CVEs, malware, and threat actor detections

CVE-2026-33829 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2026. Coverage centers on windows / process_creation.

CVE-2025-31324 is tracked here through 6 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2025. Coverage centers on webserver, linux / file_event, linux / process_creation +2.

CVE-2025-33053 is tracked here through 3 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2025. Coverage centers on windows / image_load, windows / process_access, windows / process_creation.

CVE-2025-53770 is tracked here through 3 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2025. Coverage centers on webserver, windows / file_event, windows / process_creation.

CVE-2025-55182 is tracked here through 2 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2025. Coverage centers on linux / process_creation, windows / process_creation.

CVE-2025-59287 is tracked here through 2 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2025. Coverage centers on windows / application, windows / process_creation.

CVE-2025-10035 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2025. Coverage centers on windows / process_creation.

CVE-2025-20333 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2025. Coverage centers on proxy.

CVE-2025-24054 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2025. Coverage centers on windows / file_event.

CVE-2025-30406 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2025. Coverage centers on windows / process_creation.

CVE-2025-31161 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2025. Coverage centers on windows / process_creation.

CVE-2025-32463 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2025. Coverage centers on linux / file_event.

CVE-2025-40551 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2025. Coverage centers on windows / process_creation.

CVE-2025-4427 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2025. Coverage centers on webserver.

CVE-2025-49144 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2025. Coverage centers on windows / process_creation.

CVE-2025-54309 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2025. Coverage centers on windows / process_creation.

CVE-2025-57788 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2025. Coverage centers on windows / process_creation.

CVE-2025-57790 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2025. Coverage centers on windows / process_creation.

CVE-2025-57791 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2025. Coverage centers on windows / process_creation.

CVE-2024-1709 is tracked here through 3 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2024. Coverage centers on webserver, windows / file_event, windows / security.

CVE-2024-1708 is tracked here through 2 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2024. Coverage centers on windows / file_event, windows / security.

CVE-2024-3400 is tracked here through 2 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2024. Coverage centers on paloalto / appliance / globalprotect, paloalto / file_event / globalprotect.

CVE-2024-37085 is tracked here through 2 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2024. Coverage centers on windows / process_creation, windows / security.

CVE-2024-1212 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2024. Coverage centers on webserver.

CVE-2024-3094 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2024. Coverage centers on linux / process_creation.

CVE-2024-35250 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2024. Coverage centers on windows / image_load.

CVE-2024-49113 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2024. Coverage centers on windows / application.

CVE-2024-50623 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2024. Coverage centers on windows / process_creation.

CVE-2023-36884 is tracked here through 6 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2023. Coverage centers on proxy, windows / file_event, windows / security.

CVE-2023-22518 is tracked here through 4 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2023. Coverage centers on linux / process_creation, proxy, webserver +1.

CVE-2023-4966 is tracked here through 4 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2023. Coverage centers on proxy, webserver.

CVE-2023-23397 is tracked here through 3 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2023. Coverage centers on windows / registry_set, windows / security, windows / smbclient-connectivity.

CVE-2023-36874 is tracked here through 3 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2023. Coverage centers on windows / file_event, windows / process_creation.

CVE-2023-38831 is tracked here through 2 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2023. Coverage centers on windows / file_event, windows / process_creation.

CVE-2023-40477 is tracked here through 2 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2023. Coverage centers on windows / application, windows / file_event.

CVE-2023-43261 is tracked here through 2 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2023. Coverage centers on proxy, webserver.

CVE-2023-46214 is tracked here through 2 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2023. Coverage centers on webserver.

CVE-2023-46747 is tracked here through 2 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2023. Coverage centers on proxy, webserver.

CVE-2023-1389 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2023. Coverage centers on proxy.

CVE-2023-20198 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2023. Coverage centers on cisco / syslog.

CVE-2023-21554 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2023. Coverage centers on windows / application.

CVE-2023-2283 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2023. Coverage centers on linux / sshd.

CVE-2023-23752 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2023. Coverage centers on webserver.

CVE-2023-25157 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2023. Coverage centers on webserver.

CVE-2023-25717 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2023. Coverage centers on webserver.

CVE-2023-27363 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2023. Coverage centers on windows / file_event.

CVE-2023-27997 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2023. Coverage centers on webserver.

CVE-2022-41082 is tracked here through 4 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2022. Coverage centers on proxy, webserver.

CVE-2022-33891 is tracked here through 2 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2022. Coverage centers on linux / process_creation, webserver.

CVE-2022-21554 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2022. Coverage centers on windows / process_creation.

CVE-2022-21587 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2022. Coverage centers on webserver.

CVE-2022-21919 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2022. Coverage centers on windows / application.

CVE-2022-22954 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2022. Coverage centers on windows / process_creation.

CVE-2022-24527 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2022. Coverage centers on windows / file_event.

CVE-2022-26134 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2022. Coverage centers on linux / process_creation.

CVE-2022-26809 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2022. Coverage centers on windows / process_creation.

CVE-2022-27925 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2022. Coverage centers on webserver.

CVE-2022-29072 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2022. Coverage centers on windows / process_creation.

CVE-2022-29799 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2022. Coverage centers on linux.

CVE-2022-30190 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2022. Coverage centers on windows / registry_set.

CVE-2022-31656 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2022. Coverage centers on webserver.

CVE-2022-31659 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2022. Coverage centers on webserver.

CVE-2022-36804 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2022. Coverage centers on webserver.

CVE-2022-37966 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2022. Coverage centers on windows / system.

CVE-2022-41120 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2022. Coverage centers on windows / process_creation.

CVE-2022-42475 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2022. Coverage centers on fortios / sslvpnd.

CVE-2022-44877 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2022. Coverage centers on webserver.

CVE-2022-46169 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2022. Coverage centers on webserver.

CVE-2021-1675 is tracked here through 9 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2021. Coverage centers on antivirus, windows / file_delete, windows / file_event +3.

CVE-2021-40444 is tracked here through 3 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2021. Coverage centers on windows / process_creation, windows / file_event.

CVE-2021-41379 is tracked here through 3 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2021. Coverage centers on windows / application, windows / file_event, windows / process_creation.

CVE-2021-44228 is tracked here through 3 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2021. Coverage centers on webserver, windows / process_creation.

CVE-2021-26084 is tracked here through 2 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2021. Coverage centers on webserver, windows / process_creation.

CVE-2021-26858 is tracked here through 2 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2021. Coverage centers on webserver, windows / file_event.

CVE-2021-33771 is tracked here through 2 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2021. Coverage centers on windows / file_event, windows / registry_set.

CVE-2021-40539 is tracked here through 2 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2021. Coverage centers on webserver.

CVE-2021-42287 is tracked here through 2 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2021. Coverage centers on windows / security, windows / system.

CVE-2021-20090 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2021. Coverage centers on webserver.

CVE-2021-2109 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2021. Coverage centers on webserver.

CVE-2021-21972 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2021. Coverage centers on webserver.

CVE-2021-21978 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2021. Coverage centers on webserver.

CVE-2021-22005 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2021. Coverage centers on webserver.

CVE-2021-22123 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2021. Coverage centers on webserver.

CVE-2021-22893 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2021. Coverage centers on webserver.

CVE-2021-26814 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2021. Coverage centers on webserver.

CVE-2021-26857 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2021. Coverage centers on windows / process_creation.

CVE-2021-27905 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2021. Coverage centers on webserver.

CVE-2021-28480 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2021. Coverage centers on webserver.

CVE-2021-33766 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2021. Coverage centers on webserver.

CVE-2021-35211 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2021. Coverage centers on windows / process_creation.

CVE-2021-38647 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2021. Coverage centers on zeek / http.

CVE-2021-4034 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2021. Coverage centers on linux / auth.

CVE-2021-41773 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2021. Coverage centers on webserver.

CVE-2021-42237 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2021. Coverage centers on webserver.

CVE-2021-42278 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2021. Coverage centers on windows / system.

CVE-2021-42321 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2021. Coverage centers on windows / msexchange-management.

CVE-2021-43798 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2021. Coverage centers on webserver.

CVE-2021-44077 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2021. Coverage centers on windows / file_event.

CVE-2020-0688 is tracked here through 3 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2020. Coverage centers on webserver, windows / application.

CVE-2020-1048 is tracked here through 2 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2020. Coverage centers on windows / process_creation, windows / registry_set.

CVE-2020-10148 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2020. Coverage centers on webserver.

CVE-2020-10189 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2020. Coverage centers on windows / process_creation.

CVE-2020-1350 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2020. Coverage centers on windows / process_creation.

CVE-2020-1472 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2020. Coverage centers on windows / process_creation.

CVE-2020-14882 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2020. Coverage centers on webserver.

CVE-2020-28188 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2020. Coverage centers on webserver.

CVE-2020-3452 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2020. Coverage centers on webserver.

CVE-2020-5902 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2020. Coverage centers on webserver.

CVE-2020-8193 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2020. Coverage centers on webserver.

CVE-2019-0708 is tracked here through 2 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2019. Coverage centers on windows / security, windows / system.

CVE-2019-14287 is tracked here through 2 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2019. Coverage centers on linux / process_creation, linux / sudo.

CVE-2019-11510 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2019. Coverage centers on webserver.

CVE-2019-1378 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2019. Coverage centers on windows / process_creation.

CVE-2019-1388 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2019. Coverage centers on windows / process_creation.

CVE-2019-19781 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2019. Coverage centers on webserver.

CVE-2019-3398 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2019. Coverage centers on webserver.

CVE-2018-13379 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2018. Coverage centers on webserver.

CVE-2018-15473 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2018. Coverage centers on linux / sshd.

CVE-2018-2894 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2018. Coverage centers on webserver.

CVE-2017-0261 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2017. Coverage centers on windows / process_creation.

CVE-2017-11882 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2017. Coverage centers on windows / process_creation.

CVE-2017-8759 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2017. Coverage centers on windows / process_creation.

CVE-2015-1641 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2015. Coverage centers on windows / process_creation.

CVE-2014-6287 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2014. Coverage centers on webserver.

CVE-2010-5278 is tracked here through 1 Sigma detection for exploitation attempts and related post-exploitation behavior observed in 2010. Coverage centers on webserver.