Home/Threat filter

Threat filter

Build a query across the whole graph by combining signals on the left. Each one narrows the list, and the count on the right updates as you tick. Hover any option to learn what it means and why it matters - the goal is that you leave understanding the difference between severity, likelihood, and real-world exploitation.

Build a filter

Threat signals
Score thresholds
Severity
All CRITICAL HIGH MEDIUM LOW
Entity filters
Actor origin
All CN RU IR KP IN PK
Sort
Your query
· CVEs in scope
Why it matters · hover any option on the left
440 CVEs matched  ·  page 1 of 18
↓ Export JSON (up to 1000)
CVE-2021-22205 KEV CRITICAL act-now
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validati
CVSS 10.0
EPSS 0.945
CVE-2019-11510 KEV CRITICAL act-now
In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthent
CVSS 10.0
EPSS 0.945
CVE-2022-22947 KEV CRITICAL act-now
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack whe
CVSS 10.0
EPSS 0.945
CVE-2020-0796 KEV CRITICAL act-now
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol h
CVSS 10.0
EPSS 0.944
CVE-2020-25213 KEV CRITICAL act-now
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitra
CVSS 10.0
EPSS 0.944
CVE-2021-44228 KEV CRITICAL act-now
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in con
CVSS 10.0
EPSS 0.944
CVE-2024-3400 KEV CRITICAL act-now
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Netwo
CVSS 10.0
EPSS 0.943
CVE-2024-51378 KEV CRITICAL act-now
getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers t
CVSS 10.0
EPSS 0.939
CVE-2022-22536 KEV CRITICAL act-now
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and
CVSS 10.0
EPSS 0.938
CVE-2023-7028 KEV CRITICAL act-now
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.
CVSS 10.0
EPSS 0.934
CVE-2018-7600 KEV CRITICAL act-now
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
CVSS 9.8
EPSS 0.945
CVE-2021-22986 KEV CRITICAL act-now
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.
CVSS 9.8
EPSS 0.945
CVE-2017-1000353 KEV CRITICAL act-now
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code exe
CVSS 9.8
EPSS 0.945
CVE-2019-3396 KEV CRITICAL act-now
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from vers
CVSS 9.8
EPSS 0.945
CVE-2022-46169 KEV CRITICAL act-now
Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management fram
CVSS 9.8
EPSS 0.945
CVE-2020-1938 KEV CRITICAL act-now
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomc
CVSS 9.8
EPSS 0.945
CVE-2019-2725 KEV CRITICAL act-now
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supporte
CVSS 9.8
EPSS 0.945
CVE-2024-23897 KEV CRITICAL act-now
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an
CVSS 9.8
EPSS 0.945
CVE-2022-22963 KEV CRITICAL act-now
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is po
CVSS 9.8
EPSS 0.945
CVE-2021-44529 KEV CRITICAL act-now
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execut
CVSS 9.8
EPSS 0.945
CVE-2019-15107 KEV CRITICAL act-now
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnera
CVSS 9.8
EPSS 0.945
CVE-2022-44877 KEV CRITICAL act-now
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execut
CVSS 9.8
EPSS 0.945
CVE-2022-1388 KEV CRITICAL act-now
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13
CVSS 9.8
EPSS 0.945
CVE-2020-14882 KEV CRITICAL act-now
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions
CVSS 9.8
EPSS 0.945
CVE-2019-0708 KEV CRITICAL act-now
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unau
CVSS 9.8
EPSS 0.945
1 / 18 Next
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh