Recovery AuditInternalInternal Audit2026-04-200C / 0M / 2m / 2OClosed
AUD-003SOC 2 Type II 2026 H1ExternalKPMG2026-04-010C / 1M / 5m / 2OFindings Issued
AUD-007GDPR Data Protection Audit 2026InternalDPO + External counsel2026-03-200C / 1M / 3m / 1OClosed
AUD-005Penetration Test — External Surface 2026ExternalSecureCo2026-03-011C / 3M / 4m / 1OClosed
AUD-004Internal Audit — Vendor Risk ManagementInternalInternal Audit2026-02-150C / 0M / 3m / 2OClosed
AUD-009NIS 2 Readiness Self-AssessmentSelf-AssessmentInternal2026-02-010C / 3M / 6m / 3OClosed
AUD-012SOX IT General Controls 2025ExternalKPMG2025-11-010C / 0M / 4m / 2OClosed
Governance Hygiene
Automated flags — items needing management attention.
Incidents
Historical and active security incidents with Control-failure attribution, asset and vendor impact, and lessons-learned status. Empirical validation layer for the framework: scored maturity meets operational reality here.
INC-004Insider data export — pending investigationInsiderHigh2026-06-05CISOActive
INC-009Lost laptop — encrypted, no exposurePhysicalLow2026-05-25IT Service DeskResolved
INC-001Phishing campaign — credential harvest attemptPhishingHigh2026-05-20Incident Response LeadLessons Implemented
INC-007Brute-force login attempts — OktaAccount TakeoverMedium2026-05-12Identity & Access ManagerResolved
INC-005Misdirected email — limited PII exposureData LossLow2026-05-08DPOLessons Implemented
INC-008LLM prompt-injection attempt — customer support botAI-relatedMedium2026-04-30Chief AI OfficerResolved
INC-015BC tabletop finding — IR escalation gapProcessLow2026-04-30Incident Response LeadLessons Implemented
INC-006Phishing simulation failure cluster — sales teamPhishingLow2026-04-22CISOResolved
Lessons Learned. Phishing simulation click rate 18% in sales; targeted re-training rolled out; subsequent run dropped to 6%. Implemented
Failed Controls
Affected Assets
Affected Vendors
INC-012Unauthorised AI tool usage — marketingShadow IT / AILow2026-04-15Chief AI OfficerResolved
INC-002Ransomware vector — blocked at endpointMalwareMedium2026-04-10SOC ManagerResolved
INC-014Stale access — terminated employeeAccess ManagementMedium2026-03-25Identity & Access ManagerLessons Implemented
INC-003Vendor breach notification — AWS S3 misconfig (3rd party)Third-PartyMedium2026-03-15Vendor Risk ManagerResolved
INC-011Backup verification gap — 1 missed cycleOperationalLow2026-03-02Business Continuity ManagerResolved
INC-013DDoS attempt — mitigated upstreamAvailabilityMedium2026-02-28SOC ManagerResolved
INC-010Q1 phishing campaign — Finance departmentPhishingHigh2026-01-18Incident Response LeadLessons Implemented
Governance Hygiene
Automated flags — items needing management attention.
Active Critical/High incidents 1
Repeat categories 1
Policy Register
Formal policies with explicit owner, approval body, version, review cadence, and the Controls they govern. Formalises the per-Objective policy stubs into a single source of truth and drives review-cadence accountability.
POL-001Information Security Policy (Umbrella)AllBoardCISO2027-01-15Active
POL-002Acceptable Use PolicyGOVCISOCISO2026-11-30Active
POL-003Access Control PolicyPROCISOIdentity & Access Manager2026-09-15In Review
POL-004Asset Management PolicyIDECISOCIO2025-09-15Overdue
POL-005Risk Management PolicyGOVBoardCISO2027-02-28Active
POL-006Incident Response PolicyRESBoardIncident Response Lead2027-03-15Active
POL-007Business Continuity PolicyRECBoardBusiness Continuity Manager2026-12-01Active
POL-008Vendor Risk Management PolicyGOVCISOVendor Risk Manager2027-01-20Active
POL-009AI Risk Management PolicyAIIBoardChief AI Officer2027-02-10Active
POL-010Data Classification PolicyPROCISODPO2026-10-25Active
POL-012Vulnerability Management PolicyDETCISOSOC Manager2027-04-10Active
POL-013Secure Development Policy (SSDLC)APSCTOAppSec Lead2026-06-15Pending Approval
POL-014Logging & Monitoring PolicyDETCISOSOC Manager2027-03-05Active
Governance Hygiene
Automated flags — items needing management attention.
Reviews overdue 1
Reviews due within 90 days 3
In review / pending approval 2
Vendor Register
First-class third parties with contract status, certifications, criticality, treating Controls, and recertification cadence. Anchors NIS 2 supply-chain due diligence, AIT (third-party AI) governance, and DPO data-processor obligations.
VND-001Amazon Web Services (AWS)CriticalCloud InfrastructureCIO2027-03-31Active
Services. Compute, storage, networking, security primitives
Certifications
Data Accessed
Treating Controls
Assets Affected
Hosts AST-002, AST-004, AST-005.
VND-002Microsoft 365CriticalSaaS ProductivityCIO2027-06-30Active
VND-003SalesforceCriticalSaaS CRMCIO2026-12-31Renewing
VND-004ServiceNowHighSaaS ITSMCIO2027-09-30Active
VND-005OktaCriticalIdentity ProviderIdentity & Access Manager2026-10-31Active
VND-006CrowdStrikeCriticalSecurity OperationsSOC Manager2027-01-31Active
VND-007WorkdayHighHRISDPO2026-11-30Renewing
VND-008KnowBe4MediumTrainingCISO2026-09-30Active
Services. Security awareness training, phishing simulations
Certifications
Data Accessed
Treating Controls
Assets Affected
Annual review overdue 33 days as of 2026-06-12.
VND-009Anthropic (Claude API)HighAI / LLM ProviderChief AI Officer2026-12-31Active
VND-010Secondary LLM ProviderHighAI / LLM ProviderChief AI Officer2026-12-31Active
VND-011SplunkHighSIEMSOC Manager2026-12-31Renewing
VND-012GitHub EnterpriseCriticalDeveloper PlatformCTO2027-04-30Active
VND-013Iron MountainHighBackupBusiness Continuity Manager2027-02-28Active
VND-014DBC & Co Legal CounselLowProfessional ServicesDPO2026-12-31Active
Services. Legal advisory
Certifications
Data Accessed
Treating Controls
Assets Affected
Overdue 285 days as of 2026-06-12.
Governance Hygiene
Automated flags — items needing management attention.
Recertification overdue 2
Contracts expiring 1
Asset Register
First-class assets (systems, data, processes, locations) with owners, classifications, treating Controls, and review cadence. Anchors scope for incident response and supports asset-led risk treatment.
AST-001Customer CRM Platform (Salesforce)SystemCriticalCIO2026-04-10Active
AST-002Enterprise Data WarehouseSystemCriticalCIO2026-03-25Active
AST-003Production Source Code RepositoriesDataRestrictedCTO2026-04-15Active
AST-004Customer PII DatabaseDataRestrictedDPO2026-02-10Stale Review
AST-005Financial Records DatabaseDataRestrictedCFO2026-03-30Active
AST-006HR Information System (Workday)SystemCriticalCIO2026-03-12Stale Review
AST-007Email & Collaboration Platform (M365)SystemSensitiveCIO2026-04-20Active
AST-008Identity Platform (Okta + AD)SystemCriticalIdentity & Access Manager2026-05-01Active
AST-009Incident Response ProcessProcessCriticalIncident Response Lead2026-04-30Active
AST-010London HQ DatacentreLocationCriticalCIO2026-02-15Stale Review
AST-011DR Site (Manchester)LocationCriticalBusiness Continuity Manager2026-03-08Active
AST-012AWS eu-west-2 RegionLocationCriticalCIO2026-05-01Active
AST-013LLM API Integration (Claude + secondary LLM)SystemCriticalChief AI Officer2026-05-15Active
AST-014Payroll ProcessProcessSensitiveHR Director2026-04-05Active
Governance Hygiene
Automated flags — items needing management attention.
Overdue review 2
Owners
Per-Owner roll-up of Controls, Actions, and Evidence. The escalation lens for steering committee — concentrates accountability, workload, and treatment progress in one view. Rows sorted by lowest % at target first (escalation candidates surface up top). Click any row to expand.
AI Risk Lead2245%AIT.AG-06 1200 overdue8 weak/none
Chief AI Officer3050%AII.OP-07 1200 overdue7 weak/none
Vendor Risk Manager2850%IDE.ES-04 2200 overdue6 weak/none
CIO2458%IDE.AM-07 2300 overdue0 weak/none
Controls below target 10
Active Actions 5
AppSec Lead4963%AII.VM-06 4400 overdue7 weak/none
Controls below target 18
Active Actions 8
Identity & Access Manager1566%PRO.IR-03 0300 overdue0 weak/none
Controls below target 5
Active Actions 3
DPO2470%IDE.DI-03 1200 overdue0 weak/none
Controls below target 7
Active Actions 3
CISO6373%GOV.RR-08 6611 overdue12 weak/none
SOC Manager2774%IDE.TM-02 2401 overdue4 weak/none
Controls below target 7
Active Actions 6
Business Continuity Manager2080%REC.RV-03 1200 overdue3 weak/none
Controls below target 4
Active Actions 3
CTO1681%PRO.NS-02 1301 overdue3 weak/none
Controls below target 3
Active Actions 4
Incident Response Lead2386%RES.PR-01 2110 overdue4 weak/none
Controls below target 3
Active Actions 4
Actions
Open remediation actions across the framework. Each action targets a specific Control gap. Bridges the work between “we identified the gap” (Quick Wins, Evidence Watchlist, Below Target) and “we’re fixing it”.
ACT-060DET.EA-02Reduce mean time to detect (MTTD) below 12hSOC ManagerHighIn Progress11 days overdue
ACT-017PRO.EP-04Push CrowdStrike Falcon to last 1.3% endpointsCIOCriticalIn Progress10 days
ACT-006GOV.AC-02Refresh Accountability & Sanctions PolicyCISOCriticalIn Progress15 days
ACT-055PRO.AA-03Quarterly access review across Tier-1 systemsIdentity & Access ManagerCriticalIn Progress15 days
ACT-003GOV.RM-03Update enterprise risk appetite statementCISOHighIn Progress20 days
ACT-001GOV.OC-01Refresh ISMS Scope & Boundaries document for FY26CISOHighIn Progress35 days
ACT-011RES.GV-01Annual IR Plan review and tabletop scheduleCISOHighIn Progress35 days
ACT-028DET.CM-04Onboard 4 new log sources into Splunk SIEMSOC ManagerHighIn Progress35 days
ACT-039REC.RV-02Validate backups for 3 Tier-1 systemsBusiness Continuity ManagerHighIn Progress35 days
ACT-050AII.AG-02Audit human-in-the-loop checks for high-risk agentsAI Risk LeadCriticalIn Progress35 days
ACT-024AII.US-02Acceptable AI use policy rolloutChief AI OfficerHighIn Progress40 days
ACT-014IDE.AM-03Decommission shadow IT asset inventory itemsCIOHighIn Progress50 days
ACT-021PRO.VM-04Reduce critical vulnerability SLA breach rate to <5%CTOHighIn Progress50 days
ACT-022AIT.AG-02Vendor AI agent inventory baselineChief AI OfficerHighIn Progress50 days
ACT-027PRO.DS-04Implement DLP rules for sensitive personal dataDPOHighIn Progress50 days
ACT-033RES.IR-04Refresh ransomware response playbookIncident Response LeadHighIn Progress50 days
ACT-046AII.SD-03Secure-by-design checklist for AI feature rolloutsAppSec LeadHighIn Progress50 days
ACT-051IDE.SC-03Tier vendor portfolio by criticalityVendor Risk ManagerHighIn Progress50 days
ACT-057PRO.IR-03Automate leaver offboarding for SaaSIdentity & Access ManagerHighIn Progress50 days
ACT-009PRO.TA-01Run FY26 mandatory security awareness trainingCISOHighIn Progress51 days
ACT-040APS.SD-04Roll out Snyk SAST to all main repositoriesAppSec LeadHighIn Progress51 days
ACT-019PRO.CR-02Migrate legacy crypto to HSM-backed keysCTOCriticalIn Progress66 days
ACT-029DET.DE-02Tune 14 false-positive heavy detectionsSOC ManagerMediumIn Progress66 days
ACT-037REC.RP-02Annual DR plan tabletop testBusiness Continuity ManagerHighIn Progress66 days
ACT-044APS.TA-02FY26 developer secure coding training rolloutAppSec LeadMediumIn Progress66 days
ACT-048AIT.RT-02Risk treatment plan for high-risk AI vendorsAI Risk LeadHighIn Progress66 days
ACT-056PRO.AA-06Just-In-Time access for production adminIdentity & Access ManagerHighIn Progress66 days
ACT-013APS.GV-03AppSec governance review — DevSecOps maturity modelCISOMediumIn Progress81 days
ACT-015IDE.AM-05Onboard cloud asset inventory into CMDBCIOMediumIn Progress81 days
ACT-032IDE.TM-02Operationalise threat intel into SIEM correlationSOC ManagerMediumIn Progress81 days
ACT-041APS.VM-03Reduce critical AppSec vuln SLA to 14 daysAppSec LeadHighIn Progress81 days
ACT-025IDE.DI-03Complete personal data inventory for cloud appsDPOCriticalIn Progress82 days
ACT-053AIT.AM-02Subcontractor inventory for 8 critical AI vendorsVendor Risk ManagerMediumIn Progress97 days
ACT-020PRO.NS-03Roll out Zero-Trust network access for contractorsCTOHighIn Progress112 days
ACT-058PRO.VM-02Patch backlog burn-down for legacy estateCTOCriticalOpen26 days overdue
ACT-059GOV.RM-05Update risk treatment register with Q1 outcomesCISOMediumOpen11 days overdue
ACT-034RES.PR-03Update on-call schedule for Q3 2026Incident Response LeadMediumOpen15 days
ACT-031DET.TH-01Quarterly threat hunt against MITRE T1078 (Valid Accounts)SOC ManagerMediumOpen51 days
ACT-005GOV.PO-02Annual Information Security Policy reviewCISOHighOpen66 days
ACT-023AII.GV-03Internal AI Governance Board charterChief AI OfficerHighOpen66 days
ACT-002GOV.LE-02Schedule CEO ISMS commitment statement reviewCISOMediumOpen81 days
ACT-010DET.GV-02Define SOC governance escalation matrixCISOMediumOpen81 days
ACT-043APS.OP-03Centralise AppSec findings in shared workspaceAppSec LeadMediumOpen81 days
ACT-052AIT.VR-02Refresh vendor security assessment templateVendor Risk ManagerMediumOpen81 days
ACT-012REC.GV-02Business Continuity policy refreshCISOMediumOpen97 days
ACT-016PRO.EM-02Implement DKIM/DMARC enforcement on legacy subdomainsCIOMediumOpen97 days
ACT-026IDE.DI-05Refresh data flow diagrams for customer journeyDPOHighOpen97 days
ACT-035RES.IC-02Crisis communications trainingIncident Response LeadMediumOpen97 days
ACT-038REC.RO-02Define Tier-1 system RTO targetsBusiness Continuity ManagerHighOpen97 days
ACT-042APS.SC-02SBOM generation for all production servicesAppSec LeadMediumOpen97 days
ACT-047AII.VM-02AI model vulnerability tracker live integrationAppSec LeadMediumOpen97 days
ACT-008IDE.RA-02Refresh annual risk assessment methodologyCISOMediumOpen112 days
ACT-018PRO.PS-02Complete physical access review for HQ + 2 regional officesCIOLowOpen112 days
ACT-030DET.LM-03Extend log retention to 13 months for complianceSOC ManagerHighOpen112 days
ACT-045APS.AM-03Application catalogue refresh — tag criticalityAppSec LeadLowOpen112 days
ACT-049AIT.MO-02Continuous monitoring of vendor AI policy driftAI Risk LeadMediumOpen112 days
ACT-054APS.SC-03Software supplier security baselineVendor Risk ManagerHighOpen112 days
ACT-036RES.AN-02Implement enriched alert triage in SOARIncident Response LeadMediumBlocked81 days
ACT-004GOV.RR-04Document segregation-of-duties matrixCISOMediumBlocked83 days
ACT-062PRO.DS-02Sign DPA with Tier-1 cloud processorsDPOCriticalCompleteComplete
ACT-061APS.SD-02Move secrets scanning into pre-merge checksAppSec LeadHighCompleteComplete
ACT-063IDE.AM-02Decommission EOL Windows Server 2012R2 instancesCIOCriticalCompleteComplete
ACT-007GOV.OV-03Q3 ISMS Steering Committee agenda templateCISOLowCompleteComplete
ACT-064PRO.NS-05Implement bespoke DDoS protection in-houseCTOLowCancelledCancelled
Evidence
Audit-defensible proof per Control — policies, procedures, attestations, telemetry, external audits. Controls render in framework order; apply a filter to focus on a band. Click any row to expand its evidence detail.
Stale Evidence by Owner 49
Owners with stale evidence items, ordered by stale count. Click the per-Owner Export button to download a Markdown report for that Owner.
CISO11 stale items
AI Risk Lead6 stale items
AppSec Lead6 stale items
Chief AI Officer6 stale items
Vendor Risk Manager6 stale items
Incident Response Lead4 stale items
SOC Manager4 stale items
Business Continuity Manager3 stale items
Controls Worklist 341
All Controls — Click any row for evidence detail.
StrongGOV.OC-01ISMS scope is definedGovernCISO4 items
StrongGOV.OC-02Internal and external issues relevant to information…GovernCISO4 items
StrongGOV.OC-03Interested partiesGovernCISO4 items
StrongGOV.OC-04Critical dependencies and mission-critical capabilities are…GovernCISO4 items
StrongGOV.LE-01A legal, statutory, regulatory, and contractual…GovernCISO4 items
StrongGOV.LE-02Regulatory engagementGovernCISO4 items
StrongGOV.LE-03Intellectual property rightsGovernCISO4 items
StrongGOV.LE-04Records and information lifecycle obligationsGovernCISO4 items
StrongGOV.RM-01Information security risk management methodology and…GovernCISO4 items
StrongGOV.RM-02Information security risk appetite and risk tolerance are…GovernCISO4 items
StrongGOV.RM-03Information security risks are identifiedGovernCISO4 items
StrongGOV.RM-04Risk treatment optionsGovernCISO4 items
StrongGOV.RM-05Information security risk management is integrated with…GovernCISO4 items
StrongGOV.RR-01Information security leadershipGovernCISO4 items
StrongGOV.RR-02Information security roles and responsibilities for Company…GovernCISO4 items
StrongGOV.RR-03Segregation of duties for security-sensitive activities is…GovernCISO4 items
StrongGOV.RR-04Personnel screening commensurate with role sensitivity is…GovernCISO4 items
StrongGOV.RR-05Confidentiality and non-disclosure obligations are…GovernCISO4 items
StrongGOV.RR-06Workforce conduct expectations and the disciplinary process…GovernCISO4 items
StrongGOV.RR-07Personnel onboardingGovernCISO4 items
WeakGOV.RR-08A cross-functional AI governance forum is established with…GovernCISO2 items
StrongGOV.PO-01Information security policy architectureGovernCISO4 items
StrongGOV.PO-02Information security policies and supporting documents are…GovernCISO4 items
StrongGOV.PO-03Information security policies are communicated to personnel…GovernCISO4 items
StrongGOV.PO-04Exceptions to information security policies are formally…GovernCISO4 items
AdequateGOV.RE-01Information security resourcing requirementsGovernCISO2 items
AdequateGOV.RE-02Competence requirements for information security personnel…GovernCISO2 items
AdequateGOV.RE-03External expertiseGovernCISO2 items
AdequateGOV.OV-01Information security key performance and key risk…GovernCISO2 items
AdequateGOV.OV-02ISMS performance is evaluated against defined objectivesGovernCISO2 items
AdequateGOV.OV-03Board of Directors and Executive Team are updated on…GovernCISO2 items
AdequateGOV.OV-04Management review of the ISMS is conducted at defined…GovernCISO2 items
AdequateGOV.OV-05Continual improvement of the ISMS is governed through…GovernCISO2 items
WeakGOV.OV-06Per-Control maturity is scored against the Company's…GovernCISO1 item
WeakGOV.AC-01Internal audit programme for the ISMS is established with…GovernCISO1 item
WeakGOV.AC-02Independent reviews of information security are conducted…GovernCISO1 item
WeakGOV.AC-03External audits and certification assessmentsGovernCISO1 item
WeakGOV.AC-04Audit findings, observations, and recommendations are…GovernCISO1 item
StrongIDE.AM-01Asset management policyIdentifyCIO4 items
StrongIDE.AM-02Assets are classified using the Company's classification…IdentifyCIO4 items
StrongIDE.AM-03Service assets — including domain management, cloud…IdentifyCIO4 items
StrongIDE.AM-04Application assetsIdentifyCIO4 items
StrongIDE.AM-05Network assets — including network components, segments…IdentifyCIO4 items
StrongIDE.AM-06Endpoint assets — including company-managed devices — are…IdentifyCIO4 items
StrongIDE.AM-07Asset integrationsIdentifyCIO4 items
StrongIDE.AM-08Assets are managed throughout their lifecycleIdentifyCIO4 items
StrongIDE.DI-01Data inventory and records of processing policyIdentifyDPO4 items
StrongIDE.DI-02Data assets are inventoried by categoryIdentifyDPO4 items
StrongIDE.DI-03Personal data and special-category data are identifiedIdentifyDPO4 items
StrongIDE.DI-04Records of processing activitiesIdentifyDPO4 items
StrongIDE.DI-05Data flows across the asset estateIdentifyDPO4 items
StrongIDE.DI-06Data discovery activities are performed to detect…IdentifyDPO4 items
StrongIDE.BI-01Business impact analysis policyIdentifyDPO4 items
StrongIDE.BI-02Critical business functions and the assetsIdentifyDPO4 items
StrongIDE.BI-03Crown-jewel assetsIdentifyDPO4 items
StrongIDE.BI-04Business impact tolerancesIdentifyDPO4 items
StrongIDE.BI-05Business impact analysis outputs inform protection…IdentifyDPO4 items
StrongIDE.ES-01External attack surface management policyIdentifyVendor Risk Manager4 items
StrongIDE.ES-02Internet-exposed assetsIdentifyVendor Risk Manager4 items
StrongIDE.ES-03Shadow IT and unmanaged assets are detected and reconciled…IdentifyVendor Risk Manager4 items
StrongIDE.ES-04Brand-related external exposureIdentifyVendor Risk Manager4 items
StrongIDE.ES-05External attack surface findings are prioritisedIdentifyVendor Risk Manager4 items
StrongIDE.RA-01The information security risk assessment programmeIdentifyCISO4 items
StrongIDE.RA-02Threat inputs from IDE.TMIdentifyCISO4 items
AdequateIDE.RA-03Information security risks are analysed for likelihood and…IdentifyCISO2 items
AdequateIDE.RA-04Project-level, change-level, and onboarding-level risk…IdentifyCISO2 items
AdequateIDE.RA-05Risk assessment outputs are recordedIdentifyCISO2 items
AdequateIDE.TM-01Threat management policyIdentifySOC Manager2 items
AdequateIDE.TM-02External and internal threat intelligence is collected from…IdentifySOC Manager2 items
AdequateIDE.TM-03The threat landscape and threat actor profile relevant to…IdentifySOC Manager2 items
AdequateIDE.TM-04AI-specific threat intelligence sourcesIdentifySOC Manager2 items
AdequateIDE.TM-05Threat intelligence outputs are disseminated to risk…IdentifySOC Manager2 items
AdequateIDE.SC-01Supply chain risk management policyIdentifyVendor Risk Manager2 items
WeakIDE.SC-02Suppliers and other third parties are inventoriedIdentifyVendor Risk Manager1 item
WeakIDE.SC-03Pre-engagement supplier due diligenceIdentifyVendor Risk Manager1 item
WeakIDE.SC-04Supplier contracts and onboarding establish information…IdentifyVendor Risk Manager1 item
WeakIDE.SC-05Supplier security posture is monitored throughout the…IdentifyVendor Risk Manager1 item
WeakIDE.SC-06Supplier termination and offboarding are governed by…IdentifyVendor Risk Manager1 item
WeakIDE.SC-07Supply chain risk management outcomes inform improvement of…IdentifyVendor Risk Manager1 item
StrongPRO.AA-01Identity and access management policyProtectIdentity & Access Manager4 items
StrongPRO.AA-02Identities are managed throughout their lifecycleProtectIdentity & Access Manager4 items
StrongPRO.AA-03Authentication mechanisms are commensurate with sensitivityProtectIdentity & Access Manager4 items
StrongPRO.AA-04Access is granted on the principles of least privilege and…ProtectIdentity & Access Manager4 items
StrongPRO.AA-05Privileged access is governed under additional safeguardsProtectIdentity & Access Manager4 items
StrongPRO.AA-06Federated identityProtectIdentity & Access Manager4 items
StrongPRO.AA-07Authentication credentialsProtectIdentity & Access Manager4 items
StrongPRO.DS-01Data security policyProtectDPO4 items
StrongPRO.DS-02Data handling requirements per classificationProtectDPO4 items
StrongPRO.DS-03Data at rest is protected through encryption proportionate…ProtectDPO4 items
StrongPRO.DS-04Data in transit is protected through encryption…ProtectDPO4 items
StrongPRO.DS-05Data leakage prevention is applied across endpointsProtectDPO4 items
StrongPRO.DS-06Data masking, pseudonymisation, and tokenisation are…ProtectDPO4 items
StrongPRO.DS-07Data retention, archival, and lawful disposal are governed…ProtectDPO4 items
StrongPRO.DS-08Data backup is performedProtectDPO4 items
StrongPRO.CR-01Cryptography policyProtectCTO4 items
StrongPRO.CR-02Cryptographic algorithmsProtectCTO4 items
StrongPRO.CR-03Key management — generation, storage, distribution…ProtectCTO4 items
StrongPRO.CR-04Public key infrastructure and digital certificates are…ProtectCTO4 items
StrongPRO.CR-05Cryptographic agility and post-quantum readiness are…ProtectCTO4 items
StrongPRO.PS-01Platform and configuration security policyProtectCIO4 items
StrongPRO.PS-02Operating system and platform configurations are hardened…ProtectCIO4 items
StrongPRO.PS-03Cloud platform and SaaS configurations are governed under…ProtectCIO4 items
StrongPRO.PS-04Software installationProtectCIO4 items
StrongPRO.PS-05Configuration changes to platforms and infrastructure are…ProtectCIO4 items
StrongPRO.PS-06Anti-malware and platform-level threat protection are…ProtectCIO4 items
StrongPRO.NS-01Network security policyProtectCTO4 items
StrongPRO.NS-02Network segmentation isolates environmentsProtectCTO4 items
StrongPRO.NS-03Perimeter protectionProtectCTO4 items
StrongPRO.NS-04Domain Name SystemProtectCTO4 items
StrongPRO.NS-05Remote access and VPN are governed under defined standardsProtectCTO4 items
StrongPRO.EM-01Email and messaging security policyProtectCIO4 items
StrongPRO.EM-02Email security serviceProtectCIO4 items
StrongPRO.EM-03Email protocol-level safeguardsProtectCIO4 items
StrongPRO.EM-04Messaging and collaboration platform securityProtectCIO4 items
StrongPRO.EM-05Impersonation, lookalike-domain, and brand-related email…ProtectCIO4 items
StrongPRO.EP-01Endpoint security policyProtectCIO4 items
StrongPRO.EP-02Endpoint protectionProtectCIO4 items
StrongPRO.EP-03Mobile device management is applied to company-managed and…ProtectCIO4 items
AdequatePRO.EP-04Endpoint encryption is applied to in-scope devices…ProtectCIO2 items
AdequatePRO.EP-05Endpoint lifecycleProtectCIO2 items
AdequatePRO.IR-01Physical and environmental protection policyProtectIdentity & Access Manager2 items
AdequatePRO.IR-02Physical access to facilitiesProtectIdentity & Access Manager2 items
AdequatePRO.IR-03Environmental threatsProtectIdentity & Access Manager2 items
AdequatePRO.IR-04Equipment siting, maintenance, and supporting utilities are…ProtectIdentity & Access Manager2 items
AdequatePRO.IR-05Remote working and offsite use of Company assets are…ProtectIdentity & Access Manager2 items
AdequatePRO.IR-06Clear desk, clear screen, and storage media handling are…ProtectIdentity & Access Manager2 items
AdequatePRO.IR-07Infrastructure capacity and resource adequacy are monitoredProtectIdentity & Access Manager2 items
AdequatePRO.IR-08Resilience mechanismsProtectIdentity & Access Manager2 items
AdequatePRO.VM-01Vulnerability management policyProtectCTO2 items
AdequatePRO.VM-02Vulnerability discoveryProtectCTO2 items
AdequatePRO.VM-03Vulnerabilities are prioritised based on severityProtectCTO2 items
WeakPRO.VM-04Vulnerabilities are remediated through patchingProtectCTO1 item
WeakPRO.VM-05Vulnerability exceptions are formally requestedProtectCTO1 item
WeakPRO.VM-06Coordinated vulnerability disclosure and external…ProtectCTO1 item
WeakPRO.TA-01Training and awareness policyProtectCISO1 item
WeakPRO.TA-02General information security training is provided to all…ProtectCISO1 item
WeakPRO.TA-03Role-specific information security training is provided to…ProtectCISO1 item
WeakPRO.TA-04Phishing and social engineering simulation programmes are…ProtectCISO1 item
WeakPRO.TA-05Security champion networks are established across functions…ProtectCISO1 item
WeakPRO.TA-06Training effectiveness is measuredProtectCISO1 item
StrongDET.GV-01Detection and monitoring policyDetectCISO4 items
StrongDET.GV-02Detection capabilityDetectCISO4 items
StrongDET.GV-03Detection coverage is mapped against MITRE ATT&CK…DetectCISO4 items
StrongDET.GV-04Detection effectivenessDetectCISO4 items
StrongDET.LM-01Logging policy, scope, and standards are documented…DetectSOC Manager4 items
StrongDET.LM-02Logs are generated across in-scope assets covering…DetectSOC Manager4 items
StrongDET.LM-03Logs are aggregated to a central platform with sufficient…DetectSOC Manager4 items
StrongDET.LM-04Log integrity is protectedDetectSOC Manager4 items
StrongDET.LM-05Sensitive data accessDetectSOC Manager4 items
StrongDET.CM-01Monitoring scope, signal sources, and tooling are defined…DetectSOC Manager4 items
StrongDET.CM-02Endpoint and identity monitoring captures EDRDetectSOC Manager4 items
StrongDET.CM-03Network and cloud workload monitoring captures perimeterDetectSOC Manager4 items
StrongDET.CM-04Data, application, and messaging monitoring captures DLP…DetectSOC Manager4 items
StrongDET.CM-05Physical and environmental monitoring captures facility…DetectSOC Manager4 items
StrongDET.CM-06Insider threat and user behaviour analytics monitor for…DetectSOC Manager4 items
StrongDET.DE-01Detection content lifecycleDetectSOC Manager4 items
StrongDET.DE-02Detection content is informed by threat intelligence per…DetectSOC Manager4 items
AdequateDET.DE-03Detection content is version-controlledDetectSOC Manager2 items
AdequateDET.DE-04Detection content effectivenessDetectSOC Manager2 items
AdequateDET.EA-01Alert triage processesDetectSOC Manager2 items
AdequateDET.EA-02Alerts are correlated across signal sources to identify…DetectSOC Manager2 items
AdequateDET.EA-03Investigation procedures define evidence handlingDetectSOC Manager2 items
WeakDET.EA-04Confirmed incidents are escalated to incident response per…DetectSOC Manager1 item
WeakDET.TH-01Threat hunting programmeDetectSOC Manager1 item
WeakDET.TH-02Hunts are informed by threat intelligence per IDE.TMDetectSOC Manager1 item
WeakDET.TH-03Hunt outcomes — confirmed threats, new detection content…DetectSOC Manager1 item
StrongRES.GV-01Information Security incident response policyRespondCISO4 items
StrongRES.GV-02Incident response capabilityRespondCISO4 items
StrongRES.GV-03Stakeholder engagement frameworkRespondCISO4 items
StrongRES.PR-01Incident response plans and playbooksRespondIncident Response Lead4 items
StrongRES.PR-02Response tooling — forensic acquisition, investigation…RespondIncident Response Lead4 items
StrongRES.PR-03Personnel competence for response roles is established and…RespondIncident Response Lead4 items
StrongRES.PR-04Exercises — tabletop, technical, full simulation — are…RespondIncident Response Lead4 items
StrongRES.PR-05External relationshipsRespondIncident Response Lead4 items
StrongRES.IR-01Incidents are declaredRespondIncident Response Lead4 items
StrongRES.IR-02Incident leadership and cross-functional coordination are…RespondIncident Response Lead4 items
StrongRES.IR-03Containment actions are executed to limit incident impact…RespondIncident Response Lead4 items
StrongRES.IR-04Eradication actions remove the threat presence and restore…RespondIncident Response Lead4 items
StrongRES.IR-05Recovery coordination with REC ensures restoration of…RespondIncident Response Lead4 items
StrongRES.IR-06Specialty incident classesRespondIncident Response Lead4 items
StrongRES.AN-01Forensic analysis and evidence handling are performed under…RespondIncident Response Lead4 items
StrongRES.AN-02Incident scope, impact, and affected assets are determined…RespondIncident Response Lead4 items
StrongRES.AN-03Root cause is identified and documented for material…RespondIncident Response Lead4 items
AdequateRES.AN-04Threat actor attribution is assessed where evidence…RespondIncident Response Lead2 items
AdequateRES.IC-01Internal communicationRespondIncident Response Lead2 items
AdequateRES.IC-02Regulatory notificationsRespondIncident Response Lead2 items
AdequateRES.IC-03Customer notification and engagement are conducted where…RespondIncident Response Lead2 items
AdequateRES.IC-04Supplier and third-party coordination is conducted where…RespondIncident Response Lead2 items
WeakRES.IC-05Public communicationRespondIncident Response Lead1 item
WeakRES.LL-01Post-incident reviews are conducted for material incidents…RespondIncident Response Lead1 item
WeakRES.LL-02Programme-level effectivenessRespondIncident Response Lead1 item
WeakRES.LL-03Improvement actions are tracked to closure and feed…RespondIncident Response Lead1 item
StrongREC.GV-01Recovery policy, procedures, and roles are documented…RecoverCISO4 items
StrongREC.GV-02Recovery capabilityRecoverCISO4 items
StrongREC.GV-03Stakeholder engagement frameworkRecoverCISO4 items
StrongREC.RP-01Recovery strategies and plansRecoverBusiness Continuity Manager4 items
StrongREC.RP-02Recovery tooling and infrastructureRecoverBusiness Continuity Manager4 items
StrongREC.RP-03Personnel competence for recovery roles is established and…RecoverBusiness Continuity Manager4 items
StrongREC.RP-04Recovery exercisesRecoverBusiness Continuity Manager4 items
StrongREC.RP-05External relationshipsRecoverBusiness Continuity Manager4 items
StrongREC.RO-01Recovery is initiated under defined criteria with…RecoverBusiness Continuity Manager4 items
StrongREC.RO-02Recovery leadership and cross-functional coordination are…RecoverBusiness Continuity Manager4 items
StrongREC.RO-03System, data, and service restoration are executed under…RecoverBusiness Continuity Manager4 items
StrongREC.RO-04Specialty recovery scenariosRecoverBusiness Continuity Manager4 items
StrongREC.RV-01Pre-recovery validationRecoverBusiness Continuity Manager4 items
StrongREC.RV-02Post-restoration integrity verificationRecoverBusiness Continuity Manager4 items
StrongREC.RV-03Heightened post-recovery monitoring is maintained for a…RecoverBusiness Continuity Manager4 items
AdequateREC.RC-01Internal communicationRecoverBusiness Continuity Manager2 items
AdequateREC.RC-02Regulatory communications during recoveryRecoverBusiness Continuity Manager2 items
AdequateREC.RC-03Customer communication and service-restoration updates are…RecoverBusiness Continuity Manager2 items
AdequateREC.RC-04Supplier and third-party coordination during recovery is…RecoverBusiness Continuity Manager2 items
AdequateREC.RC-05Public communication and external messaging during recovery…RecoverBusiness Continuity Manager2 items
WeakREC.LL-01Post-recovery reviews are conducted for material recoveries…RecoverBusiness Continuity Manager1 item
WeakREC.LL-02Programme-level effectivenessRecoverBusiness Continuity Manager1 item
WeakREC.LL-03Improvement actions are tracked to closure and feed…RecoverBusiness Continuity Manager1 item
StrongAPS.GV-01AppSec policies are documentedAppSecCISO4 items
StrongAPS.GV-02AppSec procedures are documentedAppSecCISO4 items
StrongAPS.GV-03Secure Software Development Lifecycle (SDLC) standards are…AppSecCISO4 items
StrongAPS.GV-04AppSec compliance with policiesAppSecCISO4 items
StrongAPS.AM-01Applications are inventoried and classifiedAppSecAppSec Lead4 items
StrongAPS.AM-02Source code repositories are inventoriedAppSecAppSec Lead4 items
StrongAPS.AM-03Secrets are inventoriedAppSecAppSec Lead4 items
StrongAPS.AM-04Application data flows and integrations are documentedAppSecAppSec Lead4 items
StrongAPS.DS-01Security requirements are defined for applications based on…AppSecAppSec Lead4 items
StrongAPS.DS-02Threat modeling is performed iteratively for applications…AppSecAppSec Lead4 items
StrongAPS.DS-03Security architecture reviews are performed for new…AppSecAppSec Lead4 items
StrongAPS.DS-04Privacy by design and Data Protection Impact Assessments…AppSecAppSec Lead4 items
StrongAPS.DS-05Secure design patterns and reusable security components are…AppSecAppSec Lead4 items
StrongAPS.SD-01Access control is applied to development assetsAppSecAppSec Lead4 items
StrongAPS.SD-02Cryptography is applied to protect data within applications…AppSecAppSec Lead4 items
StrongAPS.SD-03Input is validated and exceptions are handled securely…AppSecAppSec Lead4 items
StrongAPS.SD-04Security is addressed from the start of development (OWASP…AppSecAppSec Lead4 items
StrongAPS.SD-05Configurations are secure by default (OWASP C5) OWASP Top…AppSecAppSec Lead4 items
StrongAPS.SD-06Components are kept secure (OWASP C6) OWASP Top 10…AppSecAppSec Lead4 items
StrongAPS.SD-07Digital identities are secured (OWASP C7) OWASP Top 10…AppSecAppSec Lead4 items
StrongAPS.SD-08Browser security features are leveraged (OWASP C8) OWASP…AppSecAppSec Lead4 items
StrongAPS.SD-09Security logging and monitoring are implemented (OWASP C9)…AppSecAppSec Lead4 items
StrongAPS.SD-10Server-side request forgery is prevented (OWASP C10) OWASP…AppSecAppSec Lead4 items
StrongAPS.SD-11Secrets are sourced from secure secrets managementAppSecAppSec Lead4 items
StrongAPS.SD-12Secure coding standards are documented and appliedAppSecAppSec Lead4 items
StrongAPS.SC-01Third-party components and dependencies are inventoried and…AppSecVendor Risk Manager4 items
StrongAPS.SC-02Third-party component selection follows defined security…AppSecVendor Risk Manager4 items
AdequateAPS.SC-03Build pipeline and deployment infrastructure integrity and…AppSecVendor Risk Manager2 items
AdequateAPS.SC-04Container images and registries are managed for security…AppSecVendor Risk Manager2 items
AdequateAPS.VM-01Application code testing is performedAppSecAppSec Lead2 items
AdequateAPS.VM-02Application runtime testing is performedAppSecAppSec Lead2 items
AdequateAPS.VM-03Infrastructure-as-Code (IaC) security scanning is performedAppSecAppSec Lead2 items
AdequateAPS.VM-04Penetration testing is performed for in-scope applicationsAppSecAppSec Lead2 items
AdequateAPS.VM-05Application vulnerabilities are trackedAppSecAppSec Lead2 items
AdequateAPS.VM-06Bug bounty or coordinated vulnerability disclosure is…AppSecAppSec Lead2 items
AdequateAPS.OP-01Application release and deployment processes apply secure…AppSecAppSec Lead2 items
WeakAPS.OP-02Runtime application protection is applied where appropriateAppSecAppSec Lead1 item
WeakAPS.OP-03AppSec incident response procedures are documented and…AppSecAppSec Lead1 item
WeakAPS.OP-04Application BCP / DR procedures are documented and…AppSecAppSec Lead1 item
WeakAPS.OP-05Application decommissioning and end-of-life procedures…AppSecAppSec Lead1 item
WeakAPS.TA-01AppSec training is provided to developmentAppSecAppSec Lead1 item
WeakAPS.TA-02A Security Champion programme is operated to designateAppSecAppSec Lead1 item
StrongAIT.GV-01Third-Party AI policies are documentedAI Third PartyChief AI Officer4 items
StrongAIT.GV-02Third-Party AI procedures are documentedAI Third PartyChief AI Officer4 items
StrongAIT.GV-03Vendor responsibility frameworkAI Third PartyChief AI Officer4 items
StrongAIT.GV-04Third-Party AI compliance with policiesAI Third PartyChief AI Officer4 items
StrongAIT.VR-01Third-party AI vendors are evaluated against the Vendor…AI Third PartyVendor Risk Manager4 items
StrongAIT.VR-02Information security requirements are included in…AI Third PartyVendor Risk Manager4 items
StrongAIT.VR-03Vendor sub-processors and AI supply chain are identified…AI Third PartyVendor Risk Manager4 items
StrongAIT.VR-04Vendor security and ethical posture is reassessed at…AI Third PartyVendor Risk Manager4 items
StrongAIT.AM-01Third-party AI tools and services are inventoriedAI Third PartyVendor Risk Manager4 items
StrongAIT.AM-02Third-party AI assets are classified and tagged with AI…AI Third PartyVendor Risk Manager4 items
StrongAIT.AM-03Shadow AI — unauthorised third-party AI use — is detected…AI Third PartyVendor Risk Manager4 items
StrongAIT.AM-04Embedded AI capabilities within existing SaaS suppliers are…AI Third PartyVendor Risk Manager4 items
StrongAIT.AG-01Agentic AI tool authorisation scope is documented and…AI Third PartyAI Risk Lead4 items
StrongAIT.AG-02Human-in-the-loop authorisation is applied to sensitive…AI Third PartyAI Risk Lead4 items
StrongAIT.AG-03Agentic AI activity is logged at action granularityAI Third PartyAI Risk Lead4 items
StrongAIT.AG-04Agentic AI prompt injectionAI Third PartyAI Risk Lead4 items
StrongAIT.AG-05Agentic AI vendor selection follows elevated criteriaAI Third PartyAI Risk Lead4 items
WeakAIT.AG-06Emergency suspension and revocation capability for…AI Third PartyAI Risk Lead2 items
StrongAIT.US-01Approved third-party AI toolsAI Third PartyChief AI Officer4 items
StrongAIT.US-02Data exposure to third-party AI tools is governed per AI…AI Third PartyChief AI Officer4 items
StrongAIT.US-03AI tool output handling and verification requirements are…AI Third PartyChief AI Officer4 items
AdequateAIT.US-04Personal and company account separation is enforced for…AI Third PartyChief AI Officer2 items
AdequateAIT.MO-01Third-party AI usage telemetry is collected and analysedAI Third PartyAI Risk Lead2 items
AdequateAIT.MO-02Third-party AI provider security postureAI Third PartyAI Risk Lead2 items
AdequateAIT.MO-03Vendor business, ethical, and regulatory changes are…AI Third PartyAI Risk Lead2 items
AdequateAIT.MO-04Anomalous usage patterns and abuse indicators are detectedAI Third PartyAI Risk Lead2 items
AdequateAIT.IR-01Third-party AI-specific incident response playbooks are…AI Third PartyAI Risk Lead2 items
AdequateAIT.IR-02Third-party AI incidents are escalated and managed per the…AI Third PartyAI Risk Lead2 items
WeakAIT.IR-03Vendor-initiated breach and security notifications are…AI Third PartyAI Risk Lead1 item
WeakAIT.RT-01Third-party AI tool retirement is performed when approval…AI Third PartyAI Risk Lead1 item
WeakAIT.RT-02Data return, deletion, and account closure are verified at…AI Third PartyAI Risk Lead1 item
WeakAIT.RT-03Retirement outcomes inform Vendor Responsibility Framework…AI Third PartyAI Risk Lead1 item
StrongAII.GV-01AI security policies are documentedAI Internally DevelopedChief AI Officer4 items
StrongAII.GV-02AI security procedures are documentedAI Internally DevelopedChief AI Officer4 items
StrongAII.GV-03Secure AI Development Lifecycle (AI SDLC) standards are…AI Internally DevelopedChief AI Officer4 items
StrongAII.GV-04AI security compliance with policiesAI Internally DevelopedChief AI Officer4 items
StrongAII.AM-01In-house AI systems are inventoried and classifiedAI Internally DevelopedChief AI Officer4 items
StrongAII.AM-02AI models and model artifacts are inventoriedAI Internally DevelopedChief AI Officer4 items
StrongAII.AM-03Training datasets and AI data assets are inventoriedAI Internally DevelopedChief AI Officer4 items
StrongAII.AM-04System prompts and AI instructions are inventoriedAI Internally DevelopedChief AI Officer4 items
StrongAII.AM-05AI data flows and integrations are documentedAI Internally DevelopedChief AI Officer4 items
StrongAII.DS-01AI security requirements are defined based on AI risk and…AI Internally DevelopedDPO4 items
StrongAII.DS-02AI threat modeling is performed iteratively for AI systems…AI Internally DevelopedDPO4 items
StrongAII.DS-03Security architecture reviews are performed for new AI…AI Internally DevelopedDPO4 items
StrongAII.DS-04Privacy by Design and Data Protection Impact Assessments…AI Internally DevelopedDPO4 items
StrongAII.DS-05Secure AI design patterns and reusable security components…AI Internally DevelopedDPO4 items
StrongAII.SD-01Training data security and integrity controls are appliedAI Internally DevelopedAppSec Lead4 items
StrongAII.SD-02Model training and fine-tuning security controls are…AI Internally DevelopedAppSec Lead4 items
StrongAII.SD-03System prompts and AI instructions are developed and…AI Internally DevelopedAppSec Lead4 items
StrongAII.SD-04Inference input validation and output handling are appliedAI Internally DevelopedAppSec Lead4 items
StrongAII.SD-05Model artifact integrity and safe loading controls are…AI Internally DevelopedAppSec Lead4 items
StrongAII.SD-06ML pipeline security controls are appliedAI Internally DevelopedAppSec Lead4 items
StrongAII.SD-07Adversarial robustness defences are implemented where…AI Internally DevelopedAppSec Lead4 items
StrongAII.SD-08AI-specific secrets and credentials are managedAI Internally DevelopedAppSec Lead4 items
StrongAII.SD-09Secure AI coding standards and code review are appliedAI Internally DevelopedAppSec Lead4 items
StrongAII.SC-01AI components, models, and dependencies are inventoried and…AI Internally DevelopedVendor Risk Manager4 items
StrongAII.SC-02Base model and pre-trained model selection follows defined…AI Internally DevelopedVendor Risk Manager4 items
StrongAII.SC-03Training dataset provenance and licensing are verified…AI Internally DevelopedVendor Risk Manager4 items
StrongAII.SC-04AI build pipeline and ML infrastructure integrity are…AI Internally DevelopedVendor Risk Manager4 items
StrongAII.VM-01AI code and component testing is performedAI Internally DevelopedAppSec Lead4 items
StrongAII.VM-02AI runtime testing is performedAI Internally DevelopedAppSec Lead4 items
StrongAII.VM-03AI red teaming is performed for in-scope AI systemsAI Internally DevelopedAppSec Lead4 items
StrongAII.VM-04AI vulnerabilities are trackedAI Internally DevelopedAppSec Lead4 items
AdequateAII.VM-05AI bug bounty or coordinated vulnerability disclosure is…AI Internally DevelopedAppSec Lead2 items
WeakAII.VM-06A versioned security evaluation suite gates promotion of AI…AI Internally DevelopedAppSec Lead2 items
AdequateAII.OP-01AI release and deployment processes apply secure release…AI Internally DevelopedChief AI Officer2 items
AdequateAII.OP-02Runtime AI protection is appliedAI Internally DevelopedChief AI Officer2 items
AdequateAII.OP-03AI systems are monitoredAI Internally DevelopedChief AI Officer2 items
AdequateAII.OP-04AI incident response procedures are documented and…AI Internally DevelopedChief AI Officer2 items
AdequateAII.OP-05AI system BCP / DR procedures are documented and maintainedAI Internally DevelopedChief AI Officer2 items
AdequateAII.OP-06AI system decommissioning and end-of-life procedures…AI Internally DevelopedChief AI Officer2 items
WeakAII.OP-07AI-generated content transparency and provenance…AI Internally DevelopedChief AI Officer2 items
AdequateAII.AG-01Agent authorisation scope is documented and enforcedAI Internally DevelopedAI Risk Lead2 items
AdequateAII.AG-02Human-in-the-loop authorisation is applied to sensitive…AI Internally DevelopedAI Risk Lead2 items
AdequateAII.AG-03Agent activity is logged at action granularityAI Internally DevelopedAI Risk Lead2 items
WeakAII.AG-04Agent defences against prompt injectionAI Internally DevelopedAI Risk Lead1 item
WeakAII.AG-05Agent frameworks, orchestration, and MCP implementations…AI Internally DevelopedAI Risk Lead1 item
WeakAII.AG-06Emergency suspension and revocation capability for in-house…AI Internally DevelopedAI Risk Lead2 items
WeakAII.TA-01AI security training is provided to AI developmentAI Internally DevelopedChief AI Officer1 item
WeakAII.TA-02An AI Security Champion programme is operated to designateAI Internally DevelopedChief AI Officer1 item
WeakAII.US-01Approved in-house AI tools and use cases are defined and…AI Internally DevelopedChief AI Officer1 item
WeakAII.US-02Data exposure to in-house AI tools is governed per AI…AI Internally DevelopedChief AI Officer1 item
WeakAII.US-03AI tool output handling and verification requirements are…AI Internally DevelopedChief AI Officer1 item
WeakAII.US-04Authentication and account hygiene for in-house AI tools is…AI Internally DevelopedChief AI Officer1 item
Priorities
Forward-looking resourcing lens. Two views answer the same question from different angles: where should the next pound or FTE-day go?
Priority Matrix 115
Controls with Gap > 0 plotted by Gap (Y) × Business Impact (X). The top-right cell is the "Act Now" zone — the highest-leverage resourcing decisions.
Act Now — Top 4 Controls
Quick Wins 41
Controls where Gap = 1 and Forecast = Target. These are already on track to close before the next review — the easy wins to confirm before the steering meeting.
Identify 3
Protect 7
Detect 3
Respond 1
Recover 4
AppSec 11
AI Third Party 3
AI Internally Developed 9
References
All documentation used as reference material in creating the Information Security Management System and ISMS Controls, plus curated industry references for ongoing CISO and ISMS planning.
Reference Material for Control Mapping 38
All sources cited in Control Mappings across the 9 Domains. Order follows the importance hierarchy used across the Core, AppSec, and AI Mapping conventions — certification standards first, then regulations, frameworks, taxonomies, and industry control sets.
Additional References 12
Reference materials reviewed during ISMS Dashboard creation but not cited in any Control Mapping. Held for drafting context, terminology alignment, or general framing. Alphabetical.
Online Resources 9
Standing-resource organisations a CISO and ISMS function should keep current with. Linked to organisation home pages; alphabetical.
Additional References — News & Analysis 8
Curated industry news sources for ongoing CISO situational awareness.
Additional References — CISO Peer Community 4
Membership-based or invite-only peer communities for CISOs.
Additional References — Newsletters 5
Free newsletters covering security news, research, and operations.
Additional References — Analyst Research 3
Industry analyst houses publishing security and risk research.
Additional References — Authoritative & Regulatory 7
Government and industry bodies that publish authoritative cybersecurity guidance.
Additional References — Annual Reports 5
Recurring annual security reports worth tracking year over year.
Glossary
Common acronyms and terms used throughout the Framework. Sorted alphabetically.
Board Snapshot
One-page executive view as of Q2 2026. Suitable for board packs and stakeholder updates. All figures derive from the live Control Library; numbers refresh whenever scoring is updated.
Company-Wide Information Security Maturity
Domain Status at a Glance
31/38 at target
26/41 at target
39/61 at target
21/26 at target
23/26 at target
19/23 at target
22/42 at target
17/32 at target
28/52 at target
Top Priorities to Close Before Next Review 5
Largest current gaps that planned activity will not close — these are the candidates for additional resourcing or escalation.
Certification & Regulatory Posture
Where the framework currently stands against the seven tracked compliance standards.
- ISO 27001: 341 Controls mapped · Avg Current 5.76 · Avg Gap 0.46 · 115 below Target
- ISO 42001: 89 Controls mapped · Avg Current 5.45 · Avg Gap 0.80 · 40 below Target
- EU AI Act: 90 Controls mapped · Avg Current 5.44 · Avg Gap 0.80 · 41 below Target
- EU GDPR: 162 Controls mapped · Avg Current 5.77 · Avg Gap 0.44 · 57 below Target
- NIS 2: 341 Controls mapped · Avg Current 5.76 · Avg Gap 0.46 · 115 below Target
- EU CRA: 44 Controls mapped · Avg Current 5.80 · Avg Gap 0.50 · 21 below Target
- TISAX: 335 Controls mapped · Avg Current 5.79 · Avg Gap 0.44 · 111 below Target
Risk Posture
Residual risk profile after applied Control treatment. Above-Tolerance and Treatment-at-Risk are the escalation candidates.
- Above Tolerance: 0 residual risks rated High or Very High
- Treatment at Risk: 20 risks whose treating Controls are currently below Target maturity
Top 3 Residual Risks
Risk Treatment Progress
Top residual risks with the remediation Actions targeting them. Source of the read-out: Actions tab.
Maturity vs Effectiveness Pairing
Per Scoring Model v2 Section 7. Top 10 outcome metrics by escalation priority. Of 31 Controls with registered outcome metrics: 10 Attention · 14 Watch · 7 Healthy.
Risk Register
ISO 27001-compliant Risk Register. The Applied Controls field is the bridge to the Control Library — every Risk lists the Framework Controls treating it.
Risk Status Overview
Risk Register Detail 25
Click any Risk to expand its full assessment. All fields conform to the ISO 27001-compliant template.
ISR01External attacker via social engineeringInherent: Very High (20)Residual: Medium (8)
Inherent
L 4 × I 5 = 20 · Very HighResidual
L 2 × I 4 = 8 · MediumISR02Cybercriminal organisation; ransomware operatorInherent: High (15)Residual: Medium (8)
Inherent
L 3 × I 5 = 15 · HighResidual
L 2 × I 4 = 8 · MediumISR03Internal user (malicious or accidental); leaving employeeInherent: High (12)Residual: Medium (8)
Inherent
L 3 × I 4 = 12 · HighResidual
L 2 × I 4 = 8 · MediumISR04Misconfiguration; accidental public exposureInherent: Very High (20)Residual: Medium (8)
Inherent
L 4 × I 5 = 20 · Very HighResidual
L 2 × I 4 = 8 · MediumISR05Compromised vendor; software supply chain attackInherent: High (12)Residual: Medium (8)
Inherent
L 3 × I 4 = 12 · HighResidual
L 2 × I 4 = 8 · MediumISR06Internal administrator; compromised admin accountInherent: High (15)Residual: Medium (8)
Inherent
L 3 × I 5 = 15 · HighResidual
L 2 × I 4 = 8 · MediumISR07External actor (hacktivist, criminal, competitor)Inherent: Medium (9)Residual: Low (4)
Inherent
L 3 × I 3 = 9 · MediumResidual
L 2 × I 2 = 4 · LowISR08External attacker; opportunistic exploitInherent: Very High (16)Residual: Medium (8)
Inherent
L 4 × I 4 = 16 · Very HighResidual
L 2 × I 4 = 8 · MediumISR09Inadequate data protection processes; data sprawl; lack of awarenessInherent: High (15)Residual: Medium (8)
Inherent
L 3 × I 5 = 15 · HighResidual
L 2 × I 4 = 8 · MediumISR10Advanced persistent attacker; insider; opportunistic intruderInherent: High (12)Residual: Medium (6)
Inherent
L 3 × I 4 = 12 · HighResidual
L 2 × I 3 = 6 · MediumISR11Misuse of LLM by employees; vendor model security failures; adversarial inputs (prompt injection)Inherent: Very High (16)Residual: Medium (9)
Inherent
L 4 × I 4 = 16 · Very HighResidual
L 3 × I 3 = 9 · MediumISR12Theft; loss; opportunistic compromiseInherent: Medium (9)Residual: Low (4)
Inherent
L 3 × I 3 = 9 · MediumResidual
L 2 × I 2 = 4 · LowISR13Hardware failure; natural disaster; supplier outage; cyber incidentInherent: Medium (10)Residual: Medium (8)
Inherent
L 2 × I 5 = 10 · MediumResidual
L 2 × I 4 = 8 · MediumISR14Key compromise; key loss; weak key generationInherent: Medium (10)Residual: Low (4)
Inherent
L 2 × I 5 = 10 · MediumResidual
L 1 × I 4 = 4 · LowISR15Former employee; contractor offboarding gapInherent: High (12)Residual: Medium (8)
Inherent
L 3 × I 4 = 12 · HighResidual
L 2 × I 4 = 8 · MediumISR16Improperly configured cloud resources (storage buckets, IAM roles, network ACLs) expose sensitive dataInherent: Very High (20)Residual: Medium (8)
Inherent
L 4 × I 5 = 20 · Very HighResidual
L 2 × I 4 = 8 · MediumISR17Targeted phishing campaign harvests employee credentials leading to account takeover and lateral movementInherent: Very High (20)Residual: Medium (8)
Inherent
L 5 × I 4 = 20 · Very HighResidual
L 2 × I 4 = 8 · MediumISR18Ransomware encrypts production systems and lateral spread defeats backup recoveryInherent: Very High (20)Residual: Medium (8)
Inherent
L 4 × I 5 = 20 · Very HighResidual
L 2 × I 4 = 8 · MediumISR19Critical SaaS vendor suffers breach exposing Company data or servicesInherent: High (15)Residual: Medium (8)
Inherent
L 3 × I 5 = 15 · HighResidual
L 2 × I 4 = 8 · MediumISR20Volumetric DDoS attack causes prolonged customer-facing service outageInherent: High (12)Residual: Low (3)
Inherent
L 3 × I 4 = 12 · HighResidual
L 1 × I 3 = 3 · LowISR21Privileged user (administrator, developer) intentionally or negligently misuses accessInherent: Medium (10)Residual: Low (4)
Inherent
L 2 × I 5 = 10 · MediumResidual
L 1 × I 4 = 4 · LowISR22AI system generates harmful, biased, or factually incorrect output that influences business decisions or customer interactionsInherent: Very High (16)Residual: Medium (8)
Inherent
L 4 × I 4 = 16 · Very HighResidual
L 2 × I 4 = 8 · MediumISR23Regulatory reporting (GDPR breach notification, NIS 2 incident reporting) missed or incomplete within mandatory timeframesInherent: High (12)Residual: Medium (6)
Inherent
L 3 × I 4 = 12 · HighResidual
L 2 × I 3 = 6 · MediumISR24Malicious code injected into open-source library used in production applicationInherent: High (12)Residual: Medium (6)
Inherent
L 3 × I 4 = 12 · HighResidual
L 2 × I 3 = 6 · MediumISR25Backups corrupted, encrypted by attacker, or unable to restore in a real recovery scenarioInherent: Medium (10)Residual: Low (4)
Inherent
L 2 × I 5 = 10 · MediumResidual
L 1 × I 4 = 4 · LowTop 5 Residual Risks
Highest residual rating after applied Controls. These are the open risks that warrant the most management attention.
Risk Distribution
Inherent and residual risk distribution across the 5×5 likelihood × impact matrix.
Inherent Risk Distribution
Residual Risk Distribution
GRC Mapping
Framework Controls mapped to seven governance, risk, and compliance standards. Each section lists the Controls that satisfy that standard, with current maturity and gap. Click any Control ID for its full details.
Certification & Regulatory Posture
Per-standard certification status, issuing body, and the next milestone with countdown. Sample data — the workbook will own these values in a future release.
2026-09-15
2026-12-01
2026-08-02
2026-09-30
2026-12-31
2026-09-11
2027-05-12
Regulatory & Audit Deadline Calendar
Upcoming regulatory enforcement dates and audit milestones, soonest first.
2026-08-02
2026-09-11
2026-09-15
2026-09-30
2026-12-01
2026-12-31
2027-05-12
2027-08-02
2027-09-15
2027-12-11
Avg Gap 0.46
Avg Gap 0.80
Avg Gap 0.80
Avg Gap 0.44
Avg Gap 0.46
Avg Gap 0.50
Avg Gap 0.44
ISO 27001 341
ISO/IEC 27001:2022 - Information Security Management System (ISMS) certification standard.
ISO 42001 89
ISO/IEC 42001:2023 - AI Management System (AIMS) certification standard.
EU AI Act 90
EU Artificial Intelligence Act - risk-based regulation for AI systems placed on the EU market.
EU GDPR 162
EU General Data Protection Regulation - personal data protection law.
NIS 2 341
NIS 2 Directive (EU 2022/2555) - cybersecurity baseline for essential and important entities.
EU CRA 44
EU Cyber Resilience Act - security requirements for products with digital elements.
TISAX 335
TISAX (Trusted Information Security Assessment Exchange) - automotive-sector security framework based on ISA 6.
Forecast
Where the ISMS is heading versus committed Target dates. Answers “are we going to make it on time, and where do we need to accelerate?”
Per-Domain Trajectory
Each Domain’s current trajectory against its committed Target date. Slipping or Stagnant Domains drag the company-wide projection.
Action Lists
Top 5 in each category — the levers to keep ISMS on commitment.
Improving 10
Need Acceleration 10
Slipping (no movement) 10
All Forecast-Below-Target Controls
All Controls Forecast Below Target 81 — click to expand
ISMS Control Library v4.3.4
Updated 6 June 2026
KPI Scoring Model
The 10-level scale, evidence anchors, aggregation rule, and target-setting guidance that determine how Controls are measured and how the Healthy / Watch / Attention thresholds are derived.
10-Level Maturity Scale with Evidence Anchors
| Level | Band | Description | Evidence Anchor |
|---|---|---|---|
| 1 - Absent | Initial | No controls exist. The area is not addressed: no approach, no activity, no record. Coverage, Execution, Documentation, Reporting, and Review are all None. | No process, no procedure, no records. Asked about the control, the answer is "we don't do this" or "we haven't started". |
| 2 - Ad Hoc / Informal | Initial | The control is performed only reactively or informally. Covers two real-world states sharing the same defining weakness — no systematic, documented, owned approach: (a) reactive — activity occurs on demand or in response to an incident; and/or (b) informal-but-routine — activity is performed with some regularity by individuals, but depends on those people, follows no documented process, and has no formally accountable owner. Coverage and Execution are inconsistent or person-dependent; Documentation is inconsistent or absent; Reporting and Review are absent. | No documented process and no formally accountable owner. Activity is triggered by demand, incident, or individual habit rather than a defined cadence. Records (if any) live in individuals' notes, inboxes, or heads rather than a system of record. If the activity stopped because one person left, it was Level 2. |
| 3 - Planned | Developing | A systematic approach has been recognised, defined, and committed to, but is not yet operating. Gaps are identified; improvement is planned and resourced. Execution and Documentation remain inconsistent; Reporting and Review are not yet reliable. | A documented intention exists (charter, project plan, roadmap entry) with a named owner, allocated resource, and a target date. Execution has not yet begun, or exists only as a pilot. |
| 4 - Implementing | Developing | The systematic approach is being implemented. Process and tooling are partly in place and in use. Coverage and Execution are becoming consistent but are not yet complete; Documentation is consistent; Reporting and Review are still inconsistent. | A documented process exists with a named owner and is in use across at least part of scope. Coverage gaps are known and tracked. Review cadence is not yet routine. |
| 5 - Managed | Established | The systematic approach is operational and maintained as business-as-usual. Required process and tools are used consistently. All five attributes are consistent. | Process operates to a documented cadence across full scope. Outputs are recorded systematically. Periodic review occurs at the defined cadence. Named accountability exists with role-based backup. Owners can produce evidence on request without preparation effort. |
| 6 - Integrated | Established | The control is consciously aligned with the wider governance system and with strategic, tactical, and operational planning. It appears in roadmaps, objectives, and KPIs/OKRs with forward-looking targets — not just current-state scores. All five attributes remain consistent. | Level 5 evidence plus the control appears in at least one of: (a) a current-year executive or board roadmap with a forward target; (b) a non-security business unit's planning document; or (c) a KPI/OKR with a measurable forward trajectory. The forward target must be explicitly documented, quantified, and tracked. A qualitative mention ("we plan to mature this") does not satisfy the anchor. |
| 7 - Measured | Optimising | The control is actively analysed for improvement. Metrics and trend analysis are used routinely to identify weaknesses and drive change; improvement is evidence-led rather than opinion-led. All five attributes consistent. | Metrics are analysed at a defined cadence. In-year improvement decisions are traceable to data findings — not opinion or audit findings alone. Trend analysis is visible in periodic reporting. |
| 8 - Optimising | Optimising | Improvement is continuous and largely self-sustaining. The area refines its own process and tooling based on data, anticipates change rather than reacting to it, and consistently meets or beats its targets. All five attributes consistent. | Process and tooling refinements occur self-directed, based on data, without an external trigger (audit, incident, regulatory pressure). The control regularly meets or exceeds its targets. There is demonstrable anticipation of change — updates ahead of regulatory change or ahead of a threat-landscape shift. |
| 9 - Innovating | Leading | The control extends the wider system's capability. It identifies and introduces genuinely new functionality, process, or tooling that did not previously exist — raising the ceiling for what the organisation can do, not just doing the existing thing better. All five attributes consistent. | The control introduces capability that did not previously exist in the organisation — new process, new tooling, new measurement, or new linkage to a business outcome. The change is internally visible and demonstrably new, distinct from "we improved our existing X". |
| 10 - Leading | Leading | The control is a recognised business enabler at the external edge of practice. It unlocks new business opportunity, shapes practice beyond the organisation, and is benchmarked against — rather than benchmarking. All five attributes consistent. | Externally visible artefacts required: (a) published guidance, case studies, or industry working-group leadership; (b) a formal benchmarking position — the organisation is benchmarked against by others; or (c) recognition by an industry body, regulator, or peer consensus. Level 10 is a recognition of fact, not an aspiration. If asked "are we Level 10?" and the answer involves "we think we are", it is not Level 10. |
Target-Setting Guidance
Targets are set per Control. Without guidance, every Control risks being targeted at Level 8-10, which is unrealistic and dilutes the model's analytical signal. Recommended defaults by Control category:
| Control category | Default target range |
|---|---|
| Foundational governance Controls — policy documentation, procedure documentation, administrative controls which do not require quantitative analysis for effectiveness | 6 |
| Operational baseline Controls — event monitoring, identity & access, CTEM, incident response, change management, backup & recovery | 6-7 |
| Controls protecting critical assets, or controls requiring more detailed analysis for effectiveness | 7-8 |
| Controls underpinning unique competitive capability or where innovation is a deliberate business outcome | 8-9 |
| Where innovation or external recognition is a real and resourced business outcome (not standard operations) | 9-10 |
— A target above Level 8 should be justified per Control with a written business rationale.
— Controls in general should not have a Level 9-10 Target; setting them as aspirational dilutes the model's signal and shifts focus from achievable improvement.
— Targets are reviewed at the same cadence as the maturity scoring itself.
— A regression in score (Current falls below the prior measurement) is itself a finding that warrants documented explanation — not an automatic failure.
The Five Assessment Attributes
Every level is assessed against five attributes. The overall level is governed by the weakest attribute — all five must reach a level's threshold for the Control to score at that level.
| Attribute | Question it answers |
|---|---|
| Coverage | Across what proportion of the in-scope estate does the approach apply? |
| Execution | Is the activity actually performed, consistently, as defined? |
| Documentation | Is the approach and its output recorded in a system of record? |
| Reporting | Are results surfaced to those who need them, on a cadence? |
| Review | Is the approach periodically examined and improved? |
Scoring Protocol — Decision Tree
To make scoring repeatable across assessors, determine the level by answering gate questions in sequence and stopping at the first “no”. The level is the highest band for which all gates are satisfied. Score the five attributes individually first, then apply the gates — the attribute-level data is more diagnostic than the final number.
All six checks must be true to reach Level 5. Any box unchecked → the Control stays at Level 4, regardless of how advanced other attributes are.
External Crosswalk
A one-line interpretation aid so auditors, customers, and benchmarking surveys can read the scores without translation disputes. Mappings are approximate and for orientation only.
| Level | Band | CMMI v3.0 | NIST CSF 2.0 Tier | Baldrige Cybersecurity Excellence Builder v1.1 | COBIT 2019 |
|---|---|---|---|---|---|
| 1 - Absent | Initial | 0 Incomplete | — | — | 0 Incomplete |
| 2 - Ad Hoc / Informal | Initial | 1 Initial | Tier 1 (Partial) | Reactive | 1 Initial |
| 3 - Planned | Developing | 1-2 | Tier 1-2 | Reactive-Early | 2 Managed |
| 4 - Implementing | Developing | 2 Managed | Tier 2 (Risk Informed) | Early | 2 Managed |
| 5 - Managed | Established | 3 Defined | Tier 2-3 | Developing | 3 Defined |
| 6 - Integrated | Established | 3 Defined | Tier 3 (Repeatable) | Mature | 4 Quantitatively Managed |
| 7 - Measured | Optimising | 4 Quantitatively Managed | Tier 3-4 | Mature-Leading | 4 Quantitatively Managed |
| 8 - Optimising | Optimising | 5 Optimizing | Tier 4 (Adaptive) | Leading | 5 Optimising |
| 9 - Innovating | Leading | (beyond model) | (beyond model) | Exemplary | (beyond model) |
| 10 - Leading | Leading | (beyond model) | (beyond model) | Exemplary | (beyond model) |
Baldrige caps its six-level scale at Exemplary and does not distinguish novelty (Level 9) from external recognition (Level 10); both map to Exemplary. CMMI v3.0 deliberately caps at five levels, partly to avoid incentivising novelty-for-its-own-sake.