{"metadata": {"count": 32, "page": 1, "per_page": 100}, "data": [{"uuid": "90740855-a2b8-4f16-b41e-2dac516da525", "vulnerability": {"vulnId": "CVE-2026-1731", "altId": []}, "gcve": {"origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd", "gna": 1, "object_uuid": "90740855-a2b8-4f16-b41e-2dac516da525"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-04T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-04T00:00:00+00:00", "recorded_at": "2026-06-04T13:00:01+00:00", "first_seen_at": "2026-06-04T00:00:00+00:00"}, "scope": {"notes": "Affected: BeyondTrust / Remote Support (RS), Privileged Remote Access (PRA) | Description: Critical pre-authentication RCE vulnerability. | CWEs: CWE-78 | Origin source: NCSC-FI | Notes: https://www.beyondtrust.com/trust-center/security-advisories/bt26-02"}, "evidence": [{"type": "csirt_report", "source": "enisa-cnw-kev", "signal": "successful_exploitation", "confidence": 0.75, "details": {"cwes": "CWE-78", "euvd": "EUVD-2026-5559", "notes": "https://www.beyondtrust.com/trust-center/security-advisories/bt26-02", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV JSON", "product": "Remote Support (RS), Privileged Remote Access (PRA)", "dateReported": "2026/06/04", "originSource": "NCSC-FI", "vendorProject": "BeyondTrust", "exploitationType": "-", "vulnerabilityName": "", "threatActorsExploiting": "-"}}], "references": [{"id": "CVE-2026-1731", "url": "https://www.cve.org/CVERecord?id=CVE-2026-1731"}, {"id": "EUVD-2026-5559", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-5559"}, {"id": "source", "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt26-02"}]}, {"uuid": "fb1475de-64e4-4e31-b792-e7e8c7a54664", "vulnerability": {"vulnId": "CVE-2026-41940", "altId": []}, "gcve": {"origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd", "gna": 1, "object_uuid": "fb1475de-64e4-4e31-b792-e7e8c7a54664"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-08T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-05-08T00:00:00+00:00", "recorded_at": "2026-05-21T09:12:39+00:00", "first_seen_at": "2026-05-08T00:00:00+00:00"}, "scope": {"notes": "Affected: WebPros / cPanel | Description: cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel. | Exploitation type: ransomware | CWEs: CWE-306 | Origin source: CERT-PL | Notes: https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026"}, "evidence": [{"type": "csirt_report", "source": "enisa-cnw-kev", "signal": "confirmed_compromise", "confidence": 0.75, "details": {"cwes": "CWE-306", "euvd": "EUVD-2026-26246", "notes": "https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV JSON", "product": "cPanel", "dateReported": "2026/05/08", "originSource": "CERT-PL", "vendorProject": "WebPros", "exploitationType": "ransomware", "vulnerabilityName": "", "threatActorsExploiting": "-"}}], "references": [{"id": "CVE-2026-41940", "url": "https://www.cve.org/CVERecord?id=CVE-2026-41940"}, {"id": "EUVD-2026-26246", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-26246"}, {"id": "source", "url": "https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026"}]}, {"uuid": "e84af7cd-02da-4301-b8a0-57972586d980", "vulnerability": {"vulnId": "CVE-2024-42009", "altId": []}, "gcve": {"origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd", "gna": 1, "object_uuid": "e84af7cd-02da-4301-b8a0-57972586d980"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-27T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-04-27T00:00:00+00:00", "recorded_at": "2026-05-21T09:12:39+00:00", "first_seen_at": "2026-04-27T00:00:00+00:00"}, "scope": {"notes": "Affected: RoundCube / Webmail | Description: A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php. | Exploitation type: APT | Threat actors: UNC1151 | CWEs: CWE-79 | Origin source: CERT-PL | Notes: https://cert.pl/en/posts/2025/06/unc1151-campaign-roundcube/"}, "evidence": [{"type": "csirt_report", "source": "enisa-cnw-kev", "signal": "successful_exploitation", "confidence": 0.75, "details": {"cwes": "CWE-79", "euvd": "EUVD-2024-39391", "notes": "https://cert.pl/en/posts/2025/06/unc1151-campaign-roundcube/", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV JSON", "product": "Webmail", "dateReported": "2026/04/27", "originSource": "CERT-PL", "vendorProject": "RoundCube", "exploitationType": "APT", "vulnerabilityName": "", "threatActorsExploiting": "UNC1151"}}], "references": [{"id": "CVE-2024-42009", "url": "https://www.cve.org/CVERecord?id=CVE-2024-42009"}, {"id": "EUVD-2024-39391", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-39391"}, {"id": "source", "url": "https://cert.pl/en/posts/2025/06/unc1151-campaign-roundcube/"}]}, {"uuid": "86a07958-6869-455d-a95f-2d0bedd78001", "vulnerability": {"vulnId": "CVE-2025-4427", "altId": []}, "gcve": {"origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd", "gna": 1, "object_uuid": "86a07958-6869-455d-a95f-2d0bedd78001"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-08T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-04-08T00:00:00+00:00", "recorded_at": "2026-06-05T16:57:54+00:00", "first_seen_at": "2026-04-08T00:00:00+00:00"}, "scope": {"notes": "Affected: Ivanti / Endpoint Manager Mobile (EPMM) | Description: Medium severity vulnerability. Successful exploitation may lead to unauthenticated remote code execution when chained together with CVE-2025-4428. | Exploitation type: APT | Threat actors: unknown | CWEs: CWE-288 | Origin source: cnw | Notes: https://ccb.belgium.be/advisories/warning-actively-exploited-zero-day-vulnerabilities-ivanti-endpoint-manager-mobile-epmm"}, "evidence": [{"type": "csirt_report", "source": "enisa-cnw-kev", "signal": "successful_exploitation", "confidence": 0.75, "details": {"cwes": "CWE-288", "euvd": "EUVD-2025-14388", "notes": "https://ccb.belgium.be/advisories/warning-actively-exploited-zero-day-vulnerabilities-ivanti-endpoint-manager-mobile-epmm", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV JSON", "product": "Endpoint Manager Mobile (EPMM)", "dateReported": "2026/04/08", "originSource": "cnw", "vendorProject": "Ivanti", "exploitationType": "APT", "vulnerabilityName": "-", "threatActorsExploiting": "unknown"}}], "references": [{"id": "CVE-2025-4427", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4427"}, {"id": "EUVD-2025-14388", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-14388"}, {"id": "source", "url": "https://ccb.belgium.be/advisories/warning-actively-exploited-zero-day-vulnerabilities-ivanti-endpoint-manager-mobile-epmm"}]}, {"uuid": "fe0059d8-6b86-4e56-99cf-a4411838fa90", "vulnerability": {"vulnId": "CVE-2025-55182", "altId": []}, "gcve": {"origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd", "gna": 1, "object_uuid": "fe0059d8-6b86-4e56-99cf-a4411838fa90"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-08T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-04-08T00:00:00+00:00", "recorded_at": "2026-06-05T17:04:13+00:00", "first_seen_at": "2026-04-08T00:00:00+00:00"}, "scope": {"notes": "Affected: Meta / React Server Components | Description: Flaw in how React decodes payloads sent to React Server Function endpoints enabled unauthenticated remote code execution. Apps supporting React Server Components may still be vulnerable even if not implementing any React Server Function endpoints. | Exploitation type: APT | Threat actors: unknown | Origin source: cnw | Notes: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components#update-instructions"}, "evidence": [{"type": "csirt_report", "source": "enisa-cnw-kev", "signal": "successful_exploitation", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2025-2009839", "notes": "https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components#update-instructions", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV JSON", "product": "React Server Components", "dateReported": "2026/04/08", "originSource": "cnw", "vendorProject": "Meta", "exploitationType": "APT", "vulnerabilityName": "-", "threatActorsExploiting": "unknown"}}], "references": [{"id": "CVE-2025-55182", "url": "https://www.cve.org/CVERecord?id=CVE-2025-55182"}, {"id": "EUVD-2025-2009839", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-2009839"}, {"id": "source", "url": "https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components#update-instructions"}]}, {"uuid": "50e9db76-374f-4d94-9409-2a9f835f79cf", "vulnerability": {"vulnId": "CVE-2025-22457", "altId": []}, "gcve": {"origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd", "gna": 1, "object_uuid": "50e9db76-374f-4d94-9409-2a9f835f79cf"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-08T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-04-08T00:00:00+00:00", "recorded_at": "2026-06-05T16:57:54+00:00", "first_seen_at": "2026-04-08T00:00:00+00:00"}, "scope": {"notes": "Affected: Ivanti / Ivanti Connect Secure | Description: Evidence of active exploitation in the wild against ICS 9.X (end of life) and 22.7R2.5 and earlier versions since April 2025. | Threat actors: unknown | Origin source: cnw"}, "evidence": [{"type": "csirt_report", "source": "enisa-cnw-kev", "signal": "successful_exploitation", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2025-9646", "notes": "-", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV JSON", "product": "Ivanti Connect Secure", "dateReported": "2026/04/08", "originSource": "cnw", "vendorProject": "Ivanti", "exploitationType": "-", "vulnerabilityName": "-", "threatActorsExploiting": "unknown"}}], "references": [{"id": "CVE-2025-22457", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22457"}, {"id": "EUVD-2025-9646", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-9646"}]}, {"uuid": "a7fed5c7-7888-4f6c-9c25-3b07f4d80b84", "vulnerability": {"vulnId": "CVE-2025-4428", "altId": []}, "gcve": {"origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd", "gna": 1, "object_uuid": "a7fed5c7-7888-4f6c-9c25-3b07f4d80b84"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-08T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-04-08T00:00:00+00:00", "recorded_at": "2026-06-05T16:57:54+00:00", "first_seen_at": "2026-04-08T00:00:00+00:00"}, "scope": {"notes": "Affected: Ivanti / Endpoint Manager Mobile (EPMM) | Description: High severity vulnerability. Successful exploitation may lead to unauthenticated remote code execution when chained together with CVE-2025-4427. | Exploitation type: APT | Threat actors: unknown | CWEs: CWE-94 | Origin source: cnw | Notes: https://ccb.belgium.be/advisories/warning-actively-exploited-zero-day-vulnerabilities-ivanti-endpoint-manager-mobile-epmm"}, "evidence": [{"type": "csirt_report", "source": "enisa-cnw-kev", "signal": "successful_exploitation", "confidence": 0.75, "details": {"cwes": "CWE-94", "euvd": "EUVD-2025-14387", "notes": "https://ccb.belgium.be/advisories/warning-actively-exploited-zero-day-vulnerabilities-ivanti-endpoint-manager-mobile-epmm", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV JSON", "product": "Endpoint Manager Mobile (EPMM)", "dateReported": "2026/04/08", "originSource": "cnw", "vendorProject": "Ivanti", "exploitationType": "APT", "vulnerabilityName": "-", "threatActorsExploiting": "unknown"}}], "references": [{"id": "CVE-2025-4428", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4428"}, {"id": "EUVD-2025-14387", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-14387"}, {"id": "source", "url": "https://ccb.belgium.be/advisories/warning-actively-exploited-zero-day-vulnerabilities-ivanti-endpoint-manager-mobile-epmm"}]}, {"uuid": "82892979-15e4-4cb2-83f1-771e29f9e78e", "vulnerability": {"vulnId": "CVE-2025-53770", "altId": []}, "gcve": {"origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd", "gna": 1, "object_uuid": "82892979-15e4-4cb2-83f1-771e29f9e78e"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-08T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-04-08T00:00:00+00:00", "recorded_at": "2026-06-05T17:04:13+00:00", "first_seen_at": "2026-04-08T00:00:00+00:00"}, "scope": {"notes": "Affected: Microsoft / SharePoint | Description: Microsoft confirmation of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update. | Exploitation type: APT | Threat actors: unknown | CWEs: CWE-502 | Origin source: cnw | Notes: https://www.microsoft.com/en-us/msrc/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770"}, "evidence": [{"type": "csirt_report", "source": "enisa-cnw-kev", "signal": "successful_exploitation", "confidence": 0.75, "details": {"cwes": "CWE-502", "euvd": "EUVD-2025-23309", "notes": "https://www.microsoft.com/en-us/msrc/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV JSON", "product": "SharePoint", "dateReported": "2026/04/08", "originSource": "cnw", "vendorProject": "Microsoft", "exploitationType": "APT", "vulnerabilityName": "-", "threatActorsExploiting": "unknown"}}], "references": [{"id": "CVE-2025-53770", "url": "https://www.cve.org/CVERecord?id=CVE-2025-53770"}, {"id": "EUVD-2025-23309", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-23309"}, {"id": "source", "url": "https://www.microsoft.com/en-us/msrc/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770"}]}, {"uuid": "3ee8b94d-e3a5-4b6b-af02-e4b82bc805c0", "vulnerability": {"vulnId": "CVE-2026-20963", "altId": []}, "gcve": {"origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd", "gna": 1, "object_uuid": "3ee8b94d-e3a5-4b6b-af02-e4b82bc805c0"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-12T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-03-12T00:00:00+00:00", "recorded_at": "2026-05-21T09:12:39+00:00", "first_seen_at": "2026-03-12T00:00:00+00:00"}, "scope": {"notes": "Affected: Microsoft / Microsoft SharePoint | Description: Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | CWEs: CWE-502 | Origin source: cnw | Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20963"}, "evidence": [{"type": "csirt_report", "source": "enisa-cnw-kev", "signal": "successful_exploitation", "confidence": 0.75, "details": {"cwes": "CWE-502", "euvd": "EUVD-2026-2114", "notes": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20963", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV JSON", "product": "Microsoft SharePoint", "dateReported": "2026/03/12", "originSource": "cnw", "vendorProject": "Microsoft", "exploitationType": "-", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}], "references": [{"id": "CVE-2026-20963", "url": "https://www.cve.org/CVERecord?id=CVE-2026-20963"}, {"id": "EUVD-2026-2114", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-2114"}, {"id": "source", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20963"}]}, {"uuid": "f5f12089-1981-4f86-a1b0-1e5f41121766", "vulnerability": {"vulnId": "CVE-2026-1281", "altId": []}, "gcve": {"origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd", "gna": 1, "object_uuid": "f5f12089-1981-4f86-a1b0-1e5f41121766"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-29T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-01-29T00:00:00+00:00", "recorded_at": "2026-06-05T16:57:54+00:00", "first_seen_at": "2026-01-29T00:00:00+00:00"}, "scope": {"notes": "Affected: Ivanti / Endpoint Manager Mobile (EPMM) | Description: A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution. | Threat actors: unknown | Origin source: cnw | Notes: https://www.ncsc.nl/alert/casus-kwetsbaarheden-ivanti-epmm-systemen"}, "evidence": [{"type": "csirt_report", "source": "enisa-cnw-kev", "signal": "successful_exploitation", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2026-4940", "notes": "https://www.ncsc.nl/alert/casus-kwetsbaarheden-ivanti-epmm-systemen", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV JSON", "product": "Endpoint Manager Mobile (EPMM)", "dateReported": "2026/01/29", "originSource": "cnw", "vendorProject": "Ivanti", "exploitationType": "-", "vulnerabilityName": "-", "threatActorsExploiting": "unknown"}}], "references": [{"id": "CVE-2026-1281", "url": "https://www.cve.org/CVERecord?id=CVE-2026-1281"}, {"id": "EUVD-2026-4940", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-4940"}, {"id": "source", "url": "https://www.ncsc.nl/alert/casus-kwetsbaarheden-ivanti-epmm-systemen"}]}, {"uuid": "734f0aa2-c5cb-4c57-b52e-ccb210ded20a", "vulnerability": {"vulnId": "CVE-2026-1340", "altId": []}, "gcve": {"origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd", "gna": 1, "object_uuid": "734f0aa2-c5cb-4c57-b52e-ccb210ded20a"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-29T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-01-29T00:00:00+00:00", "recorded_at": "2026-06-05T16:57:54+00:00", "first_seen_at": "2026-01-29T00:00:00+00:00"}, "scope": {"notes": "Affected: Ivanti / Endpoint Manager Mobile (EPMM) | Description: A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution. | Threat actors: unknown | Origin source: cnw | Notes: https://www.ncsc.nl/alert/casus-kwetsbaarheden-ivanti-epmm-systemen"}, "evidence": [{"type": "csirt_report", "source": "enisa-cnw-kev", "signal": "successful_exploitation", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2026-4936", "notes": "https://www.ncsc.nl/alert/casus-kwetsbaarheden-ivanti-epmm-systemen", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV JSON", "product": "Endpoint Manager Mobile (EPMM)", "dateReported": "2026/01/29", "originSource": "cnw", "vendorProject": "Ivanti", "exploitationType": "-", "vulnerabilityName": "-", "threatActorsExploiting": "unknown"}}], "references": [{"id": "CVE-2026-1340", "url": "https://www.cve.org/CVERecord?id=CVE-2026-1340"}, {"id": "EUVD-2026-4936", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-4936"}, {"id": "source", "url": "https://www.ncsc.nl/alert/casus-kwetsbaarheden-ivanti-epmm-systemen"}]}, {"uuid": "72a4c326-01d1-4402-9066-c627e68d6840", "vulnerability": {"vulnId": "CVE-2025-59718", "altId": []}, "gcve": {"origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd", "gna": 1, "object_uuid": "72a4c326-01d1-4402-9066-c627e68d6840"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-27T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-01-27T00:00:00+00:00", "recorded_at": "2026-06-05T16:57:54+00:00", "first_seen_at": "2026-01-27T00:00:00+00:00"}, "scope": {"notes": "Affected: Fortinet / FortiOS,FortiProxy,FortiSwitchManager | Description: A improper verification of cryptographic signature vulnerability in Fortinet FortiOS, FortiProxy, FortiSwitchManager allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message. | Threat actors: unknown | Origin source: CERT-AT | Notes: https://www.cert.at/en/blog/2026/1/threat-actors-use-forticloud-to-collect-ldap-connection-passwords, https://www.cert.at/en/blog/2026/1/look-at-forticloud-sso-bypass-exploitation"}, "evidence": [{"type": "csirt_report", "source": "enisa-cnw-kev", "signal": "successful_exploitation", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2025-202198", "notes": "https://www.cert.at/en/blog/2026/1/threat-actors-use-forticloud-to-collect-ldap-connection-passwords, https://www.cert.at/en/blog/2026/1/look-at-forticloud-sso-bypass-exploitation", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV JSON", "product": "FortiOS,FortiProxy,FortiSwitchManager", "dateReported": "2026/01/27", "originSource": "CERT-AT", "vendorProject": "Fortinet", "exploitationType": "-", "vulnerabilityName": "-", "threatActorsExploiting": "unknown"}}], "references": [{"id": "CVE-2025-59718", "url": "https://www.cve.org/CVERecord?id=CVE-2025-59718"}, {"id": "EUVD-2025-202198", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-202198"}, {"id": "source", "url": "https://www.cert.at/en/blog/2026/1/threat-actors-use-forticloud-to-collect-ldap-connection-passwords"}, {"id": "source", "url": "https://www.cert.at/en/blog/2026/1/look-at-forticloud-sso-bypass-exploitation"}]}, {"uuid": "9627e455-2d52-4f7e-b440-d05cb7913549", "vulnerability": {"vulnId": "CVE-2025-59719", "altId": []}, "gcve": {"origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd", "gna": 1, "object_uuid": "9627e455-2d52-4f7e-b440-d05cb7913549"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-27T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-01-27T00:00:00+00:00", "recorded_at": "2026-06-05T16:57:54+00:00", "first_seen_at": "2026-01-27T00:00:00+00:00"}, "scope": {"notes": "Affected: Fortinet / Fortiweb | Description: An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message. | Threat actors: unknown | Origin source: CERT-AT | Notes: https://www.cert.at/en/blog/2026/1/threat-actors-use-forticloud-to-collect-ldap-connection-passwords, https://www.cert.at/en/blog/2026/1/look-at-forticloud-sso-bypass-exploitation"}, "evidence": [{"type": "csirt_report", "source": "enisa-cnw-kev", "signal": "successful_exploitation", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2025-202191", "notes": "https://www.cert.at/en/blog/2026/1/threat-actors-use-forticloud-to-collect-ldap-connection-passwords, https://www.cert.at/en/blog/2026/1/look-at-forticloud-sso-bypass-exploitation", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV JSON", "product": "Fortiweb", "dateReported": "2026/01/27", "originSource": "CERT-AT", "vendorProject": "Fortinet", "exploitationType": "-", "vulnerabilityName": "-", "threatActorsExploiting": "unknown"}}], "references": [{"id": "CVE-2025-59719", "url": "https://www.cve.org/CVERecord?id=CVE-2025-59719"}, {"id": "EUVD-2025-202191", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-202191"}, {"id": "source", "url": "https://www.cert.at/en/blog/2026/1/threat-actors-use-forticloud-to-collect-ldap-connection-passwords"}, {"id": "source", "url": "https://www.cert.at/en/blog/2026/1/look-at-forticloud-sso-bypass-exploitation"}]}, {"uuid": "05b3e48c-916b-4493-ae63-3ce938d3d01f", "vulnerability": {"vulnId": "CVE-2025-25231", "altId": []}, "gcve": {"origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd", "object_uuid": "05b3e48c-916b-4493-ae63-3ce938d3d01f"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-09T00:00:00+00:00"}, "timestamps": {"asserted_at": "2025-09-09T00:00:00+00:00", "recorded_at": "2026-02-02T12:25:26+00:00", "first_seen_at": "2025-09-09T00:00:00+00:00"}, "scope": {"notes": "Affected: Omnissa / Omnissa Workspace ONE UEM | Description: Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. A malicious actor may be able to gain access to sensitive information by sending crafted GET requests (read-only) to restricted API endpoints | Origin source: CERT-PL | Notes: https://moje.cert.pl/komunikaty/2025/29/aktywnie-wykorzystywana-krytyczna-podatnosc-w-narzedziu-omnissa-workspace-one-uem-airwatch-mdm/"}, "evidence": [{"type": "csirt_report", "source": "enisa-cnw-kev", "signal": "successful_exploitation", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2025-24160", "notes": "https://moje.cert.pl/komunikaty/2025/29/aktywnie-wykorzystywana-krytyczna-podatnosc-w-narzedziu-omnissa-workspace-one-uem-airwatch-mdm/", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "Omnissa Workspace ONE UEM", "dateReported": "09/09/25", "originSource": "CERT-PL", "vendorProject": "Omnissa", "exploitationType": "-", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}], "references": [{"id": "CVE-2025-25231", "url": "https://www.cve.org/CVERecord?id=CVE-2025-25231"}, {"id": "EUVD-2025-24160", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-24160"}, {"id": "source", "url": "https://moje.cert.pl/komunikaty/2025/29/aktywnie-wykorzystywana-krytyczna-podatnosc-w-narzedziu-omnissa-workspace-one-uem-airwatch-mdm/"}]}, {"uuid": "b9f8f3b7-d580-4894-a55a-6a0afcfb366f", "vulnerability": {"vulnId": "CVE-2025-6543", "altId": []}, "gcve": {"origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd", "object_uuid": "b9f8f3b7-d580-4894-a55a-6a0afcfb366f"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-18T00:00:00+00:00"}, "timestamps": {"asserted_at": "2025-07-18T00:00:00+00:00", "recorded_at": "2026-02-02T12:25:26+00:00", "first_seen_at": "2025-07-18T00:00:00+00:00"}, "scope": {"notes": "Affected: Citrix / Citrix ADC and Citrix Gateway | Origin source: cnw"}, "evidence": [{"type": "csirt_report", "source": "enisa-cnw-kev", "signal": "successful_exploitation", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2025-19085", "notes": "-", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "Citrix ADC and Citrix Gateway", "dateReported": "18/07/25", "originSource": "cnw", "vendorProject": "Citrix", "exploitationType": "-", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}], "references": [{"id": "CVE-2025-6543", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6543"}, {"id": "EUVD-2025-19085", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-19085"}]}, {"uuid": "1df40635-1842-4b2a-9805-2b88953026d6", "vulnerability": {"vulnId": "CVE-2010-0738", "altId": []}, "gcve": {"origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd", "object_uuid": "1df40635-1842-4b2a-9805-2b88953026d6"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-14T00:00:00+00:00"}, "timestamps": {"asserted_at": "2025-07-14T00:00:00+00:00", "recorded_at": "2026-02-02T12:25:26+00:00", "first_seen_at": "2025-07-14T00:00:00+00:00"}, "scope": {"notes": "Affected: Red Hat / JBoss Application Server | Description: this management interface allows administrative operations to be performed without adequate access controls allowing a remote attacker to interact with the system in an unauthorized manner | Origin source: CERT Italia | Notes: https://www.acn.gov.it/portale/w/distribuzione-di-payload-malevoli-tramite-vulnerabilita-note"}, "evidence": [{"type": "csirt_report", "source": "enisa-cnw-kev", "signal": "successful_exploitation", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2010-0764", "notes": "https://www.acn.gov.it/portale/w/distribuzione-di-payload-malevoli-tramite-vulnerabilita-note", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "JBoss Application Server", "dateReported": "14/07/25", "originSource": "CERT Italia", "vendorProject": "Red Hat", "exploitationType": "-", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}], "references": [{"id": "CVE-2010-0738", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0738"}, {"id": "EUVD-2010-0764", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2010-0764"}, {"id": "source", "url": "https://www.acn.gov.it/portale/w/distribuzione-di-payload-malevoli-tramite-vulnerabilita-note"}]}, {"uuid": "8b30021e-4d23-4ec2-95e7-6fd1a039d016", "vulnerability": {"vulnId": "CVE-2017-12149", "altId": []}, "gcve": {"origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd", "object_uuid": "8b30021e-4d23-4ec2-95e7-6fd1a039d016"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-14T00:00:00+00:00"}, "timestamps": {"asserted_at": "2025-07-14T00:00:00+00:00", "recorded_at": "2026-02-02T12:25:26+00:00", "first_seen_at": "2025-07-14T00:00:00+00:00"}, "scope": {"notes": "Affected: Red Hat / JBoss Application Server | Description: the servlet exposes an endpoint that allows you to invoke Java Management Extensions (JMX) operations without any authentication or access control | Origin source: CERT Italia | Notes: https://www.acn.gov.it/portale/w/distribuzione-di-payload-malevoli-tramite-vulnerabilita-note"}, "evidence": [{"type": "csirt_report", "source": "enisa-cnw-kev", "signal": "successful_exploitation", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2017-3733", "notes": "https://www.acn.gov.it/portale/w/distribuzione-di-payload-malevoli-tramite-vulnerabilita-note", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "JBoss Application Server", "dateReported": "14/07/25", "originSource": "CERT Italia", "vendorProject": "Red Hat", "exploitationType": "-", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}], "references": [{"id": "CVE-2017-12149", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12149"}, {"id": "EUVD-2017-3733", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2017-3733"}, {"id": "source", "url": "https://www.acn.gov.it/portale/w/distribuzione-di-payload-malevoli-tramite-vulnerabilita-note"}]}, {"uuid": "657e89ab-9b5d-4cea-9802-901a5d6a8a8f", "vulnerability": {"vulnId": "CVE-2011-4085", "altId": []}, "gcve": {"origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd", "object_uuid": "657e89ab-9b5d-4cea-9802-901a5d6a8a8f"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-14T00:00:00+00:00"}, "timestamps": {"asserted_at": "2025-07-14T00:00:00+00:00", "recorded_at": "2026-02-02T12:25:26+00:00", "first_seen_at": "2025-07-14T00:00:00+00:00"}, "scope": {"notes": "Affected: Red Hat / JBoss Application Server | Description: some management interfaces remain accessible and lack effective access control mechanisms | Origin source: CERT Italia | Notes: https://www.acn.gov.it/portale/w/distribuzione-di-payload-malevoli-tramite-vulnerabilita-note"}, "evidence": [{"type": "csirt_report", "source": "enisa-cnw-kev", "signal": "successful_exploitation", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2011-4036", "notes": "https://www.acn.gov.it/portale/w/distribuzione-di-payload-malevoli-tramite-vulnerabilita-note", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "JBoss Application Server", "dateReported": "14/07/25", "originSource": "CERT Italia", "vendorProject": "Red Hat", "exploitationType": "-", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}], "references": [{"id": "CVE-2011-4085", "url": "https://www.cve.org/CVERecord?id=CVE-2011-4085"}, {"id": "EUVD-2011-4036", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2011-4036"}, {"id": "source", "url": "https://www.acn.gov.it/portale/w/distribuzione-di-payload-malevoli-tramite-vulnerabilita-note"}]}, {"uuid": "92514a5f-cc46-4260-98b3-291e440cf8b8", "vulnerability": {"vulnId": "CVE-2015-7501", "altId": []}, "gcve": {"origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd", "object_uuid": "92514a5f-cc46-4260-98b3-291e440cf8b8"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-14T00:00:00+00:00"}, "timestamps": {"asserted_at": "2025-07-14T00:00:00+00:00", "recorded_at": "2026-02-02T12:25:26+00:00", "first_seen_at": "2025-07-14T00:00:00+00:00"}, "scope": {"notes": "Affected: Apache / Commons Collections library | Description: the system accepts serialized objects without verifying their origin or reliability allowing an attacker to send specially crafted payloads that are then deserialized and executed | Origin source: CERT Italia | Notes: https://www.acn.gov.it/portale/w/distribuzione-di-payload-malevoli-tramite-vulnerabilita-note"}, "evidence": [{"type": "csirt_report", "source": "enisa-cnw-kev", "signal": "successful_exploitation", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2022-3799", "notes": "https://www.acn.gov.it/portale/w/distribuzione-di-payload-malevoli-tramite-vulnerabilita-note", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "Commons Collections library", "dateReported": "14/07/25", "originSource": "CERT Italia", "vendorProject": "Apache", "exploitationType": "-", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}], "references": [{"id": "CVE-2015-7501", "url": "https://www.cve.org/CVERecord?id=CVE-2015-7501"}, {"id": "EUVD-2022-3799", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-3799"}, {"id": "source", "url": "https://www.acn.gov.it/portale/w/distribuzione-di-payload-malevoli-tramite-vulnerabilita-note"}]}, {"uuid": "b3854230-7a18-4ebf-8495-19cc1b3dfa22", "vulnerability": {"vulnId": "CVE-2024-55591", "altId": []}, "gcve": {"origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd", "object_uuid": "b3854230-7a18-4ebf-8495-19cc1b3dfa22"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "timestamps": {"asserted_at": "2025-02-13T00:00:00+00:00", "recorded_at": "2026-02-02T12:25:26+00:00", "first_seen_at": "2025-02-13T00:00:00+00:00"}, "scope": {"notes": "Affected: Fortinet / FortiOS/FortiProxy | Description: authentication bypass using an alternate path or channel vulnerability | Exploitation type: ransomware | CWEs: CWE-288 | Origin source: cnw"}, "evidence": [{"type": "csirt_report", "source": "enisa-cnw-kev", "signal": "confirmed_compromise", "confidence": 0.75, "details": {"cwes": "CWE-288", "euvd": "EUVD-2024-52819", "notes": "-", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "FortiOS/FortiProxy", "dateReported": "13/02/25", "originSource": "cnw", "vendorProject": "Fortinet", "exploitationType": "ransomware", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}], "references": [{"id": "CVE-2024-55591", "url": "https://www.cve.org/CVERecord?id=CVE-2024-55591"}, {"id": "EUVD-2024-52819", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-52819"}]}, {"uuid": "f61b42b7-e6ee-412f-9e02-0aae72d1e58f", "vulnerability": {"vulnId": "CVE-2023-27997", "altId": []}, "gcve": {"origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd", "object_uuid": "f61b42b7-e6ee-412f-9e02-0aae72d1e58f"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-23T00:00:00+00:00"}, "timestamps": {"asserted_at": "2025-01-23T00:00:00+00:00", "recorded_at": "2026-02-02T12:25:26+00:00", "first_seen_at": "2025-01-23T00:00:00+00:00"}, "scope": {"notes": "Affected: Fortinet / FortiOS and FortiProxy | Exploitation type: ransomware | Origin source: cnw"}, "evidence": [{"type": "csirt_report", "source": "enisa-cnw-kev", "signal": "confirmed_compromise", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2023-31722", "notes": "-", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "FortiOS and FortiProxy", "dateReported": "23/01/25", "originSource": "cnw", "vendorProject": "Fortinet", "exploitationType": "ransomware", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}], "references": [{"id": "CVE-2023-27997", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27997"}, {"id": "EUVD-2023-31722", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-31722"}]}, {"uuid": "27723d1b-b435-4e44-909f-004191f29310", "vulnerability": {"vulnId": "CVE-2017-0144", "altId": []}, "gcve": {"origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd", "object_uuid": "27723d1b-b435-4e44-909f-004191f29310"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-23T00:00:00+00:00"}, "timestamps": {"asserted_at": "2025-01-23T00:00:00+00:00", "recorded_at": "2026-02-02T12:25:26+00:00", "first_seen_at": "2025-01-23T00:00:00+00:00"}, "scope": {"notes": "Affected: Microsoft / Windows (SMBv1 - EternalBlue) | Exploitation type: ransomware | Origin source: cnw"}, "evidence": [{"type": "csirt_report", "source": "enisa-cnw-kev", "signal": "confirmed_compromise", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2017-0511", "notes": "-", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "Windows (SMBv1 - EternalBlue)", "dateReported": "23/01/25", "originSource": "cnw", "vendorProject": "Microsoft", "exploitationType": "ransomware", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}], "references": [{"id": "CVE-2017-0144", "url": "https://www.cve.org/CVERecord?id=CVE-2017-0144"}, {"id": "EUVD-2017-0511", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2017-0511"}]}, {"uuid": "5873e633-6601-4ca3-a6df-21ceb6144ce2", "vulnerability": {"vulnId": "CVE-2023-3519", "altId": []}, "gcve": {"origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd", "object_uuid": "5873e633-6601-4ca3-a6df-21ceb6144ce2"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-23T00:00:00+00:00"}, "timestamps": {"asserted_at": "2025-01-23T00:00:00+00:00", "recorded_at": "2026-02-02T12:25:26+00:00", "first_seen_at": "2025-01-23T00:00:00+00:00"}, "scope": {"notes": "Affected: Citrix / Citrix ADC and Citrix Gateway | Exploitation type: ransomware | Origin source: cnw"}, "evidence": [{"type": "csirt_report", "source": "enisa-cnw-kev", "signal": "confirmed_compromise", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2023-44176", "notes": "-", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "Citrix ADC and Citrix Gateway", "dateReported": "23/01/25", "originSource": "cnw", "vendorProject": "Citrix", "exploitationType": "ransomware", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}], "references": [{"id": "CVE-2023-3519", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3519"}, {"id": "EUVD-2023-44176", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-44176"}]}, {"uuid": "aa8d5c88-3ff7-4f35-ac94-a52fe0af1d68", "vulnerability": {"vulnId": "CVE-2023-48788", "altId": []}, "gcve": {"origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd", "object_uuid": "aa8d5c88-3ff7-4f35-ac94-a52fe0af1d68"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-23T00:00:00+00:00"}, "timestamps": {"asserted_at": "2025-01-23T00:00:00+00:00", "recorded_at": "2026-02-02T12:25:26+00:00", "first_seen_at": "2025-01-23T00:00:00+00:00"}, "scope": {"notes": "Affected: Fortinet / FortiClientEMS | Exploitation type: ransomware | Origin source: cnw"}, "evidence": [{"type": "csirt_report", "source": "enisa-cnw-kev", "signal": "confirmed_compromise", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2023-52821", "notes": "-", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "FortiClientEMS", "dateReported": "23/01/25", "originSource": "cnw", "vendorProject": "Fortinet", "exploitationType": "ransomware", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}], "references": [{"id": "CVE-2023-48788", "url": "https://www.cve.org/CVERecord?id=CVE-2023-48788"}, {"id": "EUVD-2023-52821", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-52821"}]}, {"uuid": "83d4f3af-eb31-483b-8893-5114f7d170fe", "vulnerability": {"vulnId": "CVE-2023-46604", "altId": []}, "gcve": {"origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd", "object_uuid": "83d4f3af-eb31-483b-8893-5114f7d170fe"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-23T00:00:00+00:00"}, "timestamps": {"asserted_at": "2025-01-23T00:00:00+00:00", "recorded_at": "2026-02-02T12:25:26+00:00", "first_seen_at": "2025-01-23T00:00:00+00:00"}, "scope": {"notes": "Affected: Apache / ActiveMQ | Exploitation type: ransomware | Origin source: cnw"}, "evidence": [{"type": "csirt_report", "source": "enisa-cnw-kev", "signal": "confirmed_compromise", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2023-2719", "notes": "-", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "ActiveMQ", "dateReported": "23/01/25", "originSource": "cnw", "vendorProject": "Apache", "exploitationType": "ransomware", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}], "references": [{"id": "CVE-2023-46604", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46604"}, {"id": "EUVD-2023-2719", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-2719"}]}, {"uuid": "86cbdda0-193d-4704-a9ae-84f65cac147e", "vulnerability": {"vulnId": "CVE-2020-1472", "altId": []}, "gcve": {"origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd", "object_uuid": "86cbdda0-193d-4704-a9ae-84f65cac147e"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-23T00:00:00+00:00"}, "timestamps": {"asserted_at": "2025-01-23T00:00:00+00:00", "recorded_at": "2026-02-02T12:25:26+00:00", "first_seen_at": "2025-01-23T00:00:00+00:00"}, "scope": {"notes": "Affected: Microsoft / Netlogon (ZeroLogon) | Exploitation type: ransomware | Origin source: cnw"}, "evidence": [{"type": "csirt_report", "source": "enisa-cnw-kev", "signal": "confirmed_compromise", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2020-12346", "notes": "-", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "Netlogon (ZeroLogon)", "dateReported": "23/01/25", "originSource": "cnw", "vendorProject": "Microsoft", "exploitationType": "ransomware", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}], "references": [{"id": "CVE-2020-1472", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1472"}, {"id": "EUVD-2020-12346", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2020-12346"}]}, {"uuid": "c0b7ff50-0a0e-4188-883b-7a8ed93231ee", "vulnerability": {"vulnId": "CVE-2020-0787", "altId": []}, "gcve": {"origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd", "object_uuid": "c0b7ff50-0a0e-4188-883b-7a8ed93231ee"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-23T00:00:00+00:00"}, "timestamps": {"asserted_at": "2025-01-23T00:00:00+00:00", "recorded_at": "2026-02-02T12:25:26+00:00", "first_seen_at": "2025-01-23T00:00:00+00:00"}, "scope": {"notes": "Affected: Microsoft / Windows BITS26 | Exploitation type: ransomware | Origin source: cnw"}, "evidence": [{"type": "csirt_report", "source": "enisa-cnw-kev", "signal": "confirmed_compromise", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2020-2274", "notes": "-", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "Windows BITS26", "dateReported": "23/01/25", "originSource": "cnw", "vendorProject": "Microsoft", "exploitationType": "ransomware", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}], "references": [{"id": "CVE-2020-0787", "url": "https://www.cve.org/CVERecord?id=CVE-2020-0787"}, {"id": "EUVD-2020-2274", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2020-2274"}]}, {"uuid": "dfdef7f2-d2d7-466c-a13a-0e88f69d1165", "vulnerability": {"vulnId": "CVE-2023-22515", "altId": []}, "gcve": {"origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd", "object_uuid": "dfdef7f2-d2d7-466c-a13a-0e88f69d1165"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-23T00:00:00+00:00"}, "timestamps": {"asserted_at": "2025-01-23T00:00:00+00:00", "recorded_at": "2026-02-02T12:25:26+00:00", "first_seen_at": "2025-01-23T00:00:00+00:00"}, "scope": {"notes": "Affected: Atlassian / Confluence Server and Data Server | Exploitation type: ransomware | Origin source: cnw"}, "evidence": [{"type": "csirt_report", "source": "enisa-cnw-kev", "signal": "confirmed_compromise", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2023-26655", "notes": "-", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "Confluence Server and Data Server", "dateReported": "23/01/25", "originSource": "cnw", "vendorProject": "Atlassian", "exploitationType": "ransomware", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}], "references": [{"id": "CVE-2023-22515", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22515"}, {"id": "EUVD-2023-26655", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-26655"}]}, {"uuid": "f3947f08-c4c3-414a-9487-00f64564c00e", "vulnerability": {"vulnId": "CVE-2023-46747", "altId": []}, "gcve": {"origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd", "object_uuid": "f3947f08-c4c3-414a-9487-00f64564c00e"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-23T00:00:00+00:00"}, "timestamps": {"asserted_at": "2025-01-23T00:00:00+00:00", "recorded_at": "2026-02-02T12:25:26+00:00", "first_seen_at": "2025-01-23T00:00:00+00:00"}, "scope": {"notes": "Affected: F5 / BIG-IP | Exploitation type: ransomware | Origin source: cnw"}, "evidence": [{"type": "csirt_report", "source": "enisa-cnw-kev", "signal": "confirmed_compromise", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2023-50916", "notes": "-", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "BIG-IP", "dateReported": "23/01/25", "originSource": "cnw", "vendorProject": "F5", "exploitationType": "ransomware", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}], "references": [{"id": "CVE-2023-46747", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46747"}, {"id": "EUVD-2023-50916", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-50916"}]}, {"uuid": "55fe7259-646b-4f0c-9d71-1c1d4a78fd82", "vulnerability": {"vulnId": "CVE-2024-9380", "altId": []}, "gcve": {"origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd", "object_uuid": "55fe7259-646b-4f0c-9d71-1c1d4a78fd82"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-17T00:00:00+00:00"}, "timestamps": {"asserted_at": "2025-01-17T00:00:00+00:00", "recorded_at": "2026-02-02T12:25:26+00:00", "first_seen_at": "2025-01-17T00:00:00+00:00"}, "scope": {"notes": "Affected: Ivanti / CSA (Cloud Services Appliance) | Origin source: cnw"}, "evidence": [{"type": "csirt_report", "source": "enisa-cnw-kev", "signal": "successful_exploitation", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2024-49898", "notes": "-", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "CSA (Cloud Services Appliance)", "dateReported": "17/01/25", "originSource": "cnw", "vendorProject": "Ivanti", "exploitationType": "-", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}], "references": [{"id": "CVE-2024-9380", "url": "https://www.cve.org/CVERecord?id=CVE-2024-9380"}, {"id": "EUVD-2024-49898", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-49898"}]}, {"uuid": "2e099b58-c9fb-402c-a1ef-ee0ee9de6e95", "vulnerability": {"vulnId": "CVE-2024-8963", "altId": []}, "gcve": {"origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd", "object_uuid": "2e099b58-c9fb-402c-a1ef-ee0ee9de6e95"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-17T00:00:00+00:00"}, "timestamps": {"asserted_at": "2025-01-17T00:00:00+00:00", "recorded_at": "2026-02-02T12:25:26+00:00", "first_seen_at": "2025-01-17T00:00:00+00:00"}, "scope": {"notes": "Affected: Ivanti / CSA (Cloud Services Appliance) | Origin source: cnw"}, "evidence": [{"type": "csirt_report", "source": "enisa-cnw-kev", "signal": "successful_exploitation", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2024-49510", "notes": "-", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "CSA (Cloud Services Appliance)", "dateReported": "17/01/25", "originSource": "cnw", "vendorProject": "Ivanti", "exploitationType": "-", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}], "references": [{"id": "CVE-2024-8963", "url": "https://www.cve.org/CVERecord?id=CVE-2024-8963"}, {"id": "EUVD-2024-49510", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-49510"}]}, {"uuid": "2c520710-e341-474e-9210-34502993e761", "vulnerability": {"vulnId": "CVE-2024-8190", "altId": []}, "gcve": {"origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd", "object_uuid": "2c520710-e341-474e-9210-34502993e761"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-17T00:00:00+00:00"}, "timestamps": {"asserted_at": "2025-01-17T00:00:00+00:00", "recorded_at": "2026-02-02T12:25:26+00:00", "first_seen_at": "2025-01-17T00:00:00+00:00"}, "scope": {"notes": "Affected: Ivanti / CSA (Cloud Services Appliance) | Origin source: cnw"}, "evidence": [{"type": "csirt_report", "source": "enisa-cnw-kev", "signal": "successful_exploitation", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2024-49004", "notes": "-", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "CSA (Cloud Services Appliance)", "dateReported": "17/01/25", "originSource": "cnw", "vendorProject": "Ivanti", "exploitationType": "-", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}], "references": [{"id": "CVE-2024-8190", "url": "https://www.cve.org/CVERecord?id=CVE-2024-8190"}, {"id": "EUVD-2024-49004", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-49004"}]}]}