216.73.217.22

T1123: T1123

View on MITRE ATT&CK The MITRE Corporation · Published 16/12/2025 19:37 · Modified 27/03/2026 01:08

Essential information

MITRE technique ID
T1123
Confidence
100/100
Revoked
No
Published
16/12/2025 19:37
Modified
27/03/2026 01:08
Author / Source
The MITRE Corporation

Aliases

Audio Capture

Platforms

windows macos linux

Description

An adversary can leverage a computer's peripheral devices (e.g., microphones and webcams) or applications (e.g., voice and video call services) to capture audio recordings for the purpose of listening into sensitive conversations to gather information.(Citation: ESET Attor Oct 2019) Malware or scripts may be used to interact with the devices through an available API provided by the operating system or an application to capture audio. Audio files may be written to disk and exfiltrated later.

Kill chain phases

Kill chainPhase
mitre-attack collection

Marking (TLP)

TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.

Intrusion sets (APT) (27)

  • China-nexus APT uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 15:48 · Modified 21/12/2025 15:49
  • Hive0131 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 14:06 · Modified 21/12/2025 14:06
  • Earth Minotaur uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 08:39 · Modified 21/12/2025 08:39
  • RastaFarEye uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 05:13 · Modified 21/12/2025 05:13
  • Candiru uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 21:25 · Modified 20/12/2025 21:25
  • Storm-1865 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 12:55 · Modified 21/12/2025 12:55
  • APT37 uses InkySquidGroup123
    The MITRE Corporation Confidence 100

    [APT37](https://attack.mitre.org/groups/G0067) is a North Korean state-sponsored cyber espionage group that has been active since at least 2012. The group has targeted victims primarily in South Korea, but also …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:14
  • Bigpanzi uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 02:47 · Modified 21/12/2025 02:47
  • UNC5812 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 08:06 · Modified 21/12/2025 08:06
  • DEV-0196, QuaDream uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 23:59 · Modified 20/12/2025 23:59
  • BrazenBamboo uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 08:26 · Modified 21/12/2025 08:26
  • MUSTANG PANDA uses BRONZE PRESIDENTSTATELY TAURUS
    The MITRE Corporation Confidence 100

    [Mustang Panda](https://attack.mitre.org/groups/G0129) is a China-based cyber espionage threat actor that has been conducting operations since at least 2012. [Mustang Panda](https://attack.mitre.org/groups/G0129) has been known to use tailored phishing lures …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 22/05/2026 04:12
  • Lazarus uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 21:17 · Modified 29/05/2026 12:20
  • Void Manticore uses COBALT MYSTIQUEHandala Hack
    AlienVault Confidence 100

    [VOID MANTICORE](https://attack.mitre.org/groups/G1055) is a threat group assessed to operate on behalf of Iran’s Ministry of Intelligence and Security (MOIS).(Citation: Check Point VOID MANTICORE Handala Hack March 2026) Active …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 04:51 · Modified 04/05/2026 16:33
  • Activity uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 00:44 · Modified 21/12/2025 00:44
  • UTA0388 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 18:19 · Modified 21/12/2025 18:19
  • Player_Bunny uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 03:24 · Modified 21/12/2025 03:24
  • Vultur uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 03:33 · Modified 21/12/2025 03:33
  • PureCoder uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 16:12 · Modified 21/12/2025 16:12
  • Dark Pink uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 23:05 · Modified 20/12/2025 23:05
  • Sticky Werewolf uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 01:35 · Modified 21/12/2025 01:35
  • Blackwood uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 02:55 · Modified 21/12/2025 02:55
  • Daggerfly, Evasive Panda, Bronze Highland uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 00:12 · Modified 21/12/2025 00:12
  • APT42 uses
    The MITRE Corporation Confidence 100

    [APT42](https://attack.mitre.org/groups/G1044) is an Iranian-sponsored threat group that conducts cyber espionage and surveillance.(Citation: Mandiant APT42-charms) The group primarily focuses on targets in the Middle East region, but has targeted …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
  • SecretCrow uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 04:33 · Modified 21/12/2025 04:33
  • Transparent Tribe uses COPPER FIELDSTONEMythic Leopard
    The MITRE Corporation Confidence 100

    [Transparent Tribe](https://attack.mitre.org/groups/G0134) is a suspected Pakistan-based threat group that has been active since at least 2013, primarily targeting diplomatic, defense, and research organizations in India and Afghanistan.(Citation: Proofpoint …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
  • FreeMasonry Group uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 12:50 · Modified 21/12/2025 12:50

Malware (125)

  • LightSpy uses
    Family
    Published 21/02/2025 15:28 · Modified 21/02/2025 15:28
  • DarkGate uses
    Family
    Published 21/08/2025 21:03 · Modified 21/08/2025 21:03
  • TajMahal
  • Cobalt Strike uses
    Family
    Published 16/12/2024 14:25 · Modified 16/12/2024 14:25
  • SUNSPINNER uses
    Family
    Published 31/10/2024 15:14 · Modified 31/10/2024 15:14
  • LodaRAT
  • Revenge RAT
  • Ghost RAT uses
    Family
    Published 09/10/2025 16:38 · Modified 09/10/2025 16:38
  • DarkNimbus uses
    Family
    Published 05/02/2026 20:16 · Modified 05/02/2026 20:16
  • Cadelspy
  • DeepData uses
    Family
    Published 18/11/2024 23:40 · Modified 18/11/2024 23:40
  • Flame
  • Attor
  • Pikabot uses
    Family
    Published 21/10/2024 10:59 · Modified 21/10/2024 10:59
  • Lumma Stealer uses
    Family
    Published 08/06/2026 19:36 · Modified 08/06/2026 19:36
  • Vultur
  • DevilsTongue
  • Derusbi
  • DboxShell
  • MacSpy
  • PureRAT uses
    Family
    Published 28/01/2026 17:20 · Modified 28/01/2026 17:20
  • Rustonotto uses
    Family
    Published 08/09/2025 14:41 · Modified 08/09/2025 14:41
  • Lamberts
  • FadeStealer uses
    Family
    Published 08/09/2025 14:41 · Modified 08/09/2025 14:41
  • DarkVision RAT uses
    Family
    Published 10/10/2024 16:05 · Modified 10/10/2024 16:05
  • POISONPLUG.SHADOW uses
    Family
    Published 30/04/2026 19:11 · Modified 30/04/2026 19:11
  • NanoCore
  • Red Stinger
  • InvisiMole
  • C++ uses
    Family
    Published 21/01/2025 09:23 · Modified 21/01/2025 09:23
  • Geacon
  • Cucky
  • Dark Pink
  • CapraRAT uses
    Family
    Published 03/06/2025 18:25 · Modified 03/06/2025 18:25
  • BeaverTail uses
    Family
    Published 21/04/2026 12:09 · Modified 21/04/2026 12:09
  • GOVERSHELL uses
    Family
    Published 28/04/2026 07:09 · Modified 28/04/2026 07:09
  • Init uses
    Family
    Published 21/01/2025 09:23 · Modified 21/01/2025 09:23
  • Bandook uses
    Family
    Published 05/03/2025 18:21 · Modified 05/03/2025 18:21
  • Blue Loader uses
    Family
    Published 16/09/2025 21:37 · Modified 16/09/2025 21:37
  • PureLogs uses
    Family
    Published 26/05/2026 15:20 · Modified 26/05/2026 15:20
  • GHOSTKNIFE uses
    Family
    Published 14/04/2026 08:53 · Modified 14/04/2026 08:53
  • DarkKomet uses
    Family
    Published 16/06/2026 09:50 · Modified 16/06/2026 09:50
  • BunnyLoader
  • Machete
  • S500
  • CastleRAT uses
    Family
    Published 23/04/2026 14:16 · Modified 23/04/2026 14:16
  • YCollection uses
    Family
    Published 26/08/2024 12:43 · Modified 26/08/2024 12:43
  • GCollection uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 06:40 · Modified 21/12/2025 06:40
  • DcRAT uses
    Family
    Published 01/03/2026 05:26 · Modified 01/03/2026 05:26
  • MacMa
  • NETWIRE
  • JSX
  • Hermit
  • GHOSTBLADE uses
    Family
    Published 14/04/2026 08:53 · Modified 14/04/2026 08:53
  • Neshta uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 19:36 · Modified 20/12/2025 22:24
  • CraxsRAT uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 08:06 · Modified 21/12/2025 16:15
  • AsyncRAT uses
    Family
    Published 11/06/2026 16:31 · Modified 11/06/2026 16:31
  • Remcos uses
    Family
    Published 05/05/2026 18:45 · Modified 05/05/2026 18:45
  • AsyncRAT - S1087
  • PowerMagic
  • Fakecalls
  • Brunhilda
  • SecretCalls uses
    Family
    Published 03/05/2024 11:18 · Modified 03/05/2024 11:18
  • ROKRAT - S0240 uses
    Family
    Published 15/06/2026 14:58 · Modified 15/06/2026 14:58
  • PureHVNC uses
    Family
    Published 31/10/2025 09:32 · Modified 31/10/2025 09:32
  • Hodur
  • SpyNote uses
    Family
    Published 27/08/2025 16:22 · Modified 27/08/2025 16:22
  • PureMiner uses
    Family
    Published 10/10/2025 08:25 · Modified 10/10/2025 08:25
  • Crimson
  • Agent Tesla uses
    Family
    Published 28/05/2024 13:32 · Modified 28/05/2024 13:32
  • SilentTrinity uses
    Family
    Published 29/05/2025 00:54 · Modified 29/05/2025 00:54
  • Dracarys uses
    Family
    Published 09/04/2026 17:38 · Modified 09/04/2026 17:38
  • PureCrypter uses
    Family
    Published 10/10/2025 08:25 · Modified 10/10/2025 08:25
  • LazaSpy
  • NetSupport RAT uses
    Family
    Published 22/05/2026 13:08 · Modified 22/05/2026 13:08
  • Neptune RAT uses
    Family
    Published 09/04/2025 07:52 · Modified 09/04/2025 07:52
  • MMRat uses
    Family
    Published 20/05/2026 12:33 · Modified 20/05/2026 12:33
  • njRAT - S0385 uses
    Family
    Published 16/09/2025 13:41 · Modified 16/09/2025 13:41
  • Amatera Stealer uses
    Family
    Published 09/03/2026 09:42 · Modified 09/03/2026 09:42
  • NightClub uses
    Family The MITRE Corporation Confidence 100

    [NightClub](https://attack.mitre.org/software/S1090) is a modular implant written in C++ that has been used by [MoustachedBouncer](https://attack.mitre.org/groups/G1019) since at least 2014.(Citation: MoustachedBouncer ESET August 2023)

    First seen 01/01/1970 · Last seen 16/11/5138 Published 27/09/2023 21:32 · Modified 27/03/2026 01:05
  • GuLoader uses
    Family
    Published 19/09/2024 19:34 · Modified 19/09/2024 19:34
  • DWP uses
    Family
    Published 26/08/2024 12:43 · Modified 26/08/2024 12:43
  • Chinotto uses
    Family
    Published 13/05/2026 16:41 · Modified 13/05/2026 16:41
  • PURESTEALER uses
    Family
    Published 31/10/2024 15:14 · Modified 31/10/2024 15:14
  • EvilMinIO
  • MATA
  • Arid Viper
  • MataDoor
  • LCollection uses
    Family
    Published 26/08/2024 12:43 · Modified 26/08/2024 12:43
  • DanaBot uses
    Family
    Published 03/11/2025 14:28 · Modified 03/11/2025 14:28
  • Cobian RAT
  • Micropsia
  • Five Eyes
  • KingsPawn
  • RokRAT uses
    Family
    Published 05/02/2025 16:10 · Modified 05/02/2025 16:10
  • MOONSHINE uses
    Family
    Published 05/12/2024 07:31 · Modified 05/12/2024 07:31
  • Janicab
  • MgBot uses
    Family
    Published 17/04/2026 18:56 · Modified 17/04/2026 18:56
  • UTA0388 uses
    Family
    Published 08/10/2025 16:08 · Modified 08/10/2025 16:08
  • jFrutas uses
    Family
    Published 15/04/2026 15:04 · Modified 15/04/2026 15:04
  • BlueNoroff uses
    Family
    Published 21/01/2025 09:23 · Modified 21/01/2025 09:23
  • BigPanzi uses
    Family
    Published 28/02/2025 10:35 · Modified 28/02/2025 10:35
  • DOGCALL
  • PhantomNet uses
    Family
    Published 23/07/2025 15:42 · Modified 23/07/2025 15:42
  • Linux MATA
  • V3G4
  • XWorm uses
    Family
    Published 27/03/2026 08:45 · Modified 27/03/2026 08:45
  • CrySome RAT uses
    Family
    Published 31/03/2026 16:14 · Modified 31/03/2026 16:14
  • GHOSTSABER uses
    Family
    Published 14/04/2026 08:53 · Modified 14/04/2026 08:53
  • VenomRAT uses
    Family
    Published 03/06/2026 13:18 · Modified 03/06/2026 13:18
  • DeepPost uses
    Family
    Published 18/11/2024 23:40 · Modified 18/11/2024 23:40
  • CHAINSHOT
  • PureHVNC RAT uses
    Family
    Published 16/09/2025 21:37 · Modified 16/09/2025 21:37
  • Redline uses
    Family
    Published 08/05/2026 11:31 · Modified 08/05/2026 11:31
  • Korplug uses
    The MITRE Corporation Confidence 100

    [PlugX](https://attack.mitre.org/software/S0013) is a remote access tool (RAT) with modular plugins that has been used by multiple threat groups.(Citation: Lastline PlugX Analysis)(Citation: FireEye Clandestine Fox Part 2)(Citation: New DragonOK)(Citation: …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 31/05/2017 23:32 · Modified 08/06/2026 10:23
  • CapraTube
  • Pronsis Loader uses
    Family
    Published 04/12/2024 23:12 · Modified 04/12/2024 23:12
  • StormKitty uses
    Family
    Published 29/05/2025 00:54 · Modified 29/05/2025 00:54
  • ShadowPad - S0596 uses
    Family
    Published 30/04/2026 19:11 · Modified 30/04/2026 19:11
  • Mirai uses
    Family
    Published 21/05/2026 23:03 · Modified 21/05/2026 23:03
  • VERMIN
  • T9000
  • HZ uses
    Family
    Published 21/01/2025 09:23 · Modified 21/01/2025 09:23
  • EvilGrab
  • KarstoRAT uses
    Family
    Published 30/04/2026 14:20 · Modified 30/04/2026 14:20

Reports (21)

Vulnerabilities (CVE) (42)

CVE-2025-43529
8.8 High

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS …

Published
17/12/2025
Modified
18/12/2025
Analyzed
CVE-2025-14174
8.8 High

Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out …

Published
12/12/2025
Modified
15/12/2025
Analyzed
CVE-2025-49706 KEV
6.5 Medium

Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow …

Attack vector
Network
Published
22/07/2025
Modified
21/12/2025
CVE-2021-1844
8.8 High

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. …

Attack vector
NETWORK
Published
02/04/2021
Modified
21/12/2025
CVE-2022-26134 KEV

Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code …

Published
02/06/2022
Modified
27/05/2026
CVE-2020-15415 KEV

DrayTek Vigor3900, Vigor2960, and Vigor300B devices contain an OS command injection vulnerability in cgi-bin/mainfunction.cgi/cvmcfgupload that allows for remote code execution via shell …

Published
30/09/2024
Modified
20/12/2025
CVE-2024-8299
7.8 High

Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi …

Attack vector
LOCAL
Complexity
Low
Published
29/11/2024
Modified
08/04/2026
CVE-2025-43520
7.1 High

A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, …

Published
12/12/2025
Modified
16/12/2025
Analyzed
CVE-2017-5030 KEV
8.8 High

Google Chromium V8 Engine contains a memory corruption vulnerability that allows a remote attacker to execute code via a crafted HTML page. …

Attack vector
NETWORK
Complexity
LOW
Published
25/04/2017
Modified
22/04/2026
CVE-2016-5198 KEV
8.8 High

Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to perform read/write operations, leading to code …

Attack vector
NETWORK
Complexity
LOW
Published
19/01/2017
Modified
22/04/2026
CVE-2025-49704 KEV
8.8 High

Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could …

Attack vector
Network
Published
22/07/2025
Modified
21/12/2025
CVE-2024-3400 KEV
10.0 Critical

Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges …

Attack vector
Network
Published
12/04/2024
Modified
21/12/2025
CVE-2016-1646 KEV
8.8 High

Google Chromium V8 Engine contains an out-of-bounds read vulnerability that allows a remote attacker to cause a denial of service or possibly …

Attack vector
NETWORK
Complexity
LOW
Published
29/03/2016
Modified
22/04/2026
CVE-2020-6418 KEV

Google Chromium V8 Engine contains a type confusion vulnerability allows a remote attacker to potentially exploit heap corruption via a crafted HTML …

Published
03/11/2021
Modified
21/12/2025
CVE-2021-30551 KEV

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted …

Published
03/11/2021
Modified
21/12/2025
CVE-2017-11882 KEV
7.8 High

Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.

Attack vector
Local
Complexity
Low
Published
15/11/2017
Modified
29/05/2026
CVE-2023-3420
8.8 High

Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted …

Attack vector
NETWORK
Published
26/06/2023
Modified
21/12/2025
CVE-2018-17480 KEV

Google Chromium V8 Engine contains out-of-bounds write vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted …

Published
08/06/2022
Modified
21/12/2025
CVE-2022-2294 KEV

WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to perform …

Published
25/08/2022
Modified
20/12/2025
CVE-2025-43510
7.8 High

A memory corruption issue was addressed with improved lock state checking. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS …

Published
12/12/2025
Modified
18/12/2025
Analyzed
CVE-2018-17463 KEV

Google Chromium V8 Engine contains an unspecified vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted …

Published
08/06/2022
Modified
21/12/2025
CVE-2024-7587
7.8 High

Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric …

Attack vector
Local
Published
23/10/2024
Modified
09/01/2026
Analyzed
CVE-2017-5070 KEV
8.8 High

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a …

Attack vector
NETWORK
Complexity
LOW
Published
27/10/2017
Modified
22/04/2026
CVE-2022-21894
4.4 Medium

Secure Boot Security Feature Bypass Vulnerability

Attack vector
LOCAL
Published
11/01/2022
Modified
20/12/2025
CVE-2020-8515 KEV

DrayTek Vigor3900, Vigor2960, and Vigor300B routers contain an unspecified vulnerability that allows for remote code execution.

Published
03/11/2021
Modified
20/12/2025
CVE-2025-32433 KEV
10.0 Critical

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may …

Attack vector
Network
Published
09/06/2025
Modified
27/05/2026
Received
CVE-2025-31277
8.8 High

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, watchOS 11.6, visionOS 2.6, iOS 18.6 and …

Published
30/07/2025
Modified
31/07/2025
Analyzed
CVE-2024-1182
7.0 High

Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi …

Attack vector
LOCAL
Complexity
High
Published
04/07/2024
Modified
08/04/2026
CVE-2024-36401 KEV
9.8 Critical

OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath …

Attack vector
Network
Published
15/07/2024
Modified
21/12/2025
CVE-2025-31324 KEV
10.0 Critical

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries …

Attack vector
Network
Published
29/04/2025
Modified
21/12/2025
Received
CVE-2021-21166 KEV

Google Chromium contains a race condition vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. …

Published
03/11/2021
Modified
21/12/2025
CVE-2021-33742 KEV

Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for remote code execution.

Published
03/11/2021
Modified
21/12/2025
CVE-2018-6065 KEV

Google Chromium V8 Engine contains an integer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted …

Published
08/06/2022
Modified
21/12/2025

Tool (4)

  • Pupy uses
    The MITRE Corporation Confidence 100

    [Pupy](https://attack.mitre.org/software/S0192) is an open source, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool. (Citation: GitHub Pupy) It is written in Python and can be generated as …

    Published 16/12/2025 19:37 · Modified 27/03/2026 01:07
  • Imminent Monitor uses
    The MITRE Corporation Confidence 100

    [Imminent Monitor](https://attack.mitre.org/software/S0434) was a commodity remote access tool (RAT) offered for sale from 2012 until 2019, when an operation was conducted to take down the Imminent Monitor infrastructure. …

    Published 16/12/2025 19:37 · Modified 27/03/2026 01:07
  • PowerSploit uses
    The MITRE Corporation Confidence 100

    [PowerSploit](https://attack.mitre.org/software/S0194) is an open source, offensive security framework comprised of [PowerShell](https://attack.mitre.org/techniques/T1059/001) modules and scripts that perform a wide range of tasks related to penetration testing such as code …

    Published 18/04/2018 19:59 · Modified 27/03/2026 01:07
  • Remcos uses
    The MITRE Corporation Confidence 100

    [Remcos](https://attack.mitre.org/software/S0332) is a closed-source tool that is marketed as a remote control and surveillance software by a company called Breaking Security. [Remcos](https://attack.mitre.org/software/S0332) has been observed being used in …

    Published 16/12/2025 19:37 · Modified 27/03/2026 01:07