MITRE ATT&CK — FreeIntelHub

T1190 — Exploit Public-Facing Application (Initial Access)

205 articles found

Zero Day Initiative CVE Apple Feb 12

ZDI-26-073: Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vul...

T1190 T1059 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apple Feb 12

ZDI-26-072: Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vul...

T1190 T1059 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apple Feb 12

ZDI-26-071: Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vul...

T1190 T1059 1 IOC

Zero Day Initiative →

Wordfence Blog Vulnerability Disclosure WordPress Feb 10

800,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in WPvivid Backup WordPress Plugin

On January 12th, 2026, we received a submission for an Arbitrary File Upload vulnerability in WPvivid Backup, a WordPress plugin with more than 800,000 activ...

T1190

Wordfence Blog →

Infosecurity Magazine Vulnerability Disclosure Feb 9

New Zero-Click Flaw in Claude Desktop Extensions, Anthropic Declines Fix

Security researchers from LayerX identified a new flaw in 50 Claude Desktop Extensions that could lead to unauthorized remote code execution

T1190

Infosecurity Magazine →

Zero Day Initiative CVE Adobe Feb 6

ZDI-26-070: Adobe ColdFusion CAR File Parsing Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe ColdFusion. Authentication is required to exploit thi...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 6

ZDI-26-069: (0Day) Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xmind. User interaction is required to exploit this vulnera...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 5

ZDI-26-066: (Pwn2Own) Lexmark CX532adwe getCFFNames Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX532adwe printers. Authentication is not...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 5

ZDI-26-065: (Pwn2Own) Lexmark CX532adwe usecmap Type Confusion Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX532adwe printers. Authentication is not...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 5

ZDI-26-064: (Pwn2Own) Lexmark CX532adwe execuserobject Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX532adwe printers. Authentication is not...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 5

ZDI-26-063: (Pwn2Own) Lexmark CX532adwe libesffls Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX532adwe printers. Authentication is not...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Check Point NVIDIA Feb 4

ZDI-26-060: NVIDIA Megatron-LM load_base_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NVIDIA Megatron-LM. User interaction is required to exploit...

T1190 1 IOC

Zero Day Initiative →

Exploit Database Vulnerability Disclosure Feb 4

[webapps] FortiWeb Fabric Connector 7.6.x - SQL Injection to Remote Code Execution

FortiWeb Fabric Connector 7.6.

T1190

Exploit Database →

Zero Day Initiative CVE Feb 3

ZDI-26-058: AzeoTech DAQFactory Pro CTL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AzeoTech DAQFactory. User interaction is required to exploi...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apple Oracle Feb 3

ZDI-26-057: Apple Safari JavaScriptCore FTL New Array Materialization Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this ...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 2

ZDI-26-055: Progress Software Kemp LoadMaster addapikey Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication...

T1190 T1059 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 2

ZDI-26-054: Progress Software Kemp LoadMaster delapikey OS Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is requir...

T1190 T1059 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 2

ZDI-26-053: Progress Software Kemp LoadMaster listapikeys Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication...

T1190 T1059 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 2

ZDI-26-052: Progress Software Kemp LoadMaster getcipherset Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication...

T1190 T1059 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 2

ZDI-26-051: Progress Software Kemp LoadMaster delcert Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication...

T1190 T1059 1 IOC

Zero Day Initiative →

Discovery

T1046 Network Service Discovery

Lateral Movement

T1021 Remote Services

Command and Control

T1071 Application Layer Protocol T1573 Encrypted Channel T1572 Protocol Tunneling

Exfiltration

T1041 Exfiltration Over C2 Channel T1567 Exfiltration Over Web Service

Impact

T1486 Data Encrypted for Impact T1489 Service Stop T1498 Network Denial of Service T1491 Defacement T1529 System Shutdown/Reboot

Resource Development

T1583 Acquire Infrastructure T1588 Obtain Capabilities

Reconnaissance

T1592 Gather Victim Host Information T1598 Phishing for Information

MITRE ATT&CK Mapping

T1190 — Exploit Public-Facing Application (Initial Access)

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Command and Control

Exfiltration

Impact

Resource Development

Reconnaissance