Home/Threat filter

Threat filter

Build a query across the whole graph by combining signals on the left. Each one narrows the list, and the count on the right updates as you tick. Hover any option to learn what it means and why it matters - the goal is that you leave understanding the difference between severity, likelihood, and real-world exploitation.

Build a filter

Threat signals
Score thresholds
Severity
All CRITICAL HIGH MEDIUM LOW
Entity filters
Actor origin
All CN RU IR KP IN PK
Sort
Your query
· CVEs in scope
Why it matters · hover any option on the left
1476 CVEs matched  ·  page 1 of 60
↓ Export JSON (up to 1000)
CVE-2021-22205 KEV CRITICAL act-now
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validati
CVSS 10.0
EPSS 0.945
CVE-2019-11510 KEV CRITICAL act-now
In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthent
CVSS 10.0
EPSS 0.945
CVE-2022-22947 KEV CRITICAL act-now
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack whe
CVSS 10.0
EPSS 0.945
CVE-2023-46604 KEV CRITICAL act-now
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote att
CVSS 10.0
EPSS 0.944
CVE-2023-40044 KEV CRITICAL act-now
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization v
CVSS 10.0
EPSS 0.944
CVE-2019-7609 KEV CRITICAL act-now
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker
CVSS 10.0
EPSS 0.944
CVE-2020-0796 KEV CRITICAL act-now
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol h
CVSS 10.0
EPSS 0.944
CVE-2020-25213 KEV CRITICAL act-now
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitra
CVSS 10.0
EPSS 0.944
CVE-2022-0543 KEV CRITICAL act-now
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific
CVSS 10.0
EPSS 0.944
CVE-2020-6287 KEV CRITICAL act-now
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication c
CVSS 10.0
EPSS 0.944
CVE-2024-50603 KEV CRITICAL act-now
An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutraliza
CVSS 10.0
EPSS 0.944
CVE-2021-44228 KEV CRITICAL act-now
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in con
CVSS 10.0
EPSS 0.944
CVE-2021-41277 KEV CRITICAL act-now
Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the c
CVSS 10.0
EPSS 0.944
CVE-2024-1709 KEV CRITICAL act-now
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel
CVSS 10.0
EPSS 0.944
CVE-2023-49103 KEV CRITICAL act-now
An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies
CVSS 10.0
EPSS 0.943
CVE-2024-51567 KEV CRITICAL act-now
upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypas
CVSS 10.0
EPSS 0.943
CVE-2024-1212 KEV CRITICAL act-now
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary s
CVSS 10.0
EPSS 0.943
CVE-2024-3400 KEV CRITICAL act-now
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Netwo
CVSS 10.0
EPSS 0.943
CVE-2024-45519 KEV CRITICAL act-now
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9,
CVSS 10.0
EPSS 0.942
CVE-2022-24816 KEV CRITICAL act-now
JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging (JAI) API. Programs allowing Jiffle scr
CVSS 10.0
EPSS 0.940
CVE-2023-20198 KEV CRITICAL act-now
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS
CVSS 10.0
EPSS 0.940
CVE-2024-51378 KEV CRITICAL act-now
getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers t
CVSS 10.0
EPSS 0.939
CVE-2022-22536 KEV CRITICAL act-now
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and
CVSS 10.0
EPSS 0.938
CVE-2020-1350 KEV CRITICAL act-now
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle req
CVSS 10.0
EPSS 0.938
CVE-2022-27593 KEV CRITICAL act-now
An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Statio
CVSS 10.0
EPSS 0.938
1 / 60 Next
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh