MITRE ATT&CK — FreeIntelHub

T1190 — Exploit Public-Facing Application (Initial Access)

256 articles found

Zero Day Initiative CVE Apr 15

ZDI-26-290: NI LabVIEW LVLIB File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI LabVIEW. User interaction is required to exploit this vu...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 15

ZDI-26-283: GStreamer qtdemux Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exp...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 15

ZDI-26-282: GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerab...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 15

ZDI-26-280: (Pwn2Own) HP DeskJet 2855e JobStatusEvent Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP DeskJet 2855e printers. Authentication is not ...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Microsoft Apr 15

ZDI-26-279: Microsoft Windows Snipping Tool Improper Input Validation Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit ...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative Vulnerability Disclosure Microsoft Apr 15

ZDI-26-275: Microsoft Qlib _mount_nfs_uri Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Microsoft Qlib. Authentication is not required to...

T1190 T1059

Zero Day Initiative →

Zero Day Initiative Vulnerability Disclosure Microsoft Apr 15

ZDI-26-274: Microsoft Qlib fit Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Qlib. User interaction is required to exploit thi...

T1190

Zero Day Initiative →

Zero Day Initiative Vulnerability Disclosure Microsoft Apr 15

ZDI-26-273: Microsoft Olive Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Olive. User interaction is required to exploit th...

T1190

Zero Day Initiative →

Zero Day Initiative CVE Trend Micro Apr 15

ZDI-26-270: TrendAI Apex One Console Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentication is not required to exp...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Trend Micro Apr 15

ZDI-26-269: TrendAI Apex One Console Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentication is not required to exp...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Fortinet Apr 15

ZDI-26-266: Fortinet FortiWeb cat_cgi_paths Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiWeb. Authentication is required to exploit th...

T1190 1 IOC

Zero Day Initiative →

Krebs on Security Zero-Day Microsoft Google Adobe Apr 14

Patch Tuesday, April 2026 Edition

Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a S...

T1190

Krebs on Security →

Wordfence Blog Vulnerability Disclosure Intel WordPress Apr 13

Attackers Actively Exploiting Critical Vulnerability in Kali Forms Plugin

On March 2nd, 2026, we received a submission through our Bug Bounty Program for a Remote Code Execution vulnerability in Kali Forms, a WordPress plugin with ...

T1190

Wordfence Blog →

Exploit Database Vulnerability Disclosure Apr 9

[webapps] React Server 19.2.0 - Remote Code Execution

React Server 19.2.

T1190

Exploit Database →

Exploit Database Vulnerability Disclosure Apr 9

[webapps] Jumbo Website Manager - Remote Code Execution

Jumbo Website Manager - Remote Code Execution

T1190

Exploit Database →

Exploit Database Vulnerability Disclosure Apr 8

[webapps] FortiWeb 8.0.2 - Remote Code Execution

FortiWeb 8.0.

T1190

Exploit Database →

Wordfence Blog Vulnerability Disclosure WordPress Apr 6

50,000 WordPress Sites affected by Arbitrary File Upload Vulnerability in Ninja Forms – File Upload WordPress Plugin

On January 8th, 2026, we received a submission for an Arbitrary File Upload vulnerability in Ninja Forms - File Upload, a WordPress plugin with an estimated ...

T1190

Wordfence Blog →

Zero Day Initiative CVE Apr 6

ZDI-26-257: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 6

ZDI-26-256: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 6

ZDI-26-255: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required...

T1190 1 IOC

Zero Day Initiative →

Discovery

T1046 Network Service Discovery

Lateral Movement

T1021 Remote Services

Command and Control

T1071 Application Layer Protocol T1573 Encrypted Channel T1572 Protocol Tunneling

Exfiltration

T1041 Exfiltration Over C2 Channel T1567 Exfiltration Over Web Service

Impact

T1486 Data Encrypted for Impact T1489 Service Stop T1498 Network Denial of Service T1491 Defacement T1529 System Shutdown/Reboot

Resource Development

T1583 Acquire Infrastructure T1588 Obtain Capabilities

Reconnaissance

T1592 Gather Victim Host Information T1598 Phishing for Information

MITRE ATT&CK Mapping

T1190 — Exploit Public-Facing Application (Initial Access)

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Command and Control

Exfiltration

Impact

Resource Development

Reconnaissance