MITRE ATT&CK detection coverage

← Back to main site

Home/ MITRE Matrix/ Command and Control/ T1071

T1071Application Layer Protocol

T1071 — Application Layer Protocol is a MITRE ATT&CK technique in the Command and Control tactic. Clankerusecase tracks 10 detection use cases covering it and 238 threat-intel articles citing it.

Command and Control

View on the matrix → Filter Detection Library MITRE official spec ↗

10Use cases

238Articles

5Sub-techniques

1Tactic

Sub-techniques (5)

T1071.004 · DNS T1071.002 · File Transfer Protocols T1071.003 · Mail Protocols T1071.005 · Publish/Subscribe Protocols T1071.001 · Web Protocols

Use cases covering this technique (10)

Network connections to article IPs / domains Internal c2 · alerting DSΣP [WEEKLY] Auth-Bypass on Public-Facing Service → Post-Exploit Action on Same Host (≤10 min) Internal exploit · alerting DSPDD Windows App Layer Protocol Qakbot NamedPipe ESCU actions · hunting P Windows App Layer Protocol Wermgr Connect To NamedPipe ESCU actions · hunting P Windows Application Layer Protocol RMS Radmin Tool Namedpipe ESCU actions · alerting P Cisco Secure Firewall - High Priority Intrusion Classification ESCU actions · alerting P Cisco Secure Firewall - High Volume of Intrusion Events Per Host ESCU actions · hunting P [LLM] Sniper Dz seized phishing infrastructure callback (post-takedown beacons) Bespoke c2 · alerting DSΣPDDCS [LLM] Network egress to OceanLotus SPECTRALVIPER C2 IPs (2024-2026 campaigns) Bespoke c2 · hunting DSΣPDDCS [LLM] Outbound C2 to sfrclak.com / 142.11.206.73:8000 (Axios npm RAT beacon) Bespoke c2 · alerting DSΣPDDCS

Articles citing this technique (238)

med 152 Chrome Extensions Hide Ad Tracking and Fake Google Search Traffic art-04

med New Agentjacking Attack Hijacks Your AI Coding Agent to Run Code From a Hacker’s Server art-06

crit Chinese hackers hijack auth flow, spy on isolated network for a decade art-07

crit 400+ AUR Packages Hijacked: What the “Atomic Arch” Campaign Means for Supply-Chain Security art-14

high Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit art-17

high Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to Launch Stealthy Cyberattacks art-19

med Hackers Abuse Legitimate NinjaOne RMM Software to Bypass Traditional Malware Detection art-23

high Over 400 Arch Linux packages compromised to push rootkit, infostealer art-25

high Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Credentials, and Wallet Secrets art-26

crit Early Warning Signs of Supply-Chain Attacks Live in the Dark Web art-27

high Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code art-28

high INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator art-33

med Over 73,000 French govt employees affected in Tchap messenger breach art-35

high Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs art-36

crit ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities art-37

high New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets art-41

crit The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm art-44

high npm v12 delivers one of the biggest security improvements in years art-46

high AI Broke Vulnerability Management. That's Why CISOs Are Moving Budget to BAS. art-51

crit OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack art-53

crit OceanLotus: From external espionage to domestic targeting art-54

high Code is being written everywhere, and the device is the only constant art-58

crit Compromised Rust crate onering performs code exfiltration art-66

crit Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows art-71

crit Miasma Worm Hits Microsoft Again: Azure Functions Action and 72 Other Repositories Disabled After Supply Chain Attack Targeting AI Coding Ag art-79

crit Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues art-82

crit Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now art-84

crit WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine art-86

crit New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing art-89

high When “Hi, This Is IT” Comes Through Microsoft Teams art-98

crit Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt Order art-101

crit AI brands as bait: How threat actors are using the AI hype in social engineering art-102

crit AI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 Overload art-103

crit VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances art-107

crit UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign art-108

crit CISA KEV: CVE-2026-50751 — Check Point Security Gateway Improper Authentication Vulnerability art-111

high Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI art-114

crit [GHSA / CRITICAL] GHSA-jpvj-wpmj-h7rv: Supply chain compromise via malicious @cap-js/openapi art-123

high Reporting from Vegas: Networking, AI, and good boys art-126

high Hypotheses, telemetry, and human judgment: Inside Cisco Talos Threat Hunting art-129

high Argamal: Malware hidden in hentai games art-137

high Why EDR and proxy won’t save you from supply chain malware art-142

crit The npm Threat Landscape: Attack Surface and Mitigations (Updated June 2) art-143

high Laravel-Lang Supply Chain Attack: Every Tag Across Multiple Composer Packages Rewritten to Steal CI Secrets art-145

crit Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor art-150

crit Containers on fire: from container escapes to supply chain attacks art-158

crit Malicious npm packages abuse dependency confusion to profile developer environments art-161

crit [GHSA / CRITICAL] CVE-2026-47393: PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default art-167

high Typosquatted npm packages used to steal cloud and CI/CD secrets art-183

high What MDM can't protect on developer machines (and what to do about it) art-186

med Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years art-190

high Legitimate-Looking Codex Remote UI Secretly Steals Your AI Tokens art-194

crit CISA KEV: CVE-2026-45321 — TanStack Unspecified Vulnerability art-204

crit CISA KEV: CVE-2026-8398 — Daemon Tools Lite Embedded Malicious Code Vulnerability art-205

high Why developer machines are now the number one target for supply chain attacks art-208

crit BTMOB: A stealthy RAT burrowing deep into Android devices art-209

crit Laravel Lang Supply Chain Advisory art-211

high Supply Chain Attack Targets Laravel-Lang Packages with Credential Stealer art-212

high Megalodon: Mass GitHub Actions Secret Exfiltration Across 5,500+ Public Repositories art-215

crit Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns art-217

crit Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload art-219

med Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise art-220

crit 5 Supply Chain Attacks in 48 Hours: Why Securing One Layer Is Not Enough art-230

crit [GHSA / CRITICAL] CVE-2026-46421: Supply chain compromise via malicious package versions (@cap-js/sqlite, @cap-js/postgres, @cap-js/db-serv art-235

crit Tracking TamperedChef Clusters via Certificate and Code Reuse art-237

high GitHub breached via a malicious VS Code extension: why developer devices are the real target art-238

crit Webworm: New burrowing techniques art-240

crit The AntV Supply Chain Campaign Expands: Microsoft's `durabletask` PyPI Package Compromised art-248

high Microsoft's durabletask package on PyPi Compromised. Mini Shai Hulud attacks again... again! art-254

crit [GHSA / CRITICAL] CVE-2026-45758: Malicious code in guardrails-ai 0.10.1 (supply chain compromise) art-255

crit [GHSA / CRITICAL] GHSA-27f5-xjrr-q9ff: Malware in @opensearch-project/opensearch art-263

crit From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat art-265

crit Mini Shai-Hulud strikes again: npm worm compromises hundreds of @antv packages art-267

med actions-cool/issues-helper GitHub Action Compromised: All Tags Point to Imposter Commit That Exfiltrates CI/CD Credentials art-268

crit Active Supply Chain Attack: Malicious node-ipc Versions Published to npm art-269

crit Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account art-270

crit [GHSA / CRITICAL] GHSA-wx9m-wx4f-4cmg: Malicious dropper in mistralai 2.4.6 PyPI package art-272

high Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files art-281

crit Malicious node-ipc versions published to npm in suspected maintainer account compromise art-284

crit Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities art-302

crit Kimsuky targets organizations with PebbleDash-based tools art-308

crit FrostyNeighbor: Fresh mischief and digital shenanigans art-309

crit TeamPCP's Mini Shai-Hulud Is Back: A Self-Spreading Supply Chain Attack Compromises TanStack npm Packages art-312

crit Mini Shai-Hulud Is Back: npm Worm Hits over 160 Packages, including Mistral and Tanstack art-315

crit Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution art-325

crit A rigged game: ScarCruft compromises gaming platform in a supply-chain attack art-332

high elementary-data Compromised on PyPI and GHCR: Forged Release Pushed via GitHub Actions Script Injection art-334

crit Bitwarden CLI Hijacked on npm: Bun-Staged Credential Stealer Targets Developers, GitHub Actions, and AI Tools art-335

crit CanisterSprawl: pgserve Compromised on npm: Malicious Versions Harvest Credentials and Exfiltrate to a Decentralized ICP Canister art-336

crit lightning PyPI Compromise: A Bun-Based Credential Stealer in Python art-343

high Someone published four versions of a fake "tanstack" package in 27 minutes to steal your .env files art-346

high Malicious Release of elementary-data PyPI Package Steals Cloud Credentials from Data Engineers art-352

high Qinglong task scheduler RCE vulnerabilities exploited in the wild for cryptomining art-353

high Is Shai-Hulud Back? Compromised Bitwarden CLI Contains a Self-Propagating npm Worm art-361

crit GopherWhisper: A burrow full of malware art-362

crit CISA KEV: CVE-2026-39987 — Marimo Remote Code Execution Vulnerability art-365

high GPT-Proxy Backdoor in npm and PyPI turns Servers into Chinese LLM Relays art-367

high Securing Vibe Coding and AI Coding Agents: An End-to-End Approach with StepSecurity art-395

high @velora-dex/sdk Compromised on npm: Malicious Version Drops macOS Backdoor via launchctl Persistence art-399

crit Behind the Scenes: How StepSecurity Detected and Helped Remediate the Largest npm Supply Chain Attack art-400

crit axios Compromised on npm - Malicious Versions Drop Remote Access Trojan art-401

high hackerbot-claw: An AI-Powered Bot Actively Exploiting GitHub Actions - Microsoft, DataDog, and CNCF Projects Hit So Far art-403

high GlassWorm goes native: New Zig dropper infects every IDE on your machine art-405

high Malicious IoliteLabs VSCode Extensions Target Solidity Developers on Windows, macOS, and Linux with Backdoor art-412

crit TeamPCP Plants WAV Steganography Credential Stealer in telnyx PyPI Package art-413

high You Patched LiteLLM, But Do You Know Your AI Blast Radius? art-414

high Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT art-420

high axios compromised on npm: maintainer account hijacked, RAT deployed art-421

crit litellm: Credential Stealer Hidden in PyPI Wheel art-423

crit Popular telnyx package compromised on PyPI by TeamPCP art-425

high Checkmarx KICS GitHub Action Compromised: Malware Injected in All Git Tags art-428

high CanisterWorm: How a Self-Propagating npm Worm Is Spreading Backdoors Across the Ecosystem art-429

high Trivy Compromised a Second Time - Malicious v0.69.4 Release, aquasecurity/setup-trivy, aquasecurity/trivy-action GitHub Actions Compromised art-430

crit bittensor-wallet 4.0.2 Compromised on PyPI - Backdoor Exfiltrates Private Keys art-431

crit Malicious Polymarket Bot Hides in Hijacked dev-protocol GitHub Org and Steals Wallet Keys art-433

crit ForceMemo: Hundreds of GitHub Python Repos Compromised via Account Takeover and Force-Push art-434

high xygeni-action Compromised: C2 Reverse Shell Backdoor Injected via Tag Poisoning art-435

crit How a Poisoned Security Scanner Became the Key to Backdooring LiteLLM art-443

high CanisterWorm Gets Teeth: TeamPCP's Kubernetes Wiper Targets Iran art-444

high TeamPCP deploys CanisterWorm on NPM following Trivy compromise art-445

crit GlassWorm Hides a RAT Inside a Malicious Chrome Extension art-458

crit fast-draft Open VSX Extension Compromised by BlokTrooper art-459

high Glassworm Strikes Popular React Native Phone Number Packages art-466

high DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear art-470

high kubernetes-el Compromised: How a Pwn Request Exploited a Popular Emacs Package art-475

crit PlugX Meeting Invitation via MSBuild and GDATA art-503

high How “Clinejection” Turned an AI Bot into a Supply Chain Attack art-521

high npm backdoor lets hackers hijack gambling outcomes art-535

crit How a Malicious Google Skill on ClawHub Tricks Users Into Installing Malware art-564

crit DynoWiper update: Technical analysis and attribution art-590

high Fake Clawdbot VS Code Extension Installs ScreenConnect RAT art-594

high G_Wagon: npm Package Deploys Python Stealer Targeting 100+ Crypto Wallets art-604

high Gone Phishin': npm Packages Serving Custom Credential Harvesting Pages art-605

crit Malicious PyPI Packages spellcheckpy and spellcheckerpy Deliver Python RAT art-608

high How Harden Runner Detected the Sha1-Hulud Supply Chain Attack in CNCF's Backstage Repository art-652

crit Supply Chain Security Alert: eslint-config-prettier Package Shows Signs of Compromise art-654

high Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182) art-673

high SHA1-Hulud, npm supply chain incident art-686

crit PlushDaemon compromises network devices for adversary-in-the-middle attacks art-695

crit CISA KEV: CVE-2025-21042 — Samsung Mobile Devices Out-of-Bounds Write Vulnerability art-712

crit The who, where, and how of APT attacks in Q2 2025–Q3 2025 art-714

crit CISA KEV: CVE-2025-11371 — Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability art-721

crit CISA KEV: CVE-2025-24893 — XWiki Platform Eval Injection Vulnerability art-726

crit CISA KEV: CVE-2025-54236 — Adobe Commerce and Magento Improper Input Validation Vulnerability art-732

crit CISA KEV: CVE-2025-59287 — Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability art-733

crit Gotta fly: Lazarus targets the UAV sector art-734

crit CISA KEV: CVE-2025-61932 — Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability art-738

crit CISA KEV: CVE-2025-61884 — Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability art-743

crit Phishing Campaign Leveraging the NPM Ecosystem art-754

crit CISA KEV: CVE-2025-27915 — Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability art-757

crit CISA KEV: CVE-2010-3962 — Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability art-759

crit CISA KEV: CVE-2010-3765 — Mozilla Multiple Products Remote Code Execution Vulnerability art-763

crit CISA KEV: CVE-2025-61882 — Oracle E-Business Suite Unspecified Vulnerability art-764

crit CISA KEV: CVE-2025-21043 — Samsung Mobile Devices Out-of-Bounds Write Vulnerability art-768

crit CISA KEV: CVE-2025-10035 — Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability art-773

high Malicious MCP Server on npm postmark-mcp Harvests Emails art-776

high GhostAction Campaign: Over 3,000 Secrets Stolen Through Malicious GitHub Workflows art-785

high Zero-day Extensive NPM Package Compromise - Shai Hulud Supply Chain Attack art-789

crit CISA KEV: CVE-2025-5086 — Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability art-790

high npm Supply Chain Attack via Open Source maintainer compromise art-794

crit CISA KEV: CVE-2025-53690 — Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability art-799

crit CISA KEV: CVE-2013-3893 — Microsoft Internet Explorer Resource Management Errors Vulnerability art-822

high Supply Chain Security Alert: num2words PyPI Package Shows Signs of Compromise art-824

crit Maintainers of ESLint Prettier Plugin Attacked via npm Supply Chain Malware art-837

crit CISA KEV: CVE-2025-49704 — Microsoft SharePoint Code Injection Vulnerability art-841

high Cursor IDE Malware Extension Compromise in $500k Crypto Heist art-842

crit CISA KEV: CVE-2025-53770 — Microsoft SharePoint Deserialization of Untrusted Data Vulnerability art-844

crit CISA KEV: CVE-2025-47812 — Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability art-847

crit CISA KEV: CVE-2023-33538 — TP-Link Multiple Routers Command Injection Vulnerability art-868

crit CISA KEV: CVE-2025-33053 — Microsoft Windows External Control of File Name or Path Vulnerability art-874

crit CISA KEV: CVE-2025-24016 — Wazuh Server Deserialization of Untrusted Data Vulnerability art-875

crit CISA KEV: CVE-2024-42009 — RoundCube Webmail Cross-Site Scripting Vulnerability art-876

crit CISA KEV: CVE-2025-32433 — Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability art-877

crit CISA KEV: CVE-2021-32030 — ASUS Routers Improper Authentication Vulnerability art-886

crit CISA KEV: CVE-2025-35939 — Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability art-888

crit CISA KEV: CVE-2023-39780 — ASUS RT-AX55 Routers OS Command Injection Vulnerability art-890

crit CISA KEV: CVE-2024-27443 — Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability art-900

crit CISA KEV: CVE-2025-27920 — Srimax Output Messenger Directory Traversal Vulnerability art-901

crit CISA KEV: CVE-2024-11182 — MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability art-902

crit CISA KEV: CVE-2025-4428 — Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability art-903

crit CISA KEV: CVE-2025-42999 — SAP NetWeaver Deserialization Vulnerability art-904

crit CISA KEV: CVE-2024-12987 — DrayTek Vigor Routers OS Command Injection Vulnerability art-905

crit CISA KEV: CVE-2025-32756 — Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability art-906

crit CISA KEV: CVE-2024-11120 — GeoVision Devices OS Command Injection Vulnerability art-914

crit CISA KEV: CVE-2025-3248 — Langflow Missing Authentication Vulnerability art-917

crit CISA KEV: CVE-2025-31324 — SAP NetWeaver Unrestricted File Upload Vulnerability art-923

crit CISA KEV: CVE-2025-3928 — Commvault Web Server Unspecified Vulnerability art-927

crit CISA KEV: CVE-2025-24054 — Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability art-929

crit CISA KEV: CVE-2021-20035 — SonicWall SMA100 Appliances OS Command Injection Vulnerability art-933

crit CISA KEV: CVE-2025-29824 — Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability art-936

crit CISA KEV: CVE-2025-30406 — Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability art-937

crit CISA KEV: CVE-2025-31161 — CrushFTP Authentication Bypass Vulnerability art-938

crit CISA KEV: CVE-2025-24813 — Apache Tomcat Path Equivalence Vulnerability art-942

crit CISA KEV: CVE-2025-2783 — Google Chromium Mojo Sandbox Escape Vulnerability art-945

crit CISA KEV: CVE-2025-24472 — Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability art-956

crit CISA KEV: CVE-2025-21590 — Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability art-960

crit CISA KEV: CVE-2025-26633 — Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability art-970

crit CISA KEV: CVE-2024-57968 — Advantive VeraCore Unrestricted File Upload Vulnerability art-972

crit CISA KEV: CVE-2025-25181 — Advantive VeraCore SQL Injection Vulnerability art-973

crit CISA KEV: CVE-2023-20118 — Cisco Small Business RV Series Routers Command Injection Vulnerability art-984

crit Do not pass GO - Malicious Package Alert art-1000

crit CISA KEV: CVE-2024-41710 — Mitel SIP Phones Argument Injection Vulnerability art-1002

crit CISA KEV: CVE-2025-0994 — Trimble Cityworks Deserialization Vulnerability art-1006

crit CISA KEV: CVE-2024-50603 — Aviatrix Controllers OS Command Injection Vulnerability art-1027

crit CISA KEV: CVE-2024-55591 — Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability art-1032

crit CISA KEV: CVE-2023-48365 — Qlik Sense HTTP Tunneling Vulnerability art-1033

crit CISA KEV: CVE-2021-44207 — Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability art-1044

crit CISA KEV: CVE-2024-55956 — Cleo Multiple Products Unauthenticated File Upload Vulnerability art-1051

crit CISA KEV: CVE-2024-20767 — Adobe ColdFusion Improper Access Control Vulnerability art-1053

crit CISA KEV: CVE-2024-50623 — Cleo Multiple Products Unrestricted File Upload Vulnerability art-1054

high Ultralytics AI Pwn Request Supply Chain Attack art-1055

crit CISA KEV: CVE-2024-9474 — Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability art-1078

crit CISA KEV: CVE-2024-43451 — Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability art-1088

crit CISA KEV: CVE-2024-49039 — Microsoft Windows Task Scheduler Privilege Escalation Vulnerability art-1089

crit CISA KEV: CVE-2024-8956 — PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability art-1094

crit CISA KEV: CVE-2024-37383 — RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability art-1100

crit CISA KEV: CVE-2024-47575 — Fortinet FortiManager Missing Authentication Vulnerability art-1103

crit CISA KEV: CVE-2024-38094 — Microsoft SharePoint Deserialization Vulnerability art-1106

crit CISA KEV: CVE-2024-9680 — Mozilla Firefox Use-After-Free Vulnerability art-1114

crit CISA KEV: CVE-2024-9380 — Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability art-1119

crit CISA KEV: CVE-2024-23113 — Fortinet Multiple Products Format String Vulnerability art-1120

crit CISA KEV: CVE-2024-45519 — Synacor Zimbra Collaboration Suite (ZCS) Command Execution Vulnerability art-1126

crit CISA KEV: CVE-2023-25280 — D-Link DIR-820 Router OS Command Injection Vulnerability art-1133

crit CISA KEV: CVE-2024-8963 — Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability art-1140

crit CISA KEV: CVE-2014-0502 — Adobe Flash Player Double Free Vulnerablity art-1147

crit CISA KEV: CVE-2024-8190 — Ivanti Cloud Services Appliance OS Command Injection Vulnerability art-1153

crit CISA KEV: CVE-2024-40766 — SonicWall SonicOS Improper Access Control Vulnerability art-1157

crit CISA KEV: CVE-2024-7262 — Kingsoft WPS Office Path Traversal Vulnerability art-1163

crit CISA KEV: CVE-2024-7971 — Google Chromium V8 Type Confusion Vulnerability art-1171

crit CISA KEV: CVE-2018-0824 — Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability art-1193

crit CISA KEV: CVE-2024-28995 — SolarWinds Serv-U Path Traversal Vulnerability art-1207

crit CISA KEV: CVE-2024-34102 — Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability art-1208

crit CISA KEV: CVE-2024-36401 — OSGeo GeoServer GeoTools Eval Injection Vulnerability art-1209

crit CISA KEV: CVE-2024-23692 — Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability art-1213

crit Polyfill supply chain attack embeds malware in JavaScript CDN assets art-1218

crit CISA KEV: CVE-2024-4577 — PHP-CGI OS Command Injection Vulnerability art-1234

med Real-time threat protection with Snyk and SentinelOne art-1337

high .NET developers alert: Moq NuGET package exfiltrates user emails from git art-1399