Home/Threat filter

Threat filter

Build a query across the whole graph by combining signals on the left. Each one narrows the list, and the count on the right updates as you tick. Hover any option to learn what it means and why it matters - the goal is that you leave understanding the difference between severity, likelihood, and real-world exploitation.

Build a filter

Threat signals
Score thresholds
Severity
All CRITICAL HIGH MEDIUM LOW
Entity filters
Actor origin
All CN RU IR KP IN PK
Sort
Your query
· CVEs in scope
Why it matters · hover any option on the left
327 CVEs matched  ·  page 1 of 14
↓ Export JSON (up to 1000)
CVE-2021-22205 KEV CRITICAL act-now
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validati
CVSS 10.0
EPSS 0.945
CVE-2019-11510 KEV CRITICAL act-now
In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthent
CVSS 10.0
EPSS 0.945
CVE-2023-46604 KEV CRITICAL act-now
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote att
CVSS 10.0
EPSS 0.944
CVE-2023-40044 KEV CRITICAL act-now
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization v
CVSS 10.0
EPSS 0.944
CVE-2020-0796 KEV CRITICAL act-now
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol h
CVSS 10.0
EPSS 0.944
CVE-2021-44228 KEV CRITICAL act-now
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in con
CVSS 10.0
EPSS 0.944
CVE-2024-1709 KEV CRITICAL act-now
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel
CVSS 10.0
EPSS 0.944
CVE-2024-51567 KEV CRITICAL act-now
upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypas
CVSS 10.0
EPSS 0.943
CVE-2024-3400 KEV CRITICAL act-now
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Netwo
CVSS 10.0
EPSS 0.943
CVE-2024-51378 KEV CRITICAL act-now
getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers t
CVSS 10.0
EPSS 0.939
CVE-2022-27593 KEV CRITICAL act-now
An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Statio
CVSS 10.0
EPSS 0.938
CVE-2021-22893 KEV CRITICAL act-now
Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windo
CVSS 10.0
EPSS 0.936
CVE-2018-7600 KEV CRITICAL act-now
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
CVSS 9.8
EPSS 0.945
CVE-2021-22986 KEV CRITICAL act-now
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.
CVSS 9.8
EPSS 0.945
CVE-2019-3396 KEV CRITICAL act-now
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from vers
CVSS 9.8
EPSS 0.945
CVE-2024-6670 KEV CRITICAL act-now
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to r
CVSS 9.8
EPSS 0.945
CVE-2019-2725 KEV CRITICAL act-now
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supporte
CVSS 9.8
EPSS 0.945
CVE-2024-23897 KEV CRITICAL act-now
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an
CVSS 9.8
EPSS 0.945
CVE-2021-44529 KEV CRITICAL act-now
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execut
CVSS 9.8
EPSS 0.945
CVE-2019-15107 KEV CRITICAL act-now
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnera
CVSS 9.8
EPSS 0.945
CVE-2022-1388 KEV CRITICAL act-now
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13
CVSS 9.8
EPSS 0.945
CVE-2019-0708 KEV CRITICAL act-now
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unau
CVSS 9.8
EPSS 0.945
CVE-2021-22005 KEV CRITICAL act-now
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with netw
CVSS 9.8
EPSS 0.944
CVE-2022-22954 KEV CRITICAL act-now
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side templa
CVSS 9.8
EPSS 0.944
CVE-2019-19781 KEV CRITICAL act-now
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. Th
CVSS 9.8
EPSS 0.944
1 / 14 Next
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh