Blog

An Attacker’s Guide to Evading Honeypots - Part 3

0 Mins Read

·

Thursday, September 21, 2023

Ghost Threat Research Team

In the first post of this blog series we looked at the JA3 behavior of specific tools as well as their capabilities to mask JA3 analysis. In the second post we explored how to use JA3 randomization to discover and map honeypots deployed in cloud infrastructure. In this third and final post we will detail how to use these same techniques to determine which CVEs the honeypot network can detect. This will give us a sense of the types of vulnerabilities prioritized by threat intelligence organizations as they expand their detection capabilities. A list of all the CVEs we observed is included at the end of this post.

Similar to part 2 of this blog, the information here is a combination of our research and findings from multiple threat intelligence providers and it has been anonymized for security and courtesy. We present the research and findings as if they are for a single hypothetical company named ACME.

Quite a few of the CVEs they can identify have “low” EPSS scores while there’s only one with a “low” CVSS score. This could indicate they’re not including EPSS scoring in their risk model. The severities for EPSS and CVSS are ranked as follows: Critical: CVSS ≥ 9.0; EPSS ≥ 0.90 High: CVSS 6.0~9.0; EPSS 0.60~0.89 Medium: CVSS 3.0~6.0, EPSS 0.30~0.59 Low: CVSS 0.0~2.9; EPSS 0.0~0.29 Note: Counts may not all add up due to some CVEs not having an EPSS or CVSS score assigned yet. We pulled the tags from the nuclei CVE templates and correlated them with the 300 flagged CVEs o see if ACME is focusing on any particular technology or vulnerability type. Below we see that Remote Code Execution (RCE) and Local File Inclusion (LFI) are the primary areas of focus for ACME. When looking at the distribution of the cve year tag, we see that ACME primarily focuses on those RCE vulnerabilities that are less than six years old, with the oldest being 14 years. Years of focus for ACME When looking at the individual technologies, ACME does seem to prioritize specific ones. Namely a blend of SOHO and enterprise networking equipment, Apache, VMware, Wordpress, Confluence/Jira, and Oracle technologies like Weblogic and Coldfusion. Technologies of observed CVEs by ACME The full list of technologies is included at the end of the blog. As a final observation, 41 CVEs observed by ACME were not among the CVEs used in the nuclei scans. This represents only an 86% accuracy in detecting the correct vulnerability being exploited. Upon investigation we found that some of the reported CVEs are part of a CVE series, meaning the CVE number of the nuclei template is part of the same vulnerability chain ACME reported, but with a different CVE number. However, most of these did not have a matching nuclei template. For example: CVE-2020-29390 (ZeroShell RCE) was observed, but there is no correlating nuclei template. A list of all observed CVEs is included at the end of the blog. Conclusion In this blog series we detailed how to evade honeypots using JA3 hash randomization to enumerate and analyze the honeynets of threat intelligence providers. These providers frequently supply their intelligence to different security tools and services. By accurately mapping and excluding their honeynets, scans can be conducted more discreetly, making detection considerably more challenging. While honeynets are a valuable tool and an important part of threat feed intelligence, it’s good to remember that savvy attackers can evade these kinds of routine detection mechanisms and organizations should seek to include security measures that focus on application/API usage and behavior patterns like the Ghost platform. Additional Resources python script for running nuclei scans {% module_attribute "child_css" is_json="true" %}{% raw %}{}{% endraw %}{% end_module_attribute %}{% module_attribute "code_block" is_json="true" %}{% raw %}"# launch_cve_scan.py# pip install rich, pyyamlimport osimport sysimport timeimport signalimport yamlimport subprocessfrom subprocess import PIPE, DEVNULLfrom datetime import datetimefrom rich.progress import Progressfrom rich.console import Consolefrom datetime import datetimeconsole = Console()# Log infolog_info = \"[#0079FF][-][/]\"log_success = \"[#00DFA2][+][/]\"log_warn = \"[#F6FA70][~][/]\"log_error = \"[#FF0060 blink bold][!]\"# Filepathshome_path = os.path.expanduser(\"~\")config_dir = f\"{home_path}/.config\"root_dir = f\"{config_dir}/cve_mapper\"pcap_dir = f\"{root_dir}/pcaps\"scan_dir = f\"{root_dir}/scans\"def parse_nuclei_template(yamlfile): with open(yamlfile, \"r\") as stream: try: return yaml.safe_load(stream) except yaml.YAMLError as exc: print(exc) return Nonedef get_nuclei_templates(nuclei_dir=f\"{os.path.expanduser('~')}/nuclei-templates\") - list: cves_dir = f\"{nuclei_dir}/http/cves\" results = list() for (dirpath, dirnames, filenames) in os.walk(cves_dir): for _ in filenames: yaml_file = f\"{dirpath}/{_}\" res = parse_nuclei_template(yaml_file) if res: res['template_filepath'] = yaml_file results.append(res) return resultsdef launch_nuclei_scan(cve_template, targ_list_fpath, progress, header_fpath, iserver, cap_iface='eth0', port='443'): cve = cve_template['id'] template_path = cve_template['template_filepath'] output_path = f\"{scan_dir}/{cve}.json\" pcap_path = f'{pcap_dir}/{cve}.pcap' pcap_cmd = f'tcpdump port {port} -i {cap_iface} -w \"{pcap_dir}/{cve}.pcap\"' pcap_p = subprocess.Popen(pcap_cmd, stderr=DEVNULL, stdout=DEVNULL, preexec_fn=os.setsid, shell=True) # ./go/bin/nuclei -duc -silent -t {template_path} -l {targ_list_fpath} -tlsi -jle {output_path} -H {header_fpath} -iserver {iserver} -bs 150 -rl 300 args = ['./go/bin/nuclei', '-duc', '-silent', '-t', template_path, '-l', targ_list_fpath, '-tlsi', '-jle', output_path, '-H', header_fpath, '-iserver', iserver, '-bs', '150', '-rl', '300'] progress.print(f\"{log_info} [{cve}] Launching scan, please wait...\") start_time = datetime.now() nuke_p = subprocess.Popen(args, stdin=PIPE, stdout=PIPE) output = nuke_p.communicate() os.killpg(os.getpgid(pcap_p.pid), signal.SIGTERM) # Safely close the pcap, so it doesn't get corrupted. end_time = datetime.now() - start_time progress.print(f\"{log_success} [{cve}] Scan complete! Took: {end_time}\")def main(): # Create our cache directories if they don't exist yet. if not os.path.exists(config_dir): os.mkdir(config_dir) if not os.path.exists(root_dir): os.mkdir(root_dir) if not os.path.exists(pcap_dir): os.mkdir(pcap_dir) if not os.path.exists(scan_dir): os.mkdir(scan_dir) console.log(f\"{log_info} Loading nuclei templates. Please wait...\") nuke_templates = get_nuclei_templates() console.log(f\"{log_info} Loaded a total of {len(nuke_templates)} CVE templates.\") targets_filepath = sys.argv[1] iserver = sys.argv[2] headers_filepath = \"./headers.txt\" # NOTE. tcpdump may have issues with permissions with -w on digitalocean droplets even if chmod 777 the directory # If it's not writing pcaps, run: sudo apparmor_parser -R /etc/apparmor.d/usr.bin.tcpdump with Progress() as progress: task_id = progress.add_task(\"[cyan]Scanning. Please wait...\", total=len(nuke_templates)) start_time = datetime.now() for nuke_template in nuke_templates: launch_nuclei_scan(cve_template=nuke_template, targ_list_fpath=targets_filepath, progress=progress, header_fpath=headers_filepath, iserver=iserver) progress.advance(task_id) end_time = datetime.now() - start_time console.log(f\"{log_info} Scan took {end_time} for {len(nuke_templates):,} individual scans.\")if __name__ == \"__main__\": main()"{% endraw %}{% end_module_attribute %}{% module_attribute "css" is_json="true" %}{% raw %}{}{% endraw %}{% end_module_attribute %}{% module_attribute "definition_id" is_json="true" %}{% raw %}null{% endraw %}{% end_module_attribute %}{% module_attribute "field_types" is_json="true" %}{% raw %}{"code_block":"richtext"}{% endraw %}{% end_module_attribute %}{% module_attribute "label" is_json="true" %}{% raw %}null{% endraw %}{% end_module_attribute %}{% module_attribute "module_id" is_json="true" %}{% raw %}134946837817{% endraw %}{% end_module_attribute %}{% module_attribute "path" is_json="true" %}{% raw %}"/ghost-hs/modules/ghost-code-block"{% endraw %}{% end_module_attribute %}{% module_attribute "schema_version" is_json="true" %}{% raw %}2{% endraw %}{% end_module_attribute %}{% module_attribute "smart_objects" is_json="true" %}{% raw %}[]{% endraw %}{% end_module_attribute %}{% module_attribute "smart_type" is_json="true" %}{% raw %}"NOT_SMART"{% endraw %}{% end_module_attribute %}{% module_attribute "tag" is_json="true" %}{% raw %}"module"{% endraw %}{% end_module_attribute %}{% module_attribute "type" is_json="true" %}{% raw %}"module"{% endraw %}{% end_module_attribute %}{% module_attribute "wrap_field_tag" is_json="true" %}{% raw %}"div"{% endraw %}{% end_module_attribute %}{% end_module_block %} Full list of technologies: {% module_attribute "child_css" is_json="true" %}{% raw %}{}{% endraw %}{% end_module_attribute %}{% module_attribute "code_block" is_json="true" %}{% raw %}"{ \"total\": 394, \"router\": 26, \"apache\": 24, \"vmware\": 11, \"oracle\": 10, \"atlassian\": 9, \"wavlink\": 7, \"dlink\": 7, \"cisco\": 7, \"adobe\": 6, \"netgear\": 5, \"manageengine\": 5, \"confluence\": 5, \"wordpress\": 5, \"jira\": 5, \"msf\": 5, \"weblogic\": 5, \"mirai\": 5, \"sophos\": 4, \"coldfusion\": 4, \"struts\": 4, \"airflow\": 3, \"firewall\": 3, \"terramaster\": 3, \"sap\": 3, \"zoho\": 3, \"wp\": 3, \"spring\": 3, \"glpi\": 3, \"zimbra\": 3, \"drupal\": 3, \"vcenter\": 3, \"gitlab\": 3, \"hongdian\": 3, \"cockpit\": 3, \"zabbix\": 2, \"solarview\": 2, \"totolink\": 2, \"wp-plugin\": 2, \"ognl\": 2, \"voipmonitor\": 2, \"wso2\": 2, \"apisix\": 2, \"laravel\": 2, \"fortinet\": 2, \"fortigate\": 2, \"fortios\": 2, \"pentaho\": 2, \"zyxel\": 2, \"utm\": 2, \"memory\": 2, \"securepoint\": 2, \"vbulletin\": 2, \"vrealize\": 2, \"zeroshell\": 2, \"dotnetnuke\": 2, \"tomcat\": 2, \"bypass\": 2, \"microfocus\": 2, \"graphql\": 2, \"exchange\": 2, \"microsoft\": 2, \"log4j\": 2, \"bigip\": 2, \"saltstack\": 2, \"openam\": 2, \"druid\": 2, \"grafana\": 2, \"shellshock\": 1, \"syncserver\": 1, \"geoserver\": 1, \"dotcms\": 1, \"spacelogic\": 1, \"pfsense\": 1, \"pfblockerng\": 1, \"ibm\": 1, \"aspera\": 1, \"faspex\": 1, \"smuggling\": 1, \"netweaver\": 1, \"web-dispatcher\": 1, \"memory-pipes\": 1, \"roxy\": 1, \"kubeview\": 1, \"kubernetes\": 1, \"razer\": 1, \"centos\": 1, \"zzzphp\": 1, \"zzzcms\": 1, \"actuator\": 1, \"wapples\": 1, \"atom\": 1, \"consul\": 1, \"hashicorp\": 1, \"qnap\": 1, \"unisharp\": 1, \"wpquery\": 1, \"workspaceone\": 1, \"fortiproxy\": 1, \"joomla\": 1, \"altenergy\": 1, \"moveit\": 1, \"odoo\": 1, \"insight\": 1, \"minio\": 1, \"console\": 1, \"kerbynet\": 1, \"phpmyadmin\": 1, \"dnn\": 1, \"phpunit\": 1, \"couchdb\": 1, \"primetek\": 1, \"telerik\": 1, \"panos\": 1, \"globalprotect\": 1, \"axis\": 1, \"axis2\": 1, \"kentico\": 1, \"iis\": 1, \"pulsesecure\": 1, \"influxdb\": 1, \"lansweeper\": 1, \"aem\": 1, \"piluscart\": 1, \"kibana\": 1, \"sonicwall\": 1, \"obr\": 1, \"zerof\": 1, \"movable\": 1, \"metabase\": 1, \"aviatrix\": 1, \"yealink\": 1, \"websvn\": 1, \"elasticsearch\": 1, \"ruby\": 1, \"sitecore\": 1, \"tenda\": 1, \"saltapi\": 1, \"omi\": 1, \"motorola\": 1, \"cobbler\": 1, \"hpe\": 1, \"mod-proxy\": 1, \"solr\": 1, \"sureline\": 1, \"struts2\": 1, \"r-seenet\": 1, \"rocketchat\": 1, \"lucee\": 1, \"ivanti\": 1, \"epm\": 1, \"csa\": 1, \"trendnet\": 1, \"fortilogger\": 1, \"tapestry\": 1, \"jellyfin\": 1, \"workspace\": 1, \"hikvision\": 1, \"opensis\": 1, \"vsphere\": 1, \"oam\": 1, \"ntopng\": 1, \"sonarqube\": 1, \"cocoon\": 1, \"xenmobile\": 1, \"django\": 1, \"mongo\": 1, \"express\": 1, \"opentsdb\": 1, \"mida\": 1, \"solarwinds\": 1, \"linksys\": 1, \"cacti\": 1, \"solman\": 1, \"artica\": 1, \"opm\": 1, \"yii\": 1, \"gridx\": 1, \"flink\": 1, \"netsweeper\": 1, \"fhem\": 1, \"mobileiron\": 1, \"sentry\": 1, \"superwebmailer\": 1, \"ucmdb\": 1, \"rails\": 1, \"acs\": 1, \"liferay\": 1, \"monitor\": 1, \"dasan\": 1, \"gpon\": 1, \"logontracer\": 1, \"lg-nas\": 1, \"jenkins\": 1, \"splunk\": 1}"{% endraw %}{% end_module_attribute %}{% module_attribute "css" is_json="true" %}{% raw %}{}{% endraw %}{% end_module_attribute %}{% module_attribute "definition_id" is_json="true" %}{% raw %}null{% endraw %}{% end_module_attribute %}{% module_attribute "field_types" is_json="true" %}{% raw %}{"code_block":"richtext"}{% endraw %}{% end_module_attribute %}{% module_attribute "label" is_json="true" %}{% raw %}null{% endraw %}{% end_module_attribute %}{% module_attribute "module_id" is_json="true" %}{% raw %}134946837817{% endraw %}{% end_module_attribute %}{% module_attribute "path" is_json="true" %}{% raw %}"/ghost-hs/modules/ghost-code-block"{% endraw %}{% end_module_attribute %}{% module_attribute "schema_version" is_json="true" %}{% raw %}2{% endraw %}{% end_module_attribute %}{% module_attribute "smart_objects" is_json="true" %}{% raw %}[]{% endraw %}{% end_module_attribute %}{% module_attribute "smart_type" is_json="true" %}{% raw %}"NOT_SMART"{% endraw %}{% end_module_attribute %}{% module_attribute "tag" is_json="true" %}{% raw %}"module"{% endraw %}{% end_module_attribute %}{% module_attribute "type" is_json="true" %}{% raw %}"module"{% endraw %}{% end_module_attribute %}{% module_attribute "wrap_field_tag" is_json="true" %}{% raw %}"div"{% endraw %}{% end_module_attribute %}{% end_module_block %} All observed CVEs: {% module_attribute "child_css" is_json="true" %}{% raw %}{}{% endraw %}{% end_module_attribute %}{% module_attribute "code_block" is_json="true" %}{% raw %}"{\"CVE-2014-6271\": {\"name\": \"ShellShock - Remote Code Execution\", \"tags\": \"cve,cve2014,rce,shellshock,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97566}, \"CVE-2022-24288\": {\"name\": \"Apache Airflow OS Command Injection\", \"tags\": \"cve,cve2022,airflow,rce\", \"severity\": \"high\", \"cvss\": 8.8, \"epss\": 0.61988}, \"CVE-2022-1040\": {\"name\": \"Sophos Firewall =18.5 MR3 - Remote Code Execution\", \"tags\": \"cve,cve2022,sophos,firewall,auth-bypass,rce,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97468}, \"CVE-2022-40022\": {\"name\": \"Symmetricom SyncServer Unauthenticated - Remote Command Execution\", \"tags\": \"packetstorm,cve,cve2022,syncserver,rce,unauth\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.75757}, \"CVE-2022-23131\": {\"name\": \"Zabbix - SAML SSO Authentication Bypass\", \"tags\": \"cve,cve2022,zabbix,auth-bypass,saml,sso,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97134}, \"CVE-2022-24816\": {\"name\": \"GeoServer 1.2.2 - Remote Code Execution\", \"tags\": \"cve,cve2022,geoserver,rce\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.85856}, \"CVE-2022-26352\": {\"name\": \"DotCMS - Arbitrary File Upload\", \"tags\": \"packetstorm,cve,cve2022,rce,dotcms,kev,fileupload,intrusive\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97512}, \"CVE-2022-34046\": {\"name\": \"WAVLINK WN533A8 - Improper Access Control\", \"tags\": \"packetstorm,cve,cve2022,wavlink,router,exposure\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.25598}, \"CVE-2022-24990\": {\"name\": \"TerraMaster TOS 4.2.30 Server Information Disclosure\", \"tags\": \"packetstorm,cve,cve2022,terramaster,exposure,kev\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.96236}, \"CVE-2022-34753\": {\"name\": \"SpaceLogic C-Bus Home Controller =1.31.460 - Remote Command Execution\", \"tags\": \"cve,cve2022,iot,spacelogic,rce,oast,packetstorm\", \"severity\": \"high\", \"cvss\": 8.8, \"epss\": 0.97087}, \"CVE-2022-31814\": {\"name\": \"pfSense pfBlockerNG =2.1..4_26 - OS Command Injection\", \"tags\": \"packetstorm,cve,cve2022,pfsense,pfblockerng,rce,oast\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.96754}, \"CVE-2022-34047\": {\"name\": \"WAVLINK WN530HG4 - Improper Access Control\", \"tags\": \"cve2022,wavlink,router,exposure,packetstorm,cve\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.27395}, \"CVE-2022-47986\": {\"name\": \"IBM Aspera Faspex =4.4.2 PL1 - Remote Code Execution\", \"tags\": \"cve,cve2022,ibm,aspera,faspex,kev,packetstorm\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.92526}, \"CVE-2022-29383\": {\"name\": \"NETGEAR ProSafe SSL VPN firmware - SQL Injection\", \"tags\": \"cve,cve2022,sqli,netgear,router\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.5739}, \"CVE-2022-22536\": {\"name\": \"SAP Memory Pipes (MPI) Desynchronization\", \"tags\": \"cve,cve2022,sap,smuggling,netweaver,web-dispatcher,memory-pipes,kev\", \"severity\": \"critical\", \"cvss\": 10, \"epss\": 0.96734}, \"CVE-2022-28219\": {\"name\": \"Zoho ManageEngine ADAudit Plus 7600 - XML Entity Injection/Remote Code Execution\", \"tags\": \"cve,cve2022,xxe,rce,zoho,manageengine,unauth\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97341}, \"CVE-2022-40881\": {\"name\": \"SolarView 6.00 - Remote Command Execution\", \"tags\": \"cve,cve2022,solarview,rce,lfi\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.95017}, \"CVE-2022-25082\": {\"name\": \"TOTOLink - Unauthenticated Command Injection\", \"tags\": \"totolink,cve,cve2022,router,unauth,rce,iot,intrusive\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.04345}, \"CVE-2022-26138\": {\"name\": \"Atlassian Questions For Confluence - Hardcoded Credentials\", \"tags\": \"cve,cve2022,confluence,atlassian,default-login,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97313}, \"CVE-2022-1119\": {\"name\": \"WordPress Simple File List 3.2.8 - Local File Inclusion\", \"tags\": \"wp,wp-plugin,wpscan,cve,cve2022,lfi,wordpress\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.22681}, \"CVE-2022-2488\": {\"name\": \"Wavlink WN535K2/WN535K3 - OS Command Injection\", \"tags\": \"cve,cve2022,iot,wavlink,router,rce,oast\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97381}, \"CVE-2022-31126\": {\"name\": \"Roxy-WI 6.1.1.0 - Remote Code Execution\", \"tags\": \"cve,cve2022,rce,unauth,roxy,packetstorm\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.78469}, \"CVE-2022-26134\": {\"name\": \"Confluence - Remote Code Execution\", \"tags\": \"packetstorm,cve,cve2022,confluence,rce,ognl,oast,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97537}, \"CVE-2022-45933\": {\"name\": \"KubeView =0.1.31 - Information Disclosure\", \"tags\": \"cve,cve2022,kubeview,kubernetes,exposure\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.00292}, \"CVE-2022-29014\": {\"name\": \"Razer Sila Gaming Router 2.0.441_api-2.0.418 - Local File Inclusion\", \"tags\": \"edb,packetstorm,cve,cve2022,razer,lfi,router\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.79768}, \"CVE-2022-44877\": {\"name\": \"CentOS Web Panel 7 0.9.8.1147 - Remote Code Execution\", \"tags\": \"packetstorm,cve,cve2022,centos,rce,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97483}, \"CVE-2022-3980\": {\"name\": \"Sophos Mobile managed on-premises - XML External Entity Injection\", \"tags\": \"cve,cve2022,xxe,ssrf,sophos\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.33654}, \"CVE-2022-24260\": {\"name\": \"VoipMonitor - Pre-Auth SQL Injection\", \"tags\": \"cve,cve2022,voipmonitor,sqli,unauth\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.60301}, \"CVE-2022-23881\": {\"name\": \"ZZZCMS zzzphp 2.1.0 - Remote Code Execution\", \"tags\": \"cve,cve2022,rce,zzzphp,zzzcms\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.29422}, \"CVE-2022-21500\": {\"name\": \"Oracle E-Business Suite =12.2 - Authentication Bypass\", \"tags\": \"cve,cve2022,oracle,misconfig,auth-bypass\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.96395}, \"CVE-2022-22947\": {\"name\": \"Spring Cloud Gateway Code Injection\", \"tags\": \"cve,cve2022,apache,spring,vmware,actuator,oast,kev\", \"severity\": \"critical\", \"cvss\": 10, \"epss\": 0.97552}, \"CVE-2022-29464\": {\"name\": \"WSO2 Management - Arbitrary File Upload Remote Code Execution\", \"tags\": \"cve,cve2022,rce,fileupload,wso2,intrusive,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97483}, \"CVE-2022-35914\": {\"name\": \"GLPI =10.0.2 - Remote Command Execution\", \"tags\": \"cve,cve2022,glpi,rce,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97399}, \"CVE-2022-24112\": {\"name\": \"Apache APISIX - Remote Code Execution\", \"tags\": \"cve,cve2022,apache,rce,apisix,oast,kev,intrusive\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97225}, \"CVE-2022-35413\": {\"name\": \"WAPPLES Web Application Firewall =6.0 - Hardcoded Credentials\", \"tags\": \"cve,cve2022,wapples,firewall,default-login\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.8597}, \"CVE-2022-25487\": {\"name\": \"Atom CMS v2.0 - Remote Code Execution\", \"tags\": \"cve,cve2022,rce,atom,cms,unauth,packetstorm,intrusive\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.79593}, \"CVE-2022-2486\": {\"name\": \"Wavlink WN535K2/WN535K3 - OS Command Injection\", \"tags\": \"cve,cve2022,iot,wavlink,router,rce,oast\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97366}, \"CVE-2022-22972\": {\"name\": \"VMware Workspace ONE Access/Identity Manager/vRealize Automation - Authentication Bypass\", \"tags\": \"cve,cve2022,vmware,auth-bypass,oast\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.8818}, \"CVE-2022-22965\": {\"name\": \"Spring - Remote Code Execution\", \"tags\": \"cve,cve2022,rce,spring,injection,oast,intrusive,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97521}, \"CVE-2022-29153\": {\"name\": \"HashiCorp Consul/Consul Enterprise - Server-Side Request Forgery\", \"tags\": \"cve,cve2022,consul,hashicorp,ssrf,intrusive\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.01824}, \"CVE-2022-2487\": {\"name\": \"Wavlink WN535K2/WN535K3 - OS Command Injection\", \"tags\": \"cve,cve2022,iot,wavlink,router,rce,oast\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97408}, \"CVE-2022-23134\": {\"name\": \"Zabbix Setup Configuration Authentication Bypass\", \"tags\": \"cve,cve2022,zabbix,auth-bypass,kev\", \"severity\": \"medium\", \"cvss\": 5.3, \"epss\": 0.46222}, \"CVE-2022-28955\": {\"name\": \"D-Link DIR-816L - Improper Access Control\", \"tags\": \"cve,cve2022,dlink,exposure\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.02513}, \"CVE-2022-27593\": {\"name\": \"QNAP QTS Photo Station External Reference - Local File Inclusion\", \"tags\": \"cve,cve2022,qnap,lfi,kev\", \"severity\": \"critical\", \"cvss\": 9.1, \"epss\": 0.58116}, \"CVE-2022-40734\": {\"name\": \"Laravel Filemanager v2.5.1 - Local File Inclusion\", \"tags\": \"cve,cve2022,laravel,unisharp,lfi,traversal\", \"severity\": \"medium\", \"cvss\": 6.5, \"epss\": 0.01294}, \"CVE-2022-21661\": {\"name\": \"WordPress 5.8.3 - SQL Injection\", \"tags\": \"wp,sqli,wpquery,wpscan,packetstorm,cve,cve2022,wordpress\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.93457}, \"CVE-2022-0540\": {\"name\": \"Atlassian Jira Seraph - Authentication Bypass\", \"tags\": \"cve,cve2022,atlassian,jira,exposure,auth-bypass\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.16173}, \"CVE-2022-47966\": {\"name\": \"ManageEngine - Remote Command Execution\", \"tags\": \"packetstorm,cve,cve2022,rce,zoho,manageengine,oast,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97439}, \"CVE-2022-22954\": {\"name\": \"VMware Workspace ONE Access - Server-Side Template Injection\", \"tags\": \"workspaceone,kev,tenable,packetstorm,cve,cve2022,vmware,ssti\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97526}, \"CVE-2022-40684\": {\"name\": \"Fortinet - Authentication Bypass\", \"tags\": \"cve,cve2022,fortinet,fortigate,fortios,fortiproxy,auth-bypass,kev,intrusive\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.96776}, \"CVE-2022-43769\": {\"name\": \"Hitachi Pentaho Business Analytics Server - Remote Code Execution\", \"tags\": \"packetstorm,cve,cve2022,rce,ssti,pentaho,kev\", \"severity\": \"high\", \"cvss\": 7.2, \"epss\": 0.05112}, \"CVE-2022-37042\": {\"name\": \"Zimbra Collaboration Suite 8.8.15/9.0 - Remote Code Execution\", \"tags\": \"cve,cve2022,zimbra,rce,unauth,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97371}, \"CVE-2022-34049\": {\"name\": \"WAVLINK WN530HG4 - Improper Access Control\", \"tags\": \"cve,cve2022,wavlink,router,exposure\", \"severity\": \"medium\", \"cvss\": 5.3, \"epss\": 0.19026}, \"CVE-2022-29303\": {\"name\": \"SolarView Compact 6.00 - OS Command Injection\", \"tags\": \"injection,solarview,edb,packetstorm,cve,cve2022,rce,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.96014}, \"CVE-2022-30525\": {\"name\": \"Zyxel Firewall - OS Command Injection\", \"tags\": \"packetstorm,zyxel,cve,cve2022,firewall,unauth,kev,msf,rce\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97548}, \"CVE-2023-23752\": {\"name\": \"Joomla! Webservice - Password Disclosure\", \"tags\": \"cve,cve2023,joomla\", \"severity\": \"medium\", \"cvss\": 5.3, \"epss\": 0.61007}, \"CVE-2023-29298\": {\"name\": \"Adobe ColdFusion - Access Control Bypass\", \"tags\": \"cve,cve2023,adobe,auth-bypass,coldfusion\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": \"0.876270000\"}, \"CVE-2023-22620\": {\"name\": \"SecurePoint UTM 12.x Session ID Leak\", \"tags\": \"utm,leak,memory,packetstorm,cve,cve2023,securepoint\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.00597}, \"CVE-2023-28343\": {\"name\": \"Altenergy Power Control Software C1.2.5 - Remote Command Injection\", \"tags\": \"cve,cve2023,oast,altenergy,iot,packetstorm\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.39796}, \"CVE-2023-1671\": {\"name\": \"Sophos Web Appliance - Remote Code Execution\", \"tags\": \"packetstorm,cve,cve2023,rce,sophos,oast\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.2507}, \"CVE-2023-25135\": {\"name\": \"vBulletin = 5.6.9 - Pre-authentication Remote Code Execution\", \"tags\": \"cve,cve2023,vbulletin,rce,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.65662}, \"CVE-2023-36934\": {\"name\": \"MOVEit Transfer - SQL Injection\", \"tags\": \"cve,cve2023,moveit,rce,sqli,intrusive\", \"severity\": \"critical\", \"cvss\": 9.1, \"epss\": 0.01286}, \"CVE-2023-29300\": {\"name\": \"Adobe ColdFusion - Pre-Auth Remote Code Execution\", \"tags\": \"cve,cve2023,adobe,rce,coldfusion,deserialization\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": \"0.141400000\"}, \"CVE-2023-1434\": {\"name\": \"Odoo - Cross-Site Scripting\", \"tags\": \"cve,cve2023,odoo,xss\", \"severity\": \"medium\", \"cvss\": null, \"epss\": null}, \"CVE-2023-20887\": {\"name\": \"VMware VRealize Network Insight - Remote Code Execution\", \"tags\": \"cve,cve2023,vmware,rce,msf,vrealize,insight,oast,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.71431}, \"CVE-2023-28432\": {\"name\": \"MinIO Cluster Deployment - Information Disclosure\", \"tags\": \"cve,cve2023,minio,console,exposure,kev\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.3955}, \"CVE-2023-22897\": {\"name\": \"Securepoint UTM - Leaking Remote Memory Contents\", \"tags\": \"cve,cve2023,securepoint,utm,exposure,memory\", \"severity\": \"medium\", \"cvss\": 6.5, \"epss\": 0.00876}, \"CVE-2015-8399\": {\"name\": \"Atlassian Confluence 5.8.17 - Information Disclosure\", \"tags\": \"edb,cve,cve2015,atlassian,confluence\", \"severity\": \"medium\", \"cvss\": 4.3, \"epss\": 0.9647}, \"CVE-2012-1823\": {\"name\": \"PHP CGI v5.3.12/5.4.2 Remote Code Execution\", \"tags\": \"cve2012,kev,vulhub,rce,php,cve\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.97494}, \"CVE-2009-0545\": {\"name\": \"ZeroShell = 1.0beta11 Remote Code Execution\", \"tags\": \"edb,cve,cve2009,zeroshell,kerbynet,rce\", \"severity\": \"critical\", \"cvss\": 10, \"epss\": 0.9719}, \"CVE-2009-1151\": {\"name\": \"PhpMyAdmin Scripts - Remote Code Execution\", \"tags\": \"deserialization,kev,vulhub,cve,cve2009,phpmyadmin,rce\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.79256}, \"CVE-2017-11512\": {\"name\": \"ManageEngine ServiceDesk 9.3.9328 - Arbitrary File Retrieval\", \"tags\": \"cve,cve2017,manageengine,lfr,unauth,tenable\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.97175}, \"CVE-2017-5521\": {\"name\": \"NETGEAR Routers - Authentication Bypass\", \"tags\": \"cve,cve2017,auth-bypass,netgear,router,kev\", \"severity\": \"high\", \"cvss\": 8.1, \"epss\": 0.97402}, \"CVE-2017-10271\": {\"name\": \"Oracle WebLogic Server - Remote Command Execution\", \"tags\": \"weblogic,oast,kev,vulhub,cve,cve2017,rce,oracle\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.97429}, \"CVE-2017-5487\": {\"name\": \"WordPress Core 4.7.1 - Username Enumeration\", \"tags\": \"cve,cve2017,wordpress,wp,edb\", \"severity\": \"medium\", \"cvss\": 5.3, \"epss\": 0.97204}, \"CVE-2017-0929\": {\"name\": \"DotNetNuke (DNN) ImageHandler 9.2.0 - Server-Side Request Forgery\", \"tags\": \"dnn,dotnetnuke,hackerone,cve,cve2017,oast,ssrf\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.03588}, \"CVE-2017-5638\": {\"name\": \"Apache Struts 2 - Remote Command Execution\", \"tags\": \"cve,cve2017,apache,kev,msf,struts,rce\", \"severity\": \"critical\", \"cvss\": 10, \"epss\": 0.9756}, \"CVE-2017-11610\": {\"name\": \"XML-RPC Server - Remote Code Execution\", \"tags\": \"oast,xmlrpc,msf,cve,cve2017,rce,supervisor\", \"severity\": \"high\", \"cvss\": 8.8, \"epss\": 0.9743}, \"CVE-2017-9791\": {\"name\": \"Apache Struts2 S2-053 - Remote Code Execution\", \"tags\": \"cve,cve2017,apache,rce,struts,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97502}, \"CVE-2017-9841\": {\"name\": \"PHPUnit - Remote Code Execution\", \"tags\": \"cve,cve2017,php,phpunit,rce,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97488}, \"CVE-2017-12615\": {\"name\": \"Apache Tomcat Servers - Remote Code Execution\", \"tags\": \"rce,tomcat,kev,vulhub,cve,cve2017,apache,fileupload,intrusive\", \"severity\": \"high\", \"cvss\": 8.1, \"epss\": 0.97499}, \"CVE-2017-16894\": {\"name\": \"Laravel 5.5.21 - Information Disclosure\", \"tags\": \"cve2017,laravel,exposure,packetstorm,cve\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.29151}, \"CVE-2017-12635\": {\"name\": \"Apache CouchDB 1.7.0 / 2.x 2.1.1 - Remote Privilege Escalation\", \"tags\": \"cve,cve2017,couchdb,apache,intrusive\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97536}, \"CVE-2017-1000486\": {\"name\": \"Primetek Primefaces 5.x - Remote Code Execution\", \"tags\": \"cve,cve2017,primetek,rce,injection,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97108}, \"CVE-2017-9822\": {\"name\": \"DotNetNuke 5.0.0 - 9.3.0 - Cookie Deserialization Remote Code Execution\", \"tags\": \"packetstorm,cve,cve2017,dotnetnuke,bypass,rce,deserialization,kev\", \"severity\": \"high\", \"cvss\": 8.8, \"epss\": 0.97064}, \"CVE-2017-9140\": {\"name\": \"Reflected XSS - Telerik Reporting Module\", \"tags\": \"cve,cve2017,xss,telerik\", \"severity\": \"medium\", \"cvss\": 6.1, \"epss\": 0.0021}, \"CVE-2017-15944\": {\"name\": \"Palo Alto Network PAN-OS - Remote Code Execution\", \"tags\": \"kev,edb,cve,cve2017,rce,vpn,panos,globalprotect\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97414}, \"CVE-2010-2861\": {\"name\": \"Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI\", \"tags\": \"adobe,kev,vulhub,cve,cve2010,coldfusion,lfi\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.97295}, \"CVE-2010-0219\": {\"name\": \"Apache Axis2 Default Login\", \"tags\": \"cve,cve2010,axis,apache,default-login,axis2\", \"severity\": \"critical\", \"cvss\": 10, \"epss\": 0.97497}, \"CVE-2019-10232\": {\"name\": \"Teclib GLPI = 9.3.3 - Unauthenticated SQL Injection\", \"tags\": \"cve,cve2019,glpi,sqli,injection\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.16114}, \"CVE-2019-10068\": {\"name\": \"Kentico CMS Insecure Deserialization Remote Code Execution\", \"tags\": \"cve2019,kentico,iis,packetstorm,cve,rce,deserialization,kev,msf\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97358}, \"CVE-2019-11510\": {\"name\": \"Pulse Connect Secure SSL VPN Arbitrary File Read\", \"tags\": \"packetstorm,cve,cve2019,pulsesecure,lfi,kev\", \"severity\": \"critical\", \"cvss\": 10, \"epss\": 0.97317}, \"CVE-2019-1653\": {\"name\": \"Cisco Small Business WAN VPN Routers - Sensitive Information Disclosure\", \"tags\": \"packetstorm,kev,edb,cve,cve2019,cisco,router,exposure\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.97578}, \"CVE-2019-2767\": {\"name\": \"Oracle Business Intelligence Publisher - XML External Entity Injection\", \"tags\": \"edb,cve,cve2019,oracle,xxe,oast\", \"severity\": \"high\", \"cvss\": 7.2, \"epss\": 0.14972}, \"CVE-2019-19824\": {\"name\": \"TOTOLINK Realtek SD Routers - Remote Command Injection\", \"tags\": \"cve,cve2019,totolink,rce,router\", \"severity\": \"high\", \"cvss\": 8.8, \"epss\": 0.97234}, \"CVE-2019-20933\": {\"name\": \"InfluxDB 1.7.6 - Authentication Bypass\", \"tags\": \"unauth,db,influxdb,misconfig\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.04077}, \"CVE-2019-13462\": {\"name\": \"Lansweeper Unauthenticated SQL Injection\", \"tags\": \"cve,cve2019,sqli,lansweeper\", \"severity\": \"critical\", \"cvss\": 9.1, \"epss\": 0.41054}, \"CVE-2019-8086\": {\"name\": \"Adobe Experience Manager - XML External Entity Injection\", \"tags\": \"cve,cve2019,aem,adobe\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.14515}, \"CVE-2019-16123\": {\"name\": \"PilusCart =1.4.1 - Local File Inclusion\", \"tags\": \"piluscart,lfi,packetstorm,edb,cve,cve2019\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.72953}, \"CVE-2019-11581\": {\"name\": \"Atlassian Jira Server-Side Template Injection\", \"tags\": \"cve,cve2019,atlassian,jira,ssti,rce,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97434}, \"CVE-2019-17506\": {\"name\": \"D-Link DIR-868L/817LW - Information Disclosure\", \"tags\": \"cve,cve2019,dlink,router,disclosure\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.90125}, \"CVE-2019-19781\": {\"name\": \"Citrix ADC and Gateway - Directory Traversal\", \"tags\": \"lfi,kev,packetstorm,cve,cve2019,citrix\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.9748}, \"CVE-2019-1821\": {\"name\": \"Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager - Remote Code Execution\", \"tags\": \"packetstorm,cve,cve2019,rce,fileupload,unauth,intrusive,cisco\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.96882}, \"CVE-2019-7609\": {\"name\": \"Kibana Timelion - Arbitrary Code Execution\", \"tags\": \"cve,cve2019,kibana,rce,kev\", \"severity\": \"critical\", \"cvss\": 10, \"epss\": 0.97232}, \"CVE-2019-12725\": {\"name\": \"Zeroshell 3.9.0 - Remote Command Execution\", \"tags\": \"packetstorm,cve,cve2019,rce,zeroshell\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.96689}, \"CVE-2019-11580\": {\"name\": \"Atlassian Crowd and Crowd Data Center Unauthenticated Remote Code Execution\", \"tags\": \"packetstorm,kev,cve,cve2019,atlassian,rce\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97491}, \"CVE-2019-2725\": {\"name\": \"Oracle WebLogic Server - Remote Command Execution\", \"tags\": \"packetstorm,kev,edb,cve,cve2019,oracle,weblogic,rce\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97568}, \"CVE-2019-9978\": {\"name\": \"WordPress Social Warfare 3.5.3 - Cross-Site Scripting\", \"tags\": \"cve,cve2019,wordpress,wp-plugin,ssrf,kev\", \"severity\": \"medium\", \"cvss\": 6.1, \"epss\": 0.97293}, \"CVE-2019-16278\": {\"name\": \"nostromo 1.9.6 - Remote Code Execution\", \"tags\": \"edb,cve,cve2019,rce,packetstorm\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97376}, \"CVE-2019-7481\": {\"name\": \"SonicWall SRA 4600 VPN - SQL Injection\", \"tags\": \"cve,cve2019,sonicwall,sqli,kev\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.92019}, \"CVE-2019-3929\": {\"name\": \"Barco/AWIND OEM Presentation Platform - Remote Command Injection\", \"tags\": \"tenable,cve,cve2019,oast,injection,kev,edb,rce,packetstorm\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97436}, \"CVE-2019-3401\": {\"name\": \"Atlassian Jira 7.13.3/8.0.0-8.1.1 - Incorrect Authorization\", \"tags\": \"cve,cve2019,jira,atlassian,exposure\", \"severity\": \"medium\", \"cvss\": 5.3, \"epss\": 0.0055}, \"CVE-2019-9670\": {\"name\": \"Synacor Zimbra Collaboration 8.7.11p10 - XML External Entity Injection\", \"tags\": \"cve,cve2019,zimbra,xxe,kev,edb,packetstorm\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97534}, \"CVE-2019-2616\": {\"name\": \"Oracle Business Intelligence/XML Publisher - XML External Entity Injection\", \"tags\": \"cve,cve2019,oracle,xxe,oast,kev,edb\", \"severity\": \"high\", \"cvss\": 7.2, \"epss\": 0.93436}, \"CVE-2019-6340\": {\"name\": \"Drupal - Remote Code Execution\", \"tags\": \"cve,cve2019,drupal,rce,kev\", \"severity\": \"high\", \"cvss\": 8.1, \"epss\": 0.97479}, \"CVE-2019-3396\": {\"name\": \"Atlassian Confluence Server - Path Traversal\", \"tags\": \"cve,cve2019,atlassian,confluence,lfi,rce,kev,packetstorm\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.975}, \"CVE-2019-16920\": {\"name\": \"D-Link Routers - Remote Code Execution\", \"tags\": \"cve,cve2019,dlink,rce,router,unauth,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.96236}, \"CVE-2021-22502\": {\"name\": \"Micro Focus Operations Bridge Reporter - Remote Code Execution\", \"tags\": \"cve,cve2021,microfocus,obr,rce,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97447}, \"CVE-2021-39211\": {\"name\": \"GLPI 9.2/ 9.5.6 - Information Disclosure\", \"tags\": \"cve,cve2021,glpi,exposure\", \"severity\": \"medium\", \"cvss\": 5.3, \"epss\": 0.00253}, \"CVE-2021-30175\": {\"name\": \"ZEROF Web Server 1.0 - SQL Injection\", \"tags\": \"cve,cve2021,zerof,sqli\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.03345}, \"CVE-2021-20837\": {\"name\": \"MovableType - Remote Command Injection\", \"tags\": \"packetstorm,cve,cve2021,rce,movable\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97185}, \"CVE-2021-21973\": {\"name\": \"VMware vSphere - Server-Side Request Forgery\", \"tags\": \"cve,cve2021,vmware,ssrf,vcenter,oast,kev\", \"severity\": \"medium\", \"cvss\": 5.3, \"epss\": 0.18619}, \"CVE-2021-41277\": {\"name\": \"Metabase Local File Inclusion\", \"tags\": \"cve,cve2021,metabase,lfi\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.967}, \"CVE-2021-40870\": {\"name\": \"Aviatrix Controller 6.x before 6.5-1804.1922 - Remote Command Execution\", \"tags\": \"intrusive,packetstorm,cve,cve2021,rce,aviatrix,kev,fileupload\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.95922}, \"CVE-2021-21972\": {\"name\": \"VMware vSphere Client (HTML5) - Remote Code Execution\", \"tags\": \"cve2021,vmware,rce,vcenter,kev,packetstorm,cve\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97386}, \"CVE-2021-27561\": {\"name\": \"YeaLink DM 3.6.0.20 - Remote Command Injection\", \"tags\": \"cve,cve2021,rce,yealink,mirai,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97477}, \"CVE-2021-30461\": {\"name\": \"VoipMonitor 24.61 - Remote Code Execution\", \"tags\": \"cve,cve2021,rce,voipmonitor\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.9675}, \"CVE-2021-32305\": {\"name\": \"Websvn 2.6.1 - Remote Code Execution\", \"tags\": \"cve,cve2021,websvn,rce,oast,packetstorm\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97295}, \"CVE-2021-40539\": {\"name\": \"Zoho ManageEngine ADSelfService Plus v6113 - Unauthenticated Remote Command Execution\", \"tags\": \"cve,cve2021,rce,ad,intrusive,manageengine,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97472}, \"CVE-2021-4191\": {\"name\": \"GitLab GraphQL API User Enumeration\", \"tags\": \"cve,cve2021,gitlab,api,graphql,enum,unauth\", \"severity\": \"medium\", \"cvss\": 5.3, \"epss\": 0.74106}, \"CVE-2021-22145\": {\"name\": \"Elasticsearch 7.10.0-7.13.3 - Information Disclosure\", \"tags\": \"cve,cve2021,elasticsearch,packetstorm\", \"severity\": \"medium\", \"cvss\": 6.5, \"epss\": 0.34493}, \"CVE-2021-33564\": {\"name\": \"Ruby Dragonfly 1.4.0 - Remote Code Execution\", \"tags\": \"cve,cve2021,rce,ruby,injection\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.07974}, \"CVE-2021-41773\": {\"name\": \"Apache 2.4.49 - Path Traversal and Remote Code Execution\", \"tags\": \"cve,cve2021,lfi,rce,apache,misconfig,traversal,kev\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.97532}, \"CVE-2021-21975\": {\"name\": \"vRealize Operations Manager API - Server-Side Request Forgery\", \"tags\": \"kev,packetstorm,cve,cve2021,ssrf,vmware,vrealize\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.97441}, \"CVE-2021-42237\": {\"name\": \"Sitecore Experience Platform Pre-Auth RCE\", \"tags\": \"packetstorm,cve,cve2021,rce,sitecore,deserialization,oast,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97543}, \"CVE-2021-26855\": {\"name\": \"Microsoft Exchange Server SSRF Vulnerability\", \"tags\": \"cve,cve2021,ssrf,rce,exchange,oast,microsoft,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97537}, \"CVE-2021-44228\": {\"name\": \"Apache Log4j2 Remote Code Injection\", \"tags\": \"cve,cve2021,rce,oast,log4j,injection,kev\", \"severity\": \"critical\", \"cvss\": 10, \"epss\": 0.97569}, \"CVE-2021-3297\": {\"name\": \"Zyxel NBG2105 V1.00(AAGU.2)C0 - Authentication Bypass\", \"tags\": \"cve,cve2021,zyxel,auth-bypass,router\", \"severity\": \"high\", \"cvss\": 7.8, \"epss\": 0.18886}, \"CVE-2021-22986\": {\"name\": \"F5 iControl REST - Remote Command Execution\", \"tags\": \"bigip,cve,cve2021,rce,kev,packetstorm\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97452}, \"CVE-2021-21978\": {\"name\": \"VMware View Planner 4.6 SP1- Remote Code Execution\", \"tags\": \"cve,cve2021,vmware,rce,packetstorm,fileupload,intrusive\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.9748}, \"CVE-2021-31755\": {\"name\": \"Tenda Router AC11 - Remote Command Injection\", \"tags\": \"cve,cve2021,tenda,rce,oast,router,mirai,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.96795}, \"CVE-2021-1497\": {\"name\": \"Cisco HyperFlex HX Data Platform - Remote Command Execution\", \"tags\": \"cve,cve2021,cisco,rce,oast,kev,packetstorm,\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97531}, \"CVE-2021-25281\": {\"name\": \"SaltStack Salt 3002.5 - Auth Bypass\", \"tags\": \"cve,cve2021,saltapi,rce,saltstack,unauth\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.8118}, \"CVE-2021-28149\": {\"name\": \"Hongdian H8922 3.0.5 Devices - Local File Inclusion\", \"tags\": \"cve,cve2021,hongdian,traversal\", \"severity\": \"medium\", \"cvss\": 6.5, \"epss\": 0.05232}, \"CVE-2021-45232\": {\"name\": \"Apache APISIX Dashboard 2.10.1 - API Unauthorized Access\", \"tags\": \"cve,cve2021,apache,unauth,apisix\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97304}, \"CVE-2021-38647\": {\"name\": \"Microsoft Open Management Infrastructure - Remote Code Execution\", \"tags\": \"cve,cve2021,rce,omi,microsoft,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97478}, \"CVE-2021-35464\": {\"name\": \"ForgeRock OpenAM 7.0 - Remote Code Execution\", \"tags\": \"cve,cve2021,openam,rce,java,kev,kev,packetstorm\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97409}, \"CVE-2021-3577\": {\"name\": \"Motorola Baby Monitors - Remote Command Execution\", \"tags\": \"cve,cve2021,rce,oast,motorola,iot\", \"severity\": \"high\", \"cvss\": 8.8, \"epss\": 0.97158}, \"CVE-2021-40323\": {\"name\": \"Cobbler 3.3.0 - Remote Code Execution\", \"tags\": \"cve,cve2021,cobbler,rce\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.01853}, \"CVE-2021-34473\": {\"name\": \"Exchange Server - Remote Code Execution\", \"tags\": \"cve,cve2021,ssrf,rce,exchange,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97442}, \"CVE-2021-1498\": {\"name\": \"Cisco HyperFlex HX Data Platform - Remote Command Execution\", \"tags\": \"kev,packetstorm,cve,cve2021,cisco,rce,oast,mirai\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97531}, \"CVE-2021-28150\": {\"name\": \"Hongdian H8922 3.0.5 - Information Disclosure\", \"tags\": \"cve,cve2021,hongdian,exposure\", \"severity\": \"medium\", \"cvss\": 5.5, \"epss\": 0.00339}, \"CVE-2021-20167\": {\"name\": \"Netgear RAX43 1.0.3.96 - Command Injection/Authentication Bypass Buffer Overrun\", \"tags\": \"tenable,cve,cve2021,netgear,rce,router\", \"severity\": \"high\", \"cvss\": 8, \"epss\": 0.95513}, \"CVE-2021-29203\": {\"name\": \"HPE Edgeline Infrastructure Manager 1.22 - Authentication Bypass\", \"tags\": \"hpe,cve,cve2021,bypass,tenable\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.9596}, \"CVE-2021-25646\": {\"name\": \"Apache Druid - Remote Code Execution\", \"tags\": \"cve,cve2021,apache,rce,druid\", \"severity\": \"high\", \"cvss\": 8.8, \"epss\": 0.97431}, \"CVE-2021-40438\": {\"name\": \"Apache = 2.4.48 - Mod_Proxy SSRF\", \"tags\": \"cve,cve2021,ssrf,apache,mod-proxy,kev\", \"severity\": \"critical\", \"cvss\": 9, \"epss\": 0.97544}, \"CVE-2021-27905\": {\"name\": \"Apache Solr =8.8.1 - Server-Side Request Forgery\", \"tags\": \"cve,cve2021,apache,solr,ssrf\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.9728}, \"CVE-2021-22005\": {\"name\": \"VMware vCenter Server - Arbitrary File Upload\", \"tags\": \"cve,cve2021,vmware,vcenter,fileupload,kev,intrusive\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.9731}, \"CVE-2021-36380\": {\"name\": \"Sunhillo SureLine 8.7.0.1.1 - Unauthenticated OS Command Injection\", \"tags\": \"cve,cve2021,sureline,rce,oast\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97044}, \"CVE-2021-31805\": {\"name\": \"Apache Struts2 S2-062 - Remote Code Execution\", \"tags\": \"cve,cve2021,apache,rce,struts,struts2,intrusive\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.02}, \"CVE-2021-21805\": {\"name\": \"Advantech R-SeeNet 2.4.12 - OS Command Injection\", \"tags\": \"cve,cve2021,rce,r-seenet\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97394}, \"CVE-2021-22911\": {\"name\": \"Rocket.Chat =3.13 - NoSQL Injection\", \"tags\": \"rocketchat,nosqli,packetstorm,vulhub,hackerone,cve,cve2021\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.95173}, \"CVE-2021-21307\": {\"name\": \"Lucee Admin - Remote Code Execution\", \"tags\": \"cve,cve2021,rce,lucee,adobe\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97319}, \"CVE-2021-45046\": {\"name\": \"Apache Log4j2 - Remote Code Injection\", \"tags\": \"cve,cve2021,rce,oast,log4j,injection,kev\", \"severity\": \"critical\", \"cvss\": 9, \"epss\": 0.97411}, \"CVE-2021-44529\": {\"name\": \"Ivanti EPM Cloud Services Appliance Code Injection\", \"tags\": \"cve2021,ivanti,epm,csa,injection,packetstorm,cve\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.96445}, \"CVE-2021-20150\": {\"name\": \"Trendnet AC2600 TEW-827DRU - Credentials Disclosure\", \"tags\": \"disclosure,router,tenable,cve,cve2021,trendnet\", \"severity\": \"medium\", \"cvss\": 5.3, \"epss\": 0.21132}, \"CVE-2021-26084\": {\"name\": \"Confluence Server - Remote Code Execution\", \"tags\": \"cve,cve2021,rce,confluence,injection,ognl,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97474}, \"CVE-2021-43798\": {\"name\": \"Grafana v8.x - Arbitrary File Read\", \"tags\": \"packetstorm,cve,cve2021,grafana,lfi\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.97473}, \"CVE-2021-28151\": {\"name\": \"Hongdian H8922 3.0.5 - Remote Command Injection\", \"tags\": \"cve,cve2021,hongdian,rce,injection\", \"severity\": \"high\", \"cvss\": 8.8, \"epss\": 0.97079}, \"CVE-2021-36749\": {\"name\": \"Apache Druid - Local File Inclusion\", \"tags\": \"cve,cve2021,apache,lfi,auth-bypass,druid\", \"severity\": \"medium\", \"cvss\": 6.5, \"epss\": 0.95311}, \"CVE-2021-3378\": {\"name\": \"FortiLogger 4.4.2.2 - Arbitrary File Upload\", \"tags\": \"fortilogger,fortigate,fortinet,packetstorm,cve,cve2021,fileupload,intrusive\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.18588}, \"CVE-2021-22214\": {\"name\": \"Gitlab CE/EE 10.5 - Server-Side Request Forgery\", \"tags\": \"cve,cve2021,gitlab,ssrf\", \"severity\": \"high\", \"cvss\": 8.6, \"epss\": 0.17173}, \"CVE-2021-27850\": {\"name\": \"Apache Tapestry - Remote Code Execution\", \"tags\": \"cve,cve2021,apache,tapestry\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97413}, \"CVE-2021-21402\": {\"name\": \"Jellyfin 10.7.0 - Local File Inclusion\", \"tags\": \"cve,cve2021,jellyfin,lfi\", \"severity\": \"medium\", \"cvss\": 6.5, \"epss\": 0.25761}, \"CVE-2021-22054\": {\"name\": \"VMWare Workspace ONE UEM - Server-Side Request Forgery\", \"tags\": \"cve,cve2021,vmware,workspace,ssrf\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.83683}, \"CVE-2021-36260\": {\"name\": \"Hikvision IP camera/NVR - Remote Command Execution\", \"tags\": \"cve,cve2021,hikvision,rce,iot,intrusive,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97512}, \"CVE-2021-29156\": {\"name\": \"LDAP Injection In OpenAM\", \"tags\": \"cve,cve2021,openam,ldap,injection\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.35656}, \"CVE-2021-44515\": {\"name\": \"Zoho ManageEngine Desktop Central - Remote Code Execution\", \"tags\": \"cve,cve2021,zoho,rce,manageengine,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97483}, \"CVE-2021-42013\": {\"name\": \"Apache 2.4.49/2.4.50 - Path Traversal and Remote Code Execution\", \"tags\": \"cve,cve2021,lfi,apache,rce,misconfig,traversal,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97514}, \"CVE-2021-41691\": {\"name\": \"openSIS Student Information System 8.0 SQL Injection\", \"tags\": \"sqli,auth,edb,cve,cve2021,opensis\", \"severity\": \"high\", \"cvss\": null, \"epss\": null}, \"CVE-2021-21985\": {\"name\": \"VMware vSphere Client (HTML5) - Remote Code Execution\", \"tags\": \"packetstorm,cve,cve2021,rce,vsphere,vmware,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.9746}, \"CVE-2021-35587\": {\"name\": \"Oracle Access Manager - Remote Code Execution\", \"tags\": \"cve,cve2021,oam,rce,java,unauth,oracle,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.96928}, \"CVE-2021-31602\": {\"name\": \"Hitachi Vantara Pentaho/Business Intelligence Server - Authentication Bypass\", \"tags\": \"spring,seclists,cve,cve2021,pentaho,auth-bypass\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.39689}, \"CVE-2021-28073\": {\"name\": \"Ntopng Authentication Bypass\", \"tags\": \"ntopng,cve,cve2021\", \"severity\": \"critical\", \"cvss\": null, \"epss\": null}, \"CVE-2020-0618\": {\"name\": \"Microsoft SQL Server Reporting Services - Remote Code Execution\", \"tags\": \"cve2020,rce,packetstorm,cve\", \"severity\": \"high\", \"cvss\": 8.8, \"epss\": 0.97426}, \"CVE-2020-35846\": {\"name\": \"Agentejo Cockpit 0.11.2 - NoSQL Injection\", \"tags\": \"cve,cve2020,nosqli,sqli,cockpit,injection\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.84079}, \"CVE-2020-27986\": {\"name\": \"SonarQube - Authentication Bypass\", \"tags\": \"cve,cve2020,sonarqube\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.1352}, \"CVE-2020-28188\": {\"name\": \"TerraMaster TOS - Unauthenticated Remote Command Execution\", \"tags\": \"packetstorm,cve,cve2020,terramaster,rce,oast,mirai,unauth\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97235}, \"CVE-2020-36289\": {\"name\": \"Jira Server and Data Center - Information Disclosure\", \"tags\": \"cve,cve2020,jira,atlassian,unauth\", \"severity\": \"medium\", \"cvss\": 5.3, \"epss\": 0.97254}, \"CVE-2020-9376\": {\"name\": \"D-Link DIR-610 Devices - Information Disclosure\", \"tags\": \"cve,cve2020,dlink,disclosure,router\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.9701}, \"CVE-2020-7796\": {\"name\": \"Zimbra Collaboration Suite 8.8.15 Patch 7 - Server-Side Request Forgery\", \"tags\": \"cve,cve2020,zimbra,ssrf,oast\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.74825}, \"CVE-2020-13942\": {\"name\": \"Apache Unomi 1.5.2 - Remote Code Execution\", \"tags\": \"cve,cve2020,apache,rce\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97533}, \"CVE-2020-11991\": {\"name\": \"Apache Cocoon 2.1.12 - XML Injection\", \"tags\": \"cve,cve2020,apache,xml,cocoon,xxe\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.84866}, \"CVE-2020-8209\": {\"name\": \"Citrix XenMobile Server - Local File Inclusion\", \"tags\": \"cve,cve2020,citrix,lfi,xenmobile\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.97223}, \"CVE-2020-14750\": {\"name\": \"Oracle WebLogic Server - Remote Command Execution\", \"tags\": \"packetstorm,cve,cve2020,rce,oracle,weblogic,unauth,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97528}, \"CVE-2020-8194\": {\"name\": \"Citrix ADC and Citrix NetScaler Gateway - Remote Code Injection\", \"tags\": \"cve,cve2020,citrix\", \"severity\": \"medium\", \"cvss\": 6.5, \"epss\": 0.97325}, \"CVE-2020-9402\": {\"name\": \"Django SQL Injection\", \"tags\": \"cve,cve2020,django,sqli,vulhub\", \"severity\": \"high\", \"cvss\": 8.8, \"epss\": 0.24943}, \"CVE-2020-24391\": {\"name\": \"Mongo-Express - Remote Code Execution\", \"tags\": \"cve,cve2020,mongo,express,rce,intrusive\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.48236}, \"CVE-2020-35847\": {\"name\": \"Agentejo Cockpit 0.11.2 - NoSQL Injection\", \"tags\": \"cve,cve2020,nosqli,sqli,cockpit,injection\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.78648}, \"CVE-2020-5847\": {\"name\": \"UnRaid =6.80 - Remote Code Execution\", \"tags\": \"cve,cve2020,rce,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97138}, \"CVE-2020-5902\": {\"name\": \"F5 BIG-IP TMUI - Remote Code Execution\", \"tags\": \"cve2020,bigip,rce,kev,packetstorm,cve\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97566}, \"CVE-2020-26919\": {\"name\": \"NETGEAR ProSAFE Plus - Unauthenticated Remote Code Execution\", \"tags\": \"cve,cve2020,netgear,rce,oast,router,unauth,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97428}, \"CVE-2020-35476\": {\"name\": \"OpenTSDB =2.4.0 - Remote Code Execution\", \"tags\": \"cve,cve2020,opentsdb,rce,packetstorm\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.96298}, \"CVE-2020-14864\": {\"name\": \"Oracle Fusion - Directory Traversal/Local File Inclusion\", \"tags\": \"cve,cve2020,oracle,lfi,kev,packetstorm\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.30306}, \"CVE-2020-15920\": {\"name\": \"Mida eFramework =2.9.0 - Remote Command Execution\", \"tags\": \"cve,cve2020,mida,rce,packetstorm\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97241}, \"CVE-2020-10148\": {\"name\": \"SolarWinds Orion API - Auth Bypass\", \"tags\": \"cve,cve2020,solarwinds,rce,auth-bypass,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97377}, \"CVE-2020-35713\": {\"name\": \"Belkin Linksys RE6500 1.0.012.001 - Remote Command Execution\", \"tags\": \"cve,cve2020,linksys,rce,oast,router\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97277}, \"CVE-2020-8813\": {\"name\": \"Cacti v1.2.8 - Remote Code Execution\", \"tags\": \"cve,cve2020,cacti,rce,oast\", \"severity\": \"high\", \"cvss\": 8.8, \"epss\": 0.96233}, \"CVE-2020-17530\": {\"name\": \"Apache Struts 2.0.0-2.5.25 - Remote Code Execution\", \"tags\": \"cve,cve2020,apache,rce,struts,kev,packetstorm\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.971}, \"CVE-2020-11978\": {\"name\": \"Apache Airflow =1.10.10 - Remote Code Execution\", \"tags\": \"cve,cve2020,apache,airflow,rce,kev\", \"severity\": \"high\", \"cvss\": 8.8, \"epss\": 0.97524}, \"CVE-2020-6207\": {\"name\": \"SAP Solution Manager 7.2 - Remote Command Execution\", \"tags\": \"cve,cve2020,sap,solman,rce,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97442}, \"CVE-2020-17506\": {\"name\": \"Artica Web Proxy 4.30 - Authentication Bypass/SQL Injection\", \"tags\": \"cve,cve2020,artica,proxy,packetstorm\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.96186}, \"CVE-2020-13379\": {\"name\": \"Grafana 3.0.1-7.0.1 - Server-Side Request Forgery\", \"tags\": \"cve,cve2020,grafana,ssrf\", \"severity\": \"high\", \"cvss\": 8.2, \"epss\": 0.16322}, \"CVE-2020-17496\": {\"name\": \"vBulletin 5.5.4 - 5.6.2- Remote Command Execution\", \"tags\": \"vbulletin,rce,kev,tenable,seclists,cve,cve2020\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97513}, \"CVE-2020-11853\": {\"name\": \"Micro Focus Operations Bridge Manager =2020.05 - Remote Code Execution\", \"tags\": \"opm,rce,packetstorm,cve,cve2020\", \"severity\": \"high\", \"cvss\": 8.8, \"epss\": 0.94797}, \"CVE-2020-25213\": {\"name\": \"WordPress File Manager Plugin - Remote Code Execution\", \"tags\": \"wordpress,rce,kev,fileupload,intrusive,packetstorm,cve,cve2020\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.9739}, \"CVE-2020-26413\": {\"name\": \"Gitlab CE/EE 13.4 - 13.6.2 - Information Disclosure\", \"tags\": \"hackerone,cve,cve2020,gitlab,exposure,enum,graphql\", \"severity\": \"medium\", \"cvss\": 5.3, \"epss\": 0.64648}, \"CVE-2020-7209\": {\"name\": \"LinuxKI Toolset = 6.01 - Remote Command Execution\", \"tags\": \"cve,cve2020,rce,packetstorm\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97134}, \"CVE-2020-13927\": {\"name\": \"Airflow Experimental 1.10.11 - REST API Auth Bypass\", \"tags\": \"packetstorm,cve,cve2020,apache,airflow,unauth,auth-bypass,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.94321}, \"CVE-2020-15148\": {\"name\": \"Yii 2 2.0.38 - Remote Code Execution\", \"tags\": \"cve,cve2020,rce,yii\", \"severity\": \"critical\", \"cvss\": 10, \"epss\": 0.01814}, \"CVE-2020-25506\": {\"name\": \"D-Link DNS-320 - Unauthenticated Remote Code Execution\", \"tags\": \"cve,cve2020,dlink,rce,oast,mirai,unauth,router,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97451}, \"CVE-2020-9484\": {\"name\": \"Apache Tomcat Remote Command Execution\", \"tags\": \"rce,packetstorm,cve,cve2020,apache,tomcat\", \"severity\": \"high\", \"cvss\": 7, \"epss\": 0.96967}, \"CVE-2020-6287\": {\"name\": \"SAP NetWeaver AS JAVA 7.30-7.50 - Remote Admin Addition\", \"tags\": \"cve,cve2020,sap,kev\", \"severity\": \"critical\", \"cvss\": 10, \"epss\": 0.97519}, \"CVE-2020-24589\": {\"name\": \"WSO2 API Manager =3.1.0 - Blind XML External Entity Injection\", \"tags\": \"cve,cve2020,wso2,xxe,oast,blind\", \"severity\": \"critical\", \"cvss\": 9.1, \"epss\": 0.55262}, \"CVE-2020-13117\": {\"name\": \"Wavlink Multiple AP - Remote Command Injection\", \"tags\": \"cve,cve2020,wavlink,rce,oast,router\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.0785}, \"CVE-2020-19625\": {\"name\": \"Gridx 1.3 - Remote Code Execution\", \"tags\": \"cve,cve2020,gridx,rce\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.88684}, \"CVE-2020-17519\": {\"name\": \"Apache Flink - Local File Inclusion\", \"tags\": \"cve,cve2020,apache,lfi,flink\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.97434}, \"CVE-2020-13167\": {\"name\": \"Netsweeper =6.4.3 - Python Code Injection\", \"tags\": \"cve,cve2020,netsweeper,rce,python,webadmin\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97384}, \"CVE-2020-13937\": {\"name\": \"Apache Kylin - Exposed Configuration File\", \"tags\": \"cve,cve2020,apache\", \"severity\": \"medium\", \"cvss\": 5.3, \"epss\": 0.97402}, \"CVE-2020-26073\": {\"name\": \"Cisco SD-WAN vManage Software - Local File Inclusion\", \"tags\": \"cve,cve2020,cisco,lfi\", \"severity\": \"high\", \"cvss\": null, \"epss\": null}, \"CVE-2020-19360\": {\"name\": \"FHEM 6.0 - Local File Inclusion\", \"tags\": \"fhem,lfi,cve,cve2020\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.08443}, \"CVE-2020-35848\": {\"name\": \"Agentejo Cockpit 0.12.0 - NoSQL Injection\", \"tags\": \"cve,cve2020,nosqli,sqli,cockpit,injection\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.80376}, \"CVE-2020-14883\": {\"name\": \"Oracle Fusion Middleware WebLogic Server Administration Console - Remote Code Execution\", \"tags\": \"oracle,rce,weblogic,kev,packetstorm,cve,cve2020\", \"severity\": \"high\", \"cvss\": 7.2, \"epss\": 0.97528}, \"CVE-2020-25223\": {\"name\": \"Sophos UTM Preauth - Remote Code Execution\", \"tags\": \"cve,cve2020,sophos,rce,oast,unauth,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97526}, \"CVE-2020-16846\": {\"name\": \"SaltStack =3002 - Shell Injection\", \"tags\": \"vulhub,cve,cve2020,saltstack,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97541}, \"CVE-2020-15505\": {\"name\": \"MobileIron Core Connector = v10.6 Sentry = v9.8 - Remote Code Execution\", \"tags\": \"cve,cve2020,mobileiron,rce,sentry,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97504}, \"CVE-2020-11546\": {\"name\": \"SuperWebmailer 7.21.0.01526 - Remote Code Execution\", \"tags\": \"cve,cve2020,rce,superwebmailer\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.96429}, \"CVE-2020-3580\": {\"name\": \"Cisco ASA/FTD Software - Cross-Site Scripting\", \"tags\": \"cve,cve2020,xss,cisco,kev\", \"severity\": \"medium\", \"cvss\": 6.1, \"epss\": 0.97233}, \"CVE-2020-14181\": {\"name\": \"Jira Server and Data Center - Information Disclosure\", \"tags\": \"cve,cve2020,atlassian,jira,packetstorm\", \"severity\": \"medium\", \"cvss\": 5.3, \"epss\": 0.971}, \"CVE-2020-14882\": {\"name\": \"Oracle Weblogic Server - Remote Command Execution\", \"tags\": \"cve,cve2020,oracle,rce,weblogic,oast,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97544}, \"CVE-2020-11854\": {\"name\": \"Micro Focus UCMDB - Remote Code Execution\", \"tags\": \"microfocus,packetstorm,cve,cve2020,ucmdb,rce\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97414}, \"CVE-2020-8163\": {\"name\": \"Ruby on Rails 5.0.1 - Remote Code Execution\", \"tags\": \"cve,cve2020,rails,rce,hackerone\", \"severity\": \"high\", \"cvss\": 8.8, \"epss\": 0.96961}, \"CVE-2020-15568\": {\"name\": \"TerraMaster TOS .1.29 - Remote Code Execution\", \"tags\": \"cve,cve2020,terramaster,rce\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.96537}, \"CVE-2020-35598\": {\"name\": \"Advanced Comment System 1.0 - Local File Inclusion\", \"tags\": \"acs,edb,seclists,cve,cve2020,lfi\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.10696}, \"CVE-2020-7961\": {\"name\": \"Liferay Portal Unauthenticated 7.2.1 CE GA2 - Remote Code Execution\", \"tags\": \"packetstorm,cve,cve2020,rce,liferay,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97475}, \"CVE-2020-25078\": {\"name\": \"D-Link DCS-2530L/DCS-2670L - Administrator Password Disclosure\", \"tags\": \"cve,cve2020,dlink\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.96829}, \"CVE-2020-28871\": {\"name\": \"Monitorr 1.7.6m - Unauthenticated Remote Code Execution\", \"tags\": \"unauth,cve,fileupload,monitor,edb,intrusive,packetstorm,cve2020,rce\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.96694}, \"CVE-2018-15961\": {\"name\": \"Adobe ColdFusion - Unrestricted File Upload Remote Code Execution\", \"tags\": \"cve,cve2018,adobe,rce,coldfusion,fileupload,kev,intrusive\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97474}, \"CVE-2018-10562\": {\"name\": \"Dasan GPON Devices - Remote Code Execution\", \"tags\": \"cve,cve2018,dasan,gpon,rce,oast,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97572}, \"CVE-2018-9205\": {\"name\": \"Drupal avatar_uploader v7.x-1.0-beta8 - Local File Inclusion\", \"tags\": \"cve,cve2018,lfi,drupal,edb\", \"severity\": \"high\", \"cvss\": 7.5, \"epss\": 0.0389}, \"CVE-2018-13379\": {\"name\": \"Fortinet FortiOS - Credentials Disclosure\", \"tags\": \"cve,cve2018,fortios,lfi,kev\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97492}, \"CVE-2018-7600\": {\"name\": \"Drupal - Remote Code Execution\", \"tags\": \"cve,cve2018,drupal,rce,kev,vulhub,intrusive\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.9757}, \"CVE-2018-16167\": {\"name\": \"LogonTracer =1.2.0 - Remote Command Injection\", \"tags\": \"rce,oast,edb,cve,cve2018,logontracer,intrusive\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.13203}, \"CVE-2018-0127\": {\"name\": \"Cisco RV132W/RV134W Router - Information Disclosure\", \"tags\": \"cve,cve2018,cisco,router\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.08908}, \"CVE-2018-10823\": {\"name\": \"D-Link Routers - Remote Command Injection\", \"tags\": \"cve2018,rce,iot,dlink,router,edb,seclists,cve\", \"severity\": \"high\", \"cvss\": 8.8, \"epss\": 0.96863}, \"CVE-2018-10818\": {\"name\": \"LG NAS Devices - Remote Code Execution\", \"tags\": \"cve,cve2018,lg-nas,rce,oast,injection\", \"severity\": \"critical\", \"cvss\": null, \"epss\": null}, \"CVE-2018-1000861\": {\"name\": \"Jenkins - Remote Command Injection\", \"tags\": \"packetstorm,kev,vulhub,cve,cve2018,rce,jenkins\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97412}, \"CVE-2018-11409\": {\"name\": \"Splunk =7.0.1 - Information Disclosure\", \"tags\": \"edb,cve,cve2018,splunk\", \"severity\": \"medium\", \"cvss\": 5.3, \"epss\": 0.95561}, \"CVE-2016-1555\": {\"name\": \"NETGEAR WNAP320 Access Point Firmware - Remote Command Injection\", \"tags\": \"seclists,packetstorm,netgear,rce,oast,router,kev,cve,cve2016\", \"severity\": \"critical\", \"cvss\": 9.8, \"epss\": 0.97385}}"{% endraw %}{% end_module_attribute %}{% module_attribute "css" is_json="true" %}{% raw %}{}{% endraw %}{% end_module_attribute %}{% module_attribute "definition_id" is_json="true" %}{% raw %}null{% endraw %}{% end_module_attribute %}{% module_attribute "field_types" is_json="true" %}{% raw %}{"code_block":"richtext"}{% endraw %}{% end_module_attribute %}{% module_attribute "label" is_json="true" %}{% raw %}null{% endraw %}{% end_module_attribute %}{% module_attribute "module_id" is_json="true" %}{% raw %}134946837817{% endraw %}{% end_module_attribute %}{% module_attribute "path" is_json="true" %}{% raw %}"/ghost-hs/modules/ghost-code-block"{% endraw %}{% end_module_attribute %}{% module_attribute "schema_version" is_json="true" %}{% raw %}2{% endraw %}{% end_module_attribute %}{% module_attribute "smart_objects" is_json="true" %}{% raw %}[]{% endraw %}{% end_module_attribute %}{% module_attribute "smart_type" is_json="true" %}{% raw %}"NOT_SMART"{% endraw %}{% end_module_attribute %}{% module_attribute "tag" is_json="true" %}{% raw %}"module"{% endraw %}{% end_module_attribute %}{% module_attribute "type" is_json="true" %}{% raw %}"module"{% endraw %}{% end_module_attribute %}{% module_attribute "wrap_field_tag" is_json="true" %}{% raw %}"div"{% endraw %}{% end_module_attribute %}{% end_module_block %}

More Ghost Posts

Super-powered Application Discovery and Security Testing with Agentic AI - Part 3

2/26/25

Super-powered Application Discovery and Security Testing with Agentic AI - Part 2

2/25/25

Super-powered Application Discovery and Security Testing with Agentic AI - Part 1

2/24/25

Agentic AI: A New Era in AppSec

12/3/24

Step Into The Underworld Of
Autonomous AppSec

Request a Demo

Step Into The Underworld Of
Autonomous AppSec

Request a Demo

Step Into The Underworld Of
Autonomous AppSec

Request a Demo

Ghost Security provides autonomous app security with Agentic AI, enabling teams to discover, test, and mitigate risks in real time across complex digital environments.

Join our E-mail list

Join the Ghost Security email list—where we haunt vulnerabilities and banish breaches!

Platform

Ghost Platform

Solutions

Use Cases

Resources

Blogs

Newsroom

Company

About Us

Contact Us

Join Ghost

Ghost Racing

© 2024 Ghost Security. All rights reserved

Privacy Policy

MSA Agreement

Ghost Security provides autonomous app security with Agentic AI, enabling teams to discover, test, and mitigate risks in real time across complex digital environments.

Join our E-mail list

Join the Ghost Security email list—where we haunt vulnerabilities and banish breaches!

Platform

Ghost Platform

Solutions

Use Cases

Resources

Blogs

Newsroom

Company

About Us

Contact Us

Join Ghost

Ghost Racing

© 2024 Ghost Security. All rights reserved

Privacy Policy

MSA Agreement

Ghost Security provides autonomous app security with Agentic AI, enabling teams to discover, test, and mitigate risks in real time across complex digital environments.

Join our E-mail list

Join the Ghost Security email list—where we haunt vulnerabilities and banish breaches!

Platform

Ghost Platform

Solutions

Use Cases

Resources

Blogs

Newsroom

Company

About Us

Contact Us

Join Ghost

Ghost Racing

© 2024 Ghost Security. All rights reserved

Privacy Policy

MSA Agreement