216.73.217.22

T1053.003: T1053.003

View on MITRE ATT&CK The MITRE Corporation · Published 16/12/2025 19:37 · Modified 27/03/2026 01:08

Essential information

MITRE technique ID
T1053.003
Confidence
100/100
Revoked
No
Published
16/12/2025 19:37
Modified
27/03/2026 01:08
Author / Source
The MITRE Corporation

Aliases

Cron

Platforms

macos linux ESXi

Description

Adversaries may abuse the `cron` utility to perform task scheduling for initial or recurring execution of malicious code.(Citation: 20 macOS Common Tools and Techniques) The `cron` utility is a time-based job scheduler for Unix-like operating systems. The ` crontab` file contains the schedule of cron entries to be run and the specified times for execution. Any `crontab` files are stored in operating system-specific file paths. An adversary may use `cron` in Linux or Unix environments to execute programs at system startup or on a scheduled basis for [Persistence](https://attack.mitre.org/tactics/TA0003). In ESXi environments, cron jobs must be created directly via the crontab file (e.g., `/var/spool/cron/crontabs/root`).(Citation: CloudSEK ESXiArgs 2023)

Kill chain phases

Kill chainPhase
mitre-attack execution
mitre-attack persistence
mitre-attack privilege-escalation

Marking (TLP)

TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.

Intrusion sets (APT) (23)

  • Koske uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 15:50 · Modified 21/12/2025 15:50
  • Shai-Hulud uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 19:07 · Modified 21/12/2025 19:18
  • Rocke uses
    The MITRE Corporation Confidence 100

    [Rocke](https://attack.mitre.org/groups/G0106) is an alleged Chinese-speaking adversary whose primary objective appeared to be cryptojacking, or stealing victim system resources for the purposes of mining cryptocurrency. The name [Rocke](https://attack.mitre.org/groups/G0106) comes …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:14
  • Transparent Tribe uses COPPER FIELDSTONEMythic Leopard
    The MITRE Corporation Confidence 100

    [Transparent Tribe](https://attack.mitre.org/groups/G0134) is a suspected Pakistan-based threat group that has been active since at least 2013, primarily targeting diplomatic, defense, and research organizations in India and Afghanistan.(Citation: Proofpoint …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
  • Outlaw uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 13:19 · Modified 21/12/2025 13:55
  • APT5 uses Mulberry TyphoonMANGANESE
    The MITRE Corporation Confidence 100

    [APT5](https://attack.mitre.org/groups/G1023) is a China-based espionage actor that has been active since at least 2007 primarily targeting the telecommunications, aerospace, and defense industries throughout the U.S., Europe, and Asia. …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
  • APT28 uses IRON TWILIGHTSNAKEMACKEREL
    The MITRE Corporation Confidence 100

    [APT28](https://attack.mitre.org/groups/G0007) is a threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165.(Citation: NSA/FBI Drovorub …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 08/04/2026 13:02
  • FIN7 uses GOLD NIAGARAITG14
    The MITRE Corporation Confidence 100

    [FIN7](https://attack.mitre.org/groups/G0046) is a financially-motivated threat group that has been active since 2013. [FIN7](https://attack.mitre.org/groups/G0046) has targeted the retail, restaurant, hospitality, software, consulting, financial services, medical equipment, cloud services, media, …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
  • INJ3CTOR3 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 28/01/2026 23:46 · Modified 28/01/2026 23:46
  • Kinsing uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 01:48 · Modified 21/12/2025 01:48
  • PCPJack uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 04/06/2026 11:08 · Modified 04/06/2026 11:08
  • CyberAv3ngers uses Soldiers of Soloman
    The MITRE Corporation Confidence 100

    The [CyberAv3ngers](https://attack.mitre.org/groups/G1027) are a suspected Iranian Government Islamic Revolutionary Guard Corps (IRGC)-affiliated APT group. The [CyberAv3ngers](https://attack.mitre.org/groups/G1027) have been known to be active since at least 2020, with disputed …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 17/12/2025 22:50 · Modified 27/03/2026 01:44
  • Nexus Team uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/04/2026 12:52 · Modified 20/04/2026 12:52
  • UNC6201 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 18/02/2026 17:40 · Modified 18/02/2026 17:40
  • SideCopy uses
    The MITRE Corporation Confidence 100

    [SideCopy](https://attack.mitre.org/groups/G1008) is a Pakistani threat group that has primarily targeted South Asian countries, including Indian and Afghani government personnel, since at least 2019. [SideCopy](https://attack.mitre.org/groups/G1008)'s name comes from its …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:14
  • TeamTNT uses
    The MITRE Corporation Confidence 100

    [TeamTNT](https://attack.mitre.org/groups/G0139) is a threat group that has primarily targeted cloud and containerized environments. The group as been active since at least October 2019 and has mainly focused its …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
  • The Gentlemen uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 16:02 · Modified 27/05/2026 15:52
  • TransparentTribe uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 17:45 · Modified 21/12/2025 17:45
  • Diicot uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 00:01 · Modified 21/12/2025 00:01
  • LockBit uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 23:28 · Modified 21/12/2025 12:28
  • VerdantBamboo uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 08/06/2026 10:53 · Modified 08/06/2026 10:53
  • STARDUST CHOLLIMA uses NICKEL GLADSTONEBeagleBoyz
    The MITRE Corporation Confidence 100

    [APT38](https://attack.mitre.org/groups/G0082) is a North Korean state-sponsored threat group that specializes in financial cyber operations; it has been attributed to the Reconnaissance General Bureau.(Citation: CISA AA20-239A BeagleBoyz August 2020) …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 04/05/2026 16:33
  • APT36, SideCopy uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 06:08 · Modified 21/12/2025 06:08

Malware (82)

  • Janicab
  • Xeno RAT uses
    Family
    Published 28/01/2026 18:26 · Modified 28/01/2026 18:26
  • NHAS reverse_ssh uses
    Family
    Published 11/02/2025 04:47 · Modified 11/02/2025 04:47
  • Sobolan uses
    Family
    Published 12/03/2025 11:48 · Modified 12/03/2025 11:48
  • systemd-logind uses
    Family
    Published 22/04/2026 22:57 · Modified 22/04/2026 22:57
  • Kinsing
  • PsExec uses
    Family
    Published 20/04/2026 15:00 · Modified 20/04/2026 15:00
  • EncystPHP uses
    Family
    Published 28/01/2026 18:26 · Modified 28/01/2026 18:26
  • Linuxsys uses
    Family
    Published 18/07/2025 07:36 · Modified 18/07/2025 07:36
  • Action RAT - S1028 uses
    Family
    Published 29/07/2024 10:59 · Modified 29/07/2024 10:59
  • Gafgyt uses
    Family
    Published 03/06/2026 22:14 · Modified 03/06/2026 22:14
  • AGENTPSD uses
    Family
    Published 05/06/2026 18:07 · Modified 05/06/2026 18:07
  • CurlBack RAT uses
    Family
    Published 08/04/2025 19:06 · Modified 08/04/2025 19:06
  • LockBit uses
    Family
    Published 06/05/2026 10:26 · Modified 06/05/2026 10:26
  • DISGOMOJI uses
    Family
    Published 29/07/2024 10:59 · Modified 29/07/2024 10:59
  • kagent uses
    Family
    Published 16/04/2026 08:36 · Modified 16/04/2026 08:36
  • AvNeutralizer uses
    Family
    Published 17/09/2024 11:19 · Modified 17/09/2024 11:19
  • COMPOOD uses
    Family
    Published 28/01/2026 13:31 · Modified 28/01/2026 13:31
  • Gomir
  • ReverseSSH uses
    Family
    Published 11/02/2025 04:47 · Modified 11/02/2025 04:47
  • EarnFM uses
    Family
    Published 22/04/2026 22:57 · Modified 22/04/2026 22:57
  • Powertrash uses
    Family
    Published 17/07/2024 13:57 · Modified 17/07/2024 13:57
  • gsocket uses
    Family
    Published 14/05/2026 20:10 · Modified 14/05/2026 20:10
  • PHP Reinfector uses
    Family
    Published 14/11/2024 03:18 · Modified 14/11/2024 03:18
  • Nexcorium uses
    Family
    Published 17/04/2026 18:56 · Modified 17/04/2026 18:56
  • mimikatz uses
    Family
    Published 11/05/2026 16:15 · Modified 11/05/2026 16:15
  • Sliver uses
    Family
    Published 12/06/2026 21:29 · Modified 12/06/2026 21:29
  • Core Impact uses
    Family
    Published 17/07/2024 13:57 · Modified 17/07/2024 13:57
  • Koske uses
    Family
    Published 24/07/2025 19:44 · Modified 24/07/2025 19:44
  • Xorddos uses
    Family
    Published 14/04/2026 08:54 · Modified 14/04/2026 08:54
  • C0XMO uses
    Family
    Published 03/06/2026 22:14 · Modified 03/06/2026 22:14
  • Xbash
  • BRICKSTORM uses
    Family
    Published 05/06/2026 18:07 · Modified 05/06/2026 18:07
  • SpyPress.Roundish uses
    Family
    Published 18/03/2026 10:51 · Modified 18/03/2026 10:51
  • Backdoor Malware uses
    Family
    Published 14/11/2024 03:18 · Modified 14/11/2024 03:18
  • SpeakUp
  • NKAbuse uses
    Family
    Published 16/04/2026 08:36 · Modified 16/04/2026 08:36
  • globshell uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 19:44 · Modified 21/12/2025 04:24
  • XMRig uses
    Family
    Published 28/05/2026 10:56 · Modified 28/05/2026 10:56
  • AnyDesk uses
    Family
    Published 10/06/2026 11:58 · Modified 10/06/2026 11:58
  • FH8a7d7M uses
    Family
    Published 22/04/2026 22:57 · Modified 22/04/2026 22:57
  • perfcc uses
    Family
    Published 17/09/2024 11:14 · Modified 17/09/2024 11:14
  • Shai-Hulud uses
    Family
    Published 01/06/2026 19:31 · Modified 01/06/2026 19:31
  • Cobalt Strike - S0154 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 19:39 · Modified 27/05/2026 21:40
  • Repocket uses
    Family
    Published 22/04/2026 22:57 · Modified 22/04/2026 22:57
  • httd uses
    Family
    Published 18/03/2026 10:51 · Modified 18/03/2026 10:51
  • Platypus uses
    Family
    Published 18/12/2024 06:34 · Modified 18/12/2024 06:34
  • perfctl uses
    Family
    Published 21/10/2024 21:25 · Modified 21/10/2024 21:25
  • Reverse RAT uses
    Family
    Published 29/07/2024 10:59 · Modified 29/07/2024 10:59
  • MINOCAT uses
    Family
    Published 13/12/2025 10:37 · Modified 13/12/2025 10:37
  • Lizar
  • Crimson RAT uses
    Family
    Published 04/02/2026 15:57 · Modified 04/02/2026 15:57
  • dnser uses
    Family
    Published 22/04/2026 22:57 · Modified 22/04/2026 22:57
  • SNOWLIGHT uses
    Family
    Published 05/05/2026 14:07 · Modified 05/05/2026 14:07
  • Dota uses
    Family
    Published 29/04/2025 16:27 · Modified 29/04/2025 16:27
  • ANGRYREBEL.LINUX uses
    Family
    Published 13/12/2025 10:37 · Modified 13/12/2025 10:37
  • Spark RAT uses
    Family
    Published 08/04/2025 19:06 · Modified 08/04/2025 19:06
  • Exaramel for Linux
  • Global Socket uses
    Family
    Published 13/02/2026 09:23 · Modified 13/02/2026 09:23
  • pyshellfox uses
    Family
    Published 24/05/2024 07:49 · Modified 24/05/2024 07:49
  • Skidmap
  • DeskRAT uses
    Family
    Published 23/10/2025 21:49 · Modified 23/10/2025 21:49
  • PCPJack uses
    Family
    Published 07/05/2026 21:33 · Modified 07/05/2026 21:33
  • Chisel uses
    Family
    Published 16/06/2026 14:27 · Modified 16/06/2026 14:27
  • Penquin
  • fkkkf uses
    Family
    Published 22/04/2026 22:57 · Modified 22/04/2026 22:57
  • GoldMax
  • SLAYSTYLE uses
    Family
    Published 19/02/2026 20:16 · Modified 19/02/2026 20:16
  • OUTLAW uses
    Family
    Published 29/04/2025 16:27 · Modified 29/04/2025 16:27
  • Poseidon uses
    Family
    Published 01/08/2025 12:31 · Modified 01/08/2025 12:31
  • NETWIRE
  • GRIMBOLT uses
    Family
    Published 19/02/2026 20:16 · Modified 19/02/2026 20:16
  • Anchor
  • HISONIC uses
    Family
    Published 13/02/2026 09:23 · Modified 13/02/2026 09:23
  • IOCONTROL uses
    Family
    Published 04/03/2026 15:30 · Modified 04/03/2026 15:30
  • SANDWORM_MODE uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 23/02/2026 11:19 · Modified 23/02/2026 11:19
  • CrossC2 uses
    Family
    Published 13/02/2026 09:23 · Modified 13/02/2026 09:23
  • The Gentlemen uses
    Family
    Published 28/05/2026 19:56 · Modified 28/05/2026 19:56
  • PLENET uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 08/06/2026 10:53 · Modified 08/06/2026 10:53
  • Mirai uses
    Family
    Published 21/05/2026 23:03 · Modified 21/05/2026 23:03
  • SystemBC uses
    Family
    Published 12/06/2026 21:29 · Modified 12/06/2026 21:29
  • Geta RAT uses
    Family
    Published 29/07/2024 10:59 · Modified 29/07/2024 10:59

Reports (30)

Vulnerabilities (CVE) (47)

CVE-2024-8963 KEV
9.4 Critical

Ivanti Cloud Services Appliance (CSA) contains a path traversal vulnerability that could allow a remote, unauthenticated attacker to access restricted functionality. If …

Attack vector
Network
Published
19/09/2024
Modified
21/12/2025
Analyzed
CVE-2025-66478

Rejected reason: This CVE is a duplicate of CVE-2025-55182.

Published
20/12/2025
Modified
21/12/2025
Rejected
CVE-2025-32756 KEV
9.8 Critical

Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail contain a stack-based overflow vulnerability that may allow a remote unauthenticated attacker to execute arbitrary code …

Attack vector
Network
Published
14/05/2025
Modified
14/01/2026
CVE-2020-1472 KEV
5.5 Medium

Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a …

Attack vector
Local
Published
03/11/2021
Modified
27/05/2026
CVE-2023-22527 KEV
9.8 Critical

Atlassian Confluence Data Center and Server contain an unauthenticated OGNL template injection vulnerability that can lead to remote code execution.

Attack vector
Network
Published
24/01/2024
Modified
21/12/2025
CVE-2022-35914 KEV
9.8 Critical

Teclib GLPI contains a remote code execution vulnerability in the third-party library, htmlawed.

Attack vector
Network
Published
07/03/2023
Modified
04/06/2026
CVE-2021-34473 KEV

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution.

Published
03/11/2021
Modified
29/05/2026
CVE-2024-36401 KEV
9.8 Critical

OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath …

Attack vector
Network
Published
15/07/2024
Modified
21/12/2025
CVE-2026-22769 KEV
10.0 Critical

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated …

Attack vector
NETWORK
Published
17/02/2026
Modified
22/02/2026
Analyzed
CVE-2021-4034 KEV

The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights.

Published
27/06/2022
Modified
20/12/2025
CVE-2023-3519 KEV
9.8 Critical

Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution.

Attack vector
Network
Published
19/07/2023
Modified
27/05/2026
CVE-2023-38646
9.8 Critical

Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's …

Attack vector
NETWORK
Published
21/07/2023
Modified
21/12/2025
CVE-2024-3721
6.3 Medium

A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing …

Attack vector
NETWORK
Published
13/04/2024
Modified
21/12/2025
CVE-2024-2012
9.1 Critical

vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code …

Published
11/06/2024
Modified
11/06/2024
Received
CVE-2025-67779
7.5 High

It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service …

Published
12/12/2025
Modified
12/12/2025
Modified
CVE-2025-48703 KEV
9.0 Critical

CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command Injection vulnerability that allows unauthenticated remote code execution via shell …

Attack vector
Network
Published
04/11/2025
Modified
08/05/2026
Received
CVE-2016-15047
8.7 High

AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The `exefile` parameter in CloudSetup.cgi is passed …

EPSS
0.0037 (P58.9%)
Published
04/06/2026
Modified
04/06/2026
Received
CVE-2024-11680
9.8 Critical

ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted …

Published
26/11/2024
Modified
06/12/2024
Analyzed
CVE-2024-9474 KEV
7.2 High

A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to …

Attack vector
Network
Published
18/11/2024
Modified
21/12/2025
Undergoing Analysis
CVE-2019-19006 KEV
9.8 Critical

Sangoma FreePBX contains an improper authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services provided by the …

Attack vector
NETWORK
Complexity
Low
Published
21/11/2019
Modified
18/06/2026
CVE-2021-45461
9.8 Critical

FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as …

Attack vector
NETWORK
Published
22/12/2021
Modified
28/01/2026
CVE-2025-55183
5.3 Medium

An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including …

Attack vector
NETWORK
Published
11/12/2025
Modified
21/12/2025
Analyzed
CVE-2024-0012 KEV
9.8 Critical

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to …

Attack vector
Network
Published
18/11/2024
Modified
21/12/2025
Undergoing Analysis
CVE-2025-9501
9.0 Critical

The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the _parse_dynamic_mfunc function, allowing unauthenticated users to execute …

Attack vector
NETWORK
Published
17/11/2025
Modified
08/05/2026
Awaiting Analysis
CVE-2025-55184
7.5 High

A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the …

Attack vector
NETWORK
Published
11/12/2025
Modified
21/12/2025
Modified
CVE-2025-64328 KEV
8.6 High

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore …

Attack vector
Network
Complexity
Low
Published
07/11/2025
Modified
18/06/2026
CVE-2025-55182 KEV
10.0 Critical

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, …

Attack vector
Network
Published
05/12/2025
Modified
29/05/2026
Analyzed
CVE-2021-31207 KEV

Microsoft Exchange Server contains an unspecified vulnerability that allows for security feature bypass.

Published
03/11/2021
Modified
20/12/2025
CVE-2024-8190 KEV
7.2 High

An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to …

Attack vector
Network
Published
13/09/2024
Modified
21/12/2025
Analyzed
CVE-2025-29927
9.1 Critical

Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and …

Attack vector
NETWORK
Published
21/03/2025
Modified
21/12/2025
Received
CVE-2025-30406

Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, which enables threat …

Published
03/04/2025
Modified
03/04/2025
Received
CVE-2024-9381
7.2 High

Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions.

Attack vector
NETWORK
Published
08/10/2024
Modified
21/12/2025
Analyzed
CVE-2021-41773 KEV
9.8 Critical

Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured …

Attack vector
Network
Published
03/11/2021
Modified
18/02/2026
CVE-2026-1357
9.8 Critical

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up …

Attack vector
Network
Published
11/02/2026
Modified
08/05/2026
Awaiting Analysis
CVE-2022-1388 KEV

F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, …

Published
10/05/2022
Modified
20/12/2025
CVE-2026-39987 KEV
9.3 Critical

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication …

Attack vector
Network
Complexity
Low
Published
09/04/2026
Modified
29/04/2026
CVE-2023-34960
9.8 Critical

A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a …

Attack vector
NETWORK
Published
01/08/2023
Modified
21/12/2025
CVE-2025-34054
10.0 Critical

An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to …

EPSS
0.0230 (P85.0%)
Published
04/06/2026
Modified
04/06/2026
Received
CVE-2024-9379 KEV
6.5 Medium

Ivanti Cloud Services Appliance (CSA) contains a SQL injection vulnerability in the admin web console in versions prior to 5.0.2, which can …

Attack vector
Network
Published
09/10/2024
Modified
21/12/2025
Analyzed
CVE-2021-34523 KEV

Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.

Published
03/11/2021
Modified
20/12/2025
CVE-2015-2051 KEV
8.8 High

D-Link DIR-645 Wired/Wireless Router allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.

Attack vector
Adjacent
Complexity
LOW
Published
23/02/2015
Modified
22/04/2026

Attack patterns (MITRE) (1)

  • T1053 subtechnique-of
    Scheduled Task/Job

Course Of Action (2)

  • User Account Management mitigates
  • Audit mitigates

Campaign (1)

  • Operation MidnightEclipse uses