216.73.217.22

T1104: Multi-Stage Channels

View on MITRE ATT&CK The MITRE Corporation · Published 16/12/2025 19:38 · Modified 27/03/2026 01:10

Essential information

MITRE technique ID
T1104
Confidence
100/100
Revoked
No
Published
16/12/2025 19:38
Modified
27/03/2026 01:10
Author / Source
The MITRE Corporation

Aliases

T1104

Platforms

windows macos linux ESXi

Description

Adversaries may create multiple stages for command and control that are employed under different conditions or for certain functions. Use of multiple stages may obfuscate the command and control channel to make detection more difficult. Remote access tools will call back to the first-stage command and control server for instructions. The first stage may have automated capabilities to collect basic host information, update tools, and upload additional files. A second remote access tool (RAT) could be uploaded at that point to redirect the host to the second-stage command and control server. The second stage will likely be more fully featured and allow the adversary to interact with the system through a reverse shell and additional RAT features. The different stages will likely be hosted separately with no overlapping infrastructure. The loader may also have backup first-stage callbacks or [Fallback Channels](https://attack.mitre.org/techniques/T1008) in case the original first-stage communication path is discovered and blocked.

Kill chain phases

Kill chainPhase
mitre-attack command-and-control

Marking (TLP)

TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.

Intrusion sets (APT) (38)

  • Hive0133 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 01:41 · Modified 21/12/2025 01:41
  • Bitter uses T-APT-17
    The MITRE Corporation Confidence 100

    [BITTER](https://attack.mitre.org/groups/G1002) is a suspected South Asian cyber espionage threat group that has been active since at least 2013. [BITTER](https://attack.mitre.org/groups/G1002) has targeted government, energy, and engineering organizations in Pakistan, …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 09/04/2026 20:05
  • MUSTANG PANDA uses BRONZE PRESIDENTSTATELY TAURUS
    The MITRE Corporation Confidence 100

    [Mustang Panda](https://attack.mitre.org/groups/G0129) is a China-based cyber espionage threat actor that has been conducting operations since at least 2012. [Mustang Panda](https://attack.mitre.org/groups/G0129) has been known to use tailored phishing lures …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 22/05/2026 04:12
  • MuddyWater uses Earth VetalaStatic Kitten
    The MITRE Corporation Confidence 100

    [MuddyWater](https://attack.mitre.org/groups/G0069) is a cyber espionage group assessed to be a subordinate element within Iran's Ministry of Intelligence and Security (MOIS).(Citation: CYBERCOM Iranian Intel Cyber January 2022) Since at …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 04/05/2026 16:33
  • APT28 uses IRON TWILIGHTSNAKEMACKEREL
    The MITRE Corporation Confidence 100

    [APT28](https://attack.mitre.org/groups/G0007) is a threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165.(Citation: NSA/FBI Drovorub …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 08/04/2026 13:02
  • Pensive Ursa uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 01:31 · Modified 21/12/2025 01:31
  • Blackwood uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 02:55 · Modified 21/12/2025 02:55
  • Flax Typhoon uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 07:13 · Modified 21/12/2025 07:13
  • TA402 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 01:35 · Modified 21/12/2025 01:35
  • Clasiopa uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 23:26 · Modified 20/12/2025 23:26
  • ITG10 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 00:41 · Modified 21/12/2025 00:41
  • Magic Hound uses COBALT ILLUSIONITG18
    The MITRE Corporation Confidence 100

    [Magic Hound](https://attack.mitre.org/groups/G0059) is an Iranian-sponsored threat group that conducts long term, resource-intensive cyber espionage operations, likely on behalf of the Islamic Revolutionary Guard Corps. They have targeted European, …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
  • REF4526 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 22:37 · Modified 20/12/2025 22:37
  • APT-C-36 uses Blind Eagle
    The MITRE Corporation Confidence 100

    [APT-C-36](https://attack.mitre.org/groups/G0099) is a suspected South America espionage group that has been active since at least 2018. The group mainly targets Colombian government institutions as well as important corporations …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 04/05/2026 16:33
  • Lazarus uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 21:17 · Modified 29/05/2026 12:20
  • GhostSec uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 01:35 · Modified 21/12/2025 01:35
  • Sharp Panda uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 23:57 · Modified 20/12/2025 23:57
  • Deathstalker uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 21:52 · Modified 20/12/2025 23:05
  • APT41 uses Wicked PandaBrass Typhoon
    The MITRE Corporation Confidence 100

    [APT41](https://attack.mitre.org/groups/G0096) is a threat group that researchers have assessed as Chinese state-sponsored espionage group that also conducts financially-motivated operations. Active since at least 2012, [APT41](https://attack.mitre.org/groups/G0096) has been observed …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:14
  • TA542 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 22:23 · Modified 20/12/2025 22:23
  • menuPass uses CicadaPOTASSIUM
    The MITRE Corporation Confidence 100

    [menuPass](https://attack.mitre.org/groups/G0045) is a threat group that has been active since at least 2006. Individual members of [menuPass](https://attack.mitre.org/groups/G0045) are known to have acted in association with the Chinese Ministry …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
  • BADBOX 2.0 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 10:31 · Modified 21/12/2025 10:31
  • Ice Breaker uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 23:29 · Modified 20/12/2025 23:29
  • PlushDaemon uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 10:10 · Modified 21/12/2025 10:10
  • OilRig uses COBALT GYPSYIRN2
    The MITRE Corporation Confidence 100

    [OilRig](https://attack.mitre.org/groups/G0049) is a suspected Iranian threat group that has targeted Middle Eastern and international victims since at least 2014. The group has targeted a variety of sectors, including …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
  • CozyDuke uses IRON RITUALIRON HEMLOCK
    The MITRE Corporation Confidence 100

    [APT29](https://attack.mitre.org/groups/G0016) is threat group that has been attributed to Russia's Foreign Intelligence Service (SVR).(Citation: White House Imposing Costs RU Gov April 2021)(Citation: UK Gov Malign RIS Activity April …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 04/05/2026 16:33
  • TEMP.Hermit uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 23:34 · Modified 20/12/2025 23:34
  • STARDUST CHOLLIMA uses NICKEL GLADSTONEBeagleBoyz
    The MITRE Corporation Confidence 100

    [APT38](https://attack.mitre.org/groups/G0082) is a North Korean state-sponsored threat group that specializes in financial cyber operations; it has been attributed to the Reconnaissance General Bureau.(Citation: CISA AA20-239A BeagleBoyz August 2020) …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 04/05/2026 16:33
  • Magecart uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 00:17 · Modified 21/12/2025 00:17
  • Lazarus Group uses HIDDEN COBRAGuardians of Peace
    The MITRE Corporation Confidence 100

    [Lazarus Group](https://attack.mitre.org/groups/G0032) is a North Korean state-sponsored cyber threat group attributed to the Reconnaissance General Bureau (RGB). (Citation: US-CERT HIDDEN COBRA June 2017) (Citation: Treasury North Korean Cyber …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
  • IMPERIAL KITTEN uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 01:51 · Modified 21/12/2025 01:51
  • APT3 related Gothic PandaPirpi
    The MITRE Corporation Confidence 100

    [APT3](https://attack.mitre.org/groups/G0022) is a China-based threat group that researchers have attributed to China's Ministry of State Security.(Citation: FireEye Clandestine Wolf)(Citation: Recorded Future APT3 May 2017) This group is responsible …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 04/05/2026 16:33
  • Earth Bogle related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 23:11 · Modified 20/12/2025 23:11
  • El Machete, SideWinder, Lyceum related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 19:34 · Modified 20/12/2025 19:34
  • Sidewinder related T-APT-04Rattlesnake
    The MITRE Corporation Confidence 100

    [Sidewinder](https://attack.mitre.org/groups/G0121) is a suspected Indian threat actor group that has been active since at least 2012. They have been observed targeting government, military, and business entities throughout Asia, …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:14
  • ToddyCat related
    The MITRE Corporation Confidence 100

    [ToddyCat](https://attack.mitre.org/groups/G1022) is a sophisticated threat group that has been active since at least 2020 using custom loaders and malware in multi-stage infection chains against government and military targets …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
  • Water Minyades related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 23:07 · Modified 20/12/2025 23:07
  • Worok related
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 22:03 · Modified 20/12/2025 22:03

Malware (134)

  • SentinelSneak
  • Nitrogen uses
    Family
    Published 20/05/2025 19:27 · Modified 20/05/2025 19:27
  • Conti uses
    Family
    Published 27/09/2024 13:43 · Modified 27/09/2024 13:43
  • Latrodectus uses
    Family
    Published 12/06/2026 21:29 · Modified 12/06/2026 21:29
  • MadMxShell uses
    Family
    Published 15/07/2024 14:52 · Modified 15/07/2024 14:52
  • DUCKTAIL uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 19:35 · Modified 21/12/2025 01:43
  • XMRig uses
    Family
    Published 28/05/2026 10:56 · Modified 28/05/2026 10:56
  • PE_URSNIF uses
    Family
    Published 05/06/2026 18:07 · Modified 05/06/2026 18:07
  • Stonefly
  • Trojan:Win64/NukeSped
  • Luna Grabber
  • LunarWeb uses
    Family
    Published 16/05/2024 09:35 · Modified 16/05/2024 09:35
  • VileLoader
  • Valak
  • TrojanSpy uses
    Family
    Published 25/03/2025 21:10 · Modified 25/03/2025 21:10
  • JSObfuscated
  • Sidewinder
  • SlowStepper uses
    Family
    Published 19/11/2025 21:09 · Modified 19/11/2025 21:09
  • Ekipa
  • Bazar
  • Five Eyes
  • Roaming Mantis
  • WarzoneRAT
  • NETWIRE
  • GhostLocker
  • ProxyShellMiner
  • PolarEdge uses
    Family
    Published 01/09/2025 09:30 · Modified 01/09/2025 09:30
  • Lamberts
  • Karkoff
  • El Machete
  • TOUCHSHIFT
  • Dridex
  • Akira uses
    Family
    Published 12/06/2026 16:57 · Modified 12/06/2026 16:57
  • NJRat uses
    Family
    Published 05/03/2025 11:12 · Modified 05/03/2025 11:12
  • MATA
  • ROOTSAW
  • LIDSHOT
  • VMConnect
  • Exodus Wallet
  • Uroburos
  • Popping Eagle
  • DBatLoader uses
    Family
    Published 27/06/2024 09:26 · Modified 27/06/2024 09:26
  • ZxxZ
  • IcedID uses
    Family
    Published 29/04/2024 19:15 · Modified 29/04/2024 19:15
  • Nosedive uses
    Family
    Published 20/09/2024 11:41 · Modified 20/09/2024 11:41
  • Almond
  • Lumma Stealer uses
    Family
    Published 08/06/2026 19:36 · Modified 08/06/2026 19:36
  • Agent Tesla uses
    Family
    Published 28/05/2024 13:32 · Modified 28/05/2024 13:32
  • SIDESHOW
  • DanaBot uses
    Family
    Published 03/11/2025 14:28 · Modified 03/11/2025 14:28
  • Hijackloader uses
    Family
    Published 10/06/2026 11:58 · Modified 10/06/2026 11:58
  • Redline uses
    Family
    Published 08/05/2026 11:31 · Modified 08/05/2026 11:31
  • LimeRAT uses
    Family
    Published 26/08/2025 15:21 · Modified 26/08/2025 15:21
  • LodaRAT
  • LIDSHIFT
  • StealthMutant
  • FastFire
  • BLACKCOFFEE
  • PLANKWALK
  • TEL:Hacktool:Win32/Plink
  • CryptoClippy
  • Phemedrone uses
    Family
    Published 23/10/2025 13:51 · Modified 23/10/2025 13:51
  • JumbledPath
  • LIGHTSHIFT
  • Matanbuchus uses
    Family
    Published 09/12/2025 05:39 · Modified 09/12/2025 05:39
  • SharpHound uses
    Family
    Published 16/01/2026 13:31 · Modified 16/01/2026 13:31
  • Derusbi
  • SoulSearcher
  • Kimsuky uses
    Family
    Published 11/06/2025 22:07 · Modified 11/06/2025 22:07
  • Mirai uses
    Family
    Published 21/05/2026 23:03 · Modified 21/05/2026 23:03
  • WailingCrab uses
    Family
    Published 02/09/2024 20:55 · Modified 02/09/2024 20:55
  • S500
  • BURNTBATTER
  • GootKit uses
    Family
    Published 06/11/2024 14:29 · Modified 06/11/2024 14:29
  • Hijack Loader uses
    Family
    Published 08/06/2026 19:36 · Modified 08/06/2026 19:36
  • BADBOX uses
    Family
    Published 17/02/2026 12:39 · Modified 17/02/2026 12:39
  • Chaos
  • MuuyDownloader
  • Trochilus uses
    Family
    Published 20/05/2026 17:45 · Modified 20/05/2026 17:45
  • dotRunpeX
  • ToneShell uses
    Family
    Published 17/04/2026 18:56 · Modified 17/04/2026 18:56
  • GootBot
  • BatLoader uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 19:37 · Modified 21/12/2025 01:35
  • Earth Lusca
  • Engima Stealer
  • MacStealer
  • Havoc uses
    Family
    Published 08/06/2026 10:30 · Modified 08/06/2026 10:30
  • QakBot uses
    Family
    Published 30/05/2024 14:20 · Modified 30/05/2024 14:20
  • Emotet
  • Vidar uses
    Family
    Published 16/06/2026 09:50 · Modified 16/06/2026 09:50
  • NukeSped uses
    Family
    Published 10/04/2025 18:50 · Modified 10/04/2025 18:50
  • SparkRAT uses
    Family
    Published 20/02/2026 00:28 · Modified 20/02/2026 00:28
  • COPPERHEDGE uses
    Family
    Published 24/04/2025 08:13 · Modified 24/04/2025 08:13
  • Trojan:Win32/Nukesped
  • Snip3
  • Golang
  • MASEPIE
  • BokBot
  • AveMaria uses
    Family
    Published 26/11/2025 14:09 · Modified 26/11/2025 14:09
  • IronWind uses
    Family
    Published 12/11/2024 20:31 · Modified 12/11/2024 20:31
  • MataDoor
  • Coinbase API
  • Impala
  • AsyncRAT uses
    Family
    Published 11/06/2026 16:31 · Modified 11/06/2026 16:31
  • BACKSPACE
  • Chalubo uses
    Family
    Published 04/06/2024 15:58 · Modified 04/06/2024 15:58
  • Bumblebee
  • Linux MATA
  • QRLog uses
    Family
    Published 21/01/2025 22:17 · Modified 21/01/2025 22:17
  • zgRAT uses
    Family
    Published 21/08/2025 00:37 · Modified 21/08/2025 00:37
  • PureLogs uses
    Family
    Published 26/05/2026 15:20 · Modified 26/05/2026 15:20
  • JokerSpy
  • Houdini RAT
  • ARCrypter
  • TONEINS
  • SYK
  • Neshta uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 19:36 · Modified 20/12/2025 22:24
  • Geacon
  • BotenaGo
  • SprySOCKS
  • Gopuram
  • FormBook uses
    Family
    Published 22/04/2026 12:43 · Modified 22/04/2026 12:43
  • RedLeaves uses
    Family
    Published 08/01/2026 16:30 · Modified 08/01/2026 16:30
  • Detects
  • EVILNUM
  • Linux uses
    Family
    Published 15/10/2024 17:58 · Modified 15/10/2024 17:58
  • WINELOADER uses
    Family
    Published 15/04/2025 18:49 · Modified 15/04/2025 18:49
  • Saitama
  • Royal
  • Fastviewer
  • Going Eagle
  • StandardKeyboard
  • APT29
  • cipher_log uses
    Family
    Published 25/02/2025 10:03 · Modified 25/02/2025 10:03

Reports (6)

Vulnerabilities (CVE) (34)

CVE-2024-36401 KEV
9.8 Critical

OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath …

Attack vector
Network
Published
15/07/2024
Modified
21/12/2025
CVE-2021-4034 KEV

The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights.

Published
27/06/2022
Modified
20/12/2025
CVE-2021-21551 KEV

Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service (DoS), or information disclosure.

Published
31/03/2022
Modified
29/05/2026
CVE-2024-21887 KEV
9.1 Critical

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web …

Attack vector
Network
Published
10/01/2024
Modified
27/05/2026
CVE-2024-1182
7.0 High

Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi …

Attack vector
LOCAL
Complexity
High
Published
04/07/2024
Modified
08/04/2026
CVE-2018-0798 KEV

Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code …

Published
03/11/2021
Modified
27/05/2026
CVE-2015-2291 KEV
7.8 High

Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys contain an unspecified vulnerability that allows for a denial-of-service (DoS).

Attack vector
LOCAL
Complexity
LOW
Published
09/08/2017
Modified
22/04/2026
CVE-2025-31324 KEV
10.0 Critical

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries …

Attack vector
Network
Published
29/04/2025
Modified
21/12/2025
Received
CVE-2025-49704 KEV
8.8 High

Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could …

Attack vector
Network
Published
22/07/2025
Modified
21/12/2025
CVE-2023-38831 KEV
7.8 High

RARLAB WinRAR contains an unspecified vulnerability that allows an attacker to execute code when a user attempts to view a benign file …

Attack vector
Local
Published
24/08/2023
Modified
27/05/2026
CVE-2025-32433 KEV
10.0 Critical

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may …

Attack vector
Network
Published
09/06/2025
Modified
27/05/2026
Received
CVE-2021-34523 KEV

Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.

Published
03/11/2021
Modified
20/12/2025
CVE-2022-40684 KEV
9.8 Critical

Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative …

Attack vector
Network
Published
11/10/2022
Modified
14/01/2026
CVE-2024-7344
8.2 High

Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.

Attack vector
LOCAL
Published
14/01/2025
Modified
21/12/2025
Analyzed
CVE-2022-30190 KEV

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An …

Published
14/06/2022
Modified
27/05/2026
CVE-2023-36025 KEV
8.8 High

Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to bypass Windows Defender SmartScreen checks and their …

Attack vector
Network
Published
14/11/2023
Modified
21/12/2025
CVE-2024-8299
7.8 High

Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi …

Attack vector
LOCAL
Complexity
Low
Published
29/11/2024
Modified
08/04/2026
CVE-2025-49706 KEV
6.5 Medium

Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow …

Attack vector
Network
Published
22/07/2025
Modified
21/12/2025
CVE-2023-20118 KEV
6.5 Medium

Multiple Cisco Small Business RV Series Routers contains a command injection vulnerability in the web-based management interface. Successful exploitation could allow an …

Attack vector
Network
Published
03/03/2025
Modified
21/12/2025
CVE-2024-7587
7.8 High

Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric …

Attack vector
Local
Published
23/10/2024
Modified
09/01/2026
Analyzed
CVE-2017-11882 KEV
7.8 High

Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.

Attack vector
Local
Complexity
Low
Published
15/11/2017
Modified
29/05/2026
CVE-2019-18935 KEV

Progress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the …

Published
03/11/2021
Modified
20/12/2025
CVE-2021-22205 KEV

GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse …

Published
03/11/2021
Modified
20/12/2025
CVE-2021-34473 KEV

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution.

Published
03/11/2021
Modified
29/05/2026
CVE-2021-31207 KEV

Microsoft Exchange Server contains an unspecified vulnerability that allows for security feature bypass.

Published
03/11/2021
Modified
20/12/2025

Course Of Action (1)

  • Network Intrusion Prevention mitigates