{"uuid": "06eada7c-1ab5-44fe-afd3-79a5dd68784a", "vulnerability": {"vulnId": "CVE-2025-25231", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-09T00:00:00+00:00"}, "gcve": {"object_uuid": "06eada7c-1ab5-44fe-afd3-79a5dd68784a", "origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-09T00:00:00Z", "recorded_at": "2026-02-02T13:23:54Z", "first_seen_at": "2025-09-09T00:00:00Z"}, "scope": {"notes": "Affected: Omnissa / Omnissa Workspace ONE UEM | Description: Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. A malicious actor may be able to gain access to sensitive information by sending crafted GET requests (read-only) to restricted API endpoints | Origin source: CERT-PL | Notes: https://moje.cert.pl/komunikaty/2025/29/aktywnie-wykorzystywana-krytyczna-podatnosc-w-narzedziu-omnissa-workspace-one-uem-airwatch-mdm/"}, "references": [{"id": "CVE-2025-25231", "url": "https://www.cve.org/CVERecord?id=CVE-2025-25231"}, {"id": "EUVD-2025-24160", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-24160"}, {"id": "source", "url": "https://moje.cert.pl/komunikaty/2025/29/aktywnie-wykorzystywana-krytyczna-podatnosc-w-narzedziu-omnissa-workspace-one-uem-airwatch-mdm/"}], "evidence": [{"source": "enisa-cnw-kev", "type": "csirt_report", "signal": "successful_exploitation", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2025-24160", "notes": "https://moje.cert.pl/komunikaty/2025/29/aktywnie-wykorzystywana-krytyczna-podatnosc-w-narzedziu-omnissa-workspace-one-uem-airwatch-mdm/", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "Omnissa Workspace ONE UEM", "dateReported": "09/09/25", "originSource": "CERT-PL", "vendorProject": "Omnissa", "exploitationType": "-", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}]}
{"uuid": "016fe937-b9d9-4fc4-8ac7-7078d88c8ada", "vulnerability": {"vulnId": "CVE-2025-6543", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-18T00:00:00+00:00"}, "gcve": {"object_uuid": "016fe937-b9d9-4fc4-8ac7-7078d88c8ada", "origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-18T00:00:00Z", "recorded_at": "2026-02-02T13:23:54Z", "first_seen_at": "2025-07-18T00:00:00Z"}, "scope": {"notes": "Affected: Citrix / Citrix ADC and Citrix Gateway | Origin source: cnw"}, "references": [{"id": "CVE-2025-6543", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6543"}, {"id": "EUVD-2025-19085", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-19085"}], "evidence": [{"source": "enisa-cnw-kev", "type": "csirt_report", "signal": "successful_exploitation", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2025-19085", "notes": "-", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "Citrix ADC and Citrix Gateway", "dateReported": "18/07/25", "originSource": "cnw", "vendorProject": "Citrix", "exploitationType": "-", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}]}
{"uuid": "6bb27705-58ad-4939-a015-6851a41823da", "vulnerability": {"vulnId": "CVE-2011-4085", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-14T00:00:00+00:00"}, "gcve": {"object_uuid": "6bb27705-58ad-4939-a015-6851a41823da", "origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-14T00:00:00Z", "recorded_at": "2026-02-02T13:23:54Z", "first_seen_at": "2025-07-14T00:00:00Z"}, "scope": {"notes": "Affected: Red Hat / JBoss Application Server | Description: some management interfaces remain accessible and lack effective access control mechanisms | Origin source: CERT Italia | Notes: https://www.acn.gov.it/portale/w/distribuzione-di-payload-malevoli-tramite-vulnerabilita-note"}, "references": [{"id": "CVE-2011-4085", "url": "https://www.cve.org/CVERecord?id=CVE-2011-4085"}, {"id": "EUVD-2011-4036", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2011-4036"}, {"id": "source", "url": "https://www.acn.gov.it/portale/w/distribuzione-di-payload-malevoli-tramite-vulnerabilita-note"}], "evidence": [{"source": "enisa-cnw-kev", "type": "csirt_report", "signal": "successful_exploitation", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2011-4036", "notes": "https://www.acn.gov.it/portale/w/distribuzione-di-payload-malevoli-tramite-vulnerabilita-note", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "JBoss Application Server", "dateReported": "14/07/25", "originSource": "CERT Italia", "vendorProject": "Red Hat", "exploitationType": "-", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}]}
{"uuid": "126fdecc-867c-46fd-b738-2c1a930b4635", "vulnerability": {"vulnId": "CVE-2010-0738", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-14T00:00:00+00:00"}, "gcve": {"object_uuid": "126fdecc-867c-46fd-b738-2c1a930b4635", "origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-14T00:00:00Z", "recorded_at": "2026-02-02T13:23:54Z", "first_seen_at": "2025-07-14T00:00:00Z"}, "scope": {"notes": "Affected: Red Hat / JBoss Application Server | Description: this management interface allows administrative operations to be performed without adequate access controls allowing a remote attacker to interact with the system in an unauthorized manner | Origin source: CERT Italia | Notes: https://www.acn.gov.it/portale/w/distribuzione-di-payload-malevoli-tramite-vulnerabilita-note"}, "references": [{"id": "CVE-2010-0738", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0738"}, {"id": "EUVD-2010-0764", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2010-0764"}, {"id": "source", "url": "https://www.acn.gov.it/portale/w/distribuzione-di-payload-malevoli-tramite-vulnerabilita-note"}], "evidence": [{"source": "enisa-cnw-kev", "type": "csirt_report", "signal": "successful_exploitation", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2010-0764", "notes": "https://www.acn.gov.it/portale/w/distribuzione-di-payload-malevoli-tramite-vulnerabilita-note", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "JBoss Application Server", "dateReported": "14/07/25", "originSource": "CERT Italia", "vendorProject": "Red Hat", "exploitationType": "-", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}]}
{"uuid": "b7d611b3-06a2-471c-a7b6-9875c4a93f2e", "vulnerability": {"vulnId": "CVE-2015-7501", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-14T00:00:00+00:00"}, "gcve": {"object_uuid": "b7d611b3-06a2-471c-a7b6-9875c4a93f2e", "origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-14T00:00:00Z", "recorded_at": "2026-02-02T13:23:54Z", "first_seen_at": "2025-07-14T00:00:00Z"}, "scope": {"notes": "Affected: Apache / Commons Collections library | Description: the system accepts serialized objects without verifying their origin or reliability allowing an attacker to send specially crafted payloads that are then deserialized and executed | Origin source: CERT Italia | Notes: https://www.acn.gov.it/portale/w/distribuzione-di-payload-malevoli-tramite-vulnerabilita-note"}, "references": [{"id": "CVE-2015-7501", "url": "https://www.cve.org/CVERecord?id=CVE-2015-7501"}, {"id": "EUVD-2022-3799", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-3799"}, {"id": "source", "url": "https://www.acn.gov.it/portale/w/distribuzione-di-payload-malevoli-tramite-vulnerabilita-note"}], "evidence": [{"source": "enisa-cnw-kev", "type": "csirt_report", "signal": "successful_exploitation", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2022-3799", "notes": "https://www.acn.gov.it/portale/w/distribuzione-di-payload-malevoli-tramite-vulnerabilita-note", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "Commons Collections library", "dateReported": "14/07/25", "originSource": "CERT Italia", "vendorProject": "Apache", "exploitationType": "-", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}]}
{"uuid": "a2b930f7-c321-4a08-b003-9b78b8ba3d6a", "vulnerability": {"vulnId": "CVE-2017-12149", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-14T00:00:00+00:00"}, "gcve": {"object_uuid": "a2b930f7-c321-4a08-b003-9b78b8ba3d6a", "origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-14T00:00:00Z", "recorded_at": "2026-02-02T13:23:54Z", "first_seen_at": "2025-07-14T00:00:00Z"}, "scope": {"notes": "Affected: Red Hat / JBoss Application Server | Description: the servlet exposes an endpoint that allows you to invoke Java Management Extensions (JMX) operations without any authentication or access control | Origin source: CERT Italia | Notes: https://www.acn.gov.it/portale/w/distribuzione-di-payload-malevoli-tramite-vulnerabilita-note"}, "references": [{"id": "CVE-2017-12149", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12149"}, {"id": "EUVD-2017-3733", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2017-3733"}, {"id": "source", "url": "https://www.acn.gov.it/portale/w/distribuzione-di-payload-malevoli-tramite-vulnerabilita-note"}], "evidence": [{"source": "enisa-cnw-kev", "type": "csirt_report", "signal": "successful_exploitation", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2017-3733", "notes": "https://www.acn.gov.it/portale/w/distribuzione-di-payload-malevoli-tramite-vulnerabilita-note", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "JBoss Application Server", "dateReported": "14/07/25", "originSource": "CERT Italia", "vendorProject": "Red Hat", "exploitationType": "-", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}]}
{"uuid": "7a881107-1112-4d54-a209-79eedb65ef61", "vulnerability": {"vulnId": "CVE-2024-55591", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "7a881107-1112-4d54-a209-79eedb65ef61", "origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-13T00:00:00Z", "recorded_at": "2026-02-02T13:23:54Z", "first_seen_at": "2025-02-13T00:00:00Z"}, "scope": {"notes": "Affected: Fortinet / FortiOS/FortiProxy | Description: authentication bypass using an alternate path or channel vulnerability | Exploitation type: ransomware | CWEs: CWE-288 | Origin source: cnw"}, "references": [{"id": "CVE-2024-55591", "url": "https://www.cve.org/CVERecord?id=CVE-2024-55591"}, {"id": "EUVD-2024-52819", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-52819"}], "evidence": [{"source": "enisa-cnw-kev", "type": "csirt_report", "signal": "confirmed_compromise", "confidence": 0.75, "details": {"cwes": "CWE-288", "euvd": "EUVD-2024-52819", "notes": "-", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "FortiOS/FortiProxy", "dateReported": "13/02/25", "originSource": "cnw", "vendorProject": "Fortinet", "exploitationType": "ransomware", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}]}
{"uuid": "4c9dc532-4817-4485-87bc-ca2e4991b226", "vulnerability": {"vulnId": "CVE-2023-46604", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-23T00:00:00+00:00"}, "gcve": {"object_uuid": "4c9dc532-4817-4485-87bc-ca2e4991b226", "origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-23T00:00:00Z", "recorded_at": "2026-02-02T13:23:54Z", "first_seen_at": "2025-01-23T00:00:00Z"}, "scope": {"notes": "Affected: Apache / ActiveMQ | Exploitation type: ransomware | Origin source: cnw"}, "references": [{"id": "CVE-2023-46604", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46604"}, {"id": "EUVD-2023-2719", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-2719"}], "evidence": [{"source": "enisa-cnw-kev", "type": "csirt_report", "signal": "confirmed_compromise", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2023-2719", "notes": "-", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "ActiveMQ", "dateReported": "23/01/25", "originSource": "cnw", "vendorProject": "Apache", "exploitationType": "ransomware", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}]}
{"uuid": "2b661063-e9ab-4d5b-9d00-d94de7451d55", "vulnerability": {"vulnId": "CVE-2023-46747", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-23T00:00:00+00:00"}, "gcve": {"object_uuid": "2b661063-e9ab-4d5b-9d00-d94de7451d55", "origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-23T00:00:00Z", "recorded_at": "2026-02-02T13:23:54Z", "first_seen_at": "2025-01-23T00:00:00Z"}, "scope": {"notes": "Affected: F5 / BIG-IP | Exploitation type: ransomware | Origin source: cnw"}, "references": [{"id": "CVE-2023-46747", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46747"}, {"id": "EUVD-2023-50916", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-50916"}], "evidence": [{"source": "enisa-cnw-kev", "type": "csirt_report", "signal": "confirmed_compromise", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2023-50916", "notes": "-", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "BIG-IP", "dateReported": "23/01/25", "originSource": "cnw", "vendorProject": "F5", "exploitationType": "ransomware", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}]}
{"uuid": "d704f438-9fc8-48cc-8348-6e8c67033e0e", "vulnerability": {"vulnId": "CVE-2020-1472", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-23T00:00:00+00:00"}, "gcve": {"object_uuid": "d704f438-9fc8-48cc-8348-6e8c67033e0e", "origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-23T00:00:00Z", "recorded_at": "2026-02-02T13:23:54Z", "first_seen_at": "2025-01-23T00:00:00Z"}, "scope": {"notes": "Affected: Microsoft / Netlogon (ZeroLogon) | Exploitation type: ransomware | Origin source: cnw"}, "references": [{"id": "CVE-2020-1472", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1472"}, {"id": "EUVD-2020-12346", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2020-12346"}], "evidence": [{"source": "enisa-cnw-kev", "type": "csirt_report", "signal": "confirmed_compromise", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2020-12346", "notes": "-", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "Netlogon (ZeroLogon)", "dateReported": "23/01/25", "originSource": "cnw", "vendorProject": "Microsoft", "exploitationType": "ransomware", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}]}
{"uuid": "f10c4840-9aa4-4de2-915a-c7f87e9daa7d", "vulnerability": {"vulnId": "CVE-2023-48788", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-23T00:00:00+00:00"}, "gcve": {"object_uuid": "f10c4840-9aa4-4de2-915a-c7f87e9daa7d", "origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-23T00:00:00Z", "recorded_at": "2026-02-02T13:23:54Z", "first_seen_at": "2025-01-23T00:00:00Z"}, "scope": {"notes": "Affected: Fortinet / FortiClientEMS | Exploitation type: ransomware | Origin source: cnw"}, "references": [{"id": "CVE-2023-48788", "url": "https://www.cve.org/CVERecord?id=CVE-2023-48788"}, {"id": "EUVD-2023-52821", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-52821"}], "evidence": [{"source": "enisa-cnw-kev", "type": "csirt_report", "signal": "confirmed_compromise", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2023-52821", "notes": "-", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "FortiClientEMS", "dateReported": "23/01/25", "originSource": "cnw", "vendorProject": "Fortinet", "exploitationType": "ransomware", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}]}
{"uuid": "fd776135-8e5d-4387-9f59-380aa3df5498", "vulnerability": {"vulnId": "CVE-2023-22515", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-23T00:00:00+00:00"}, "gcve": {"object_uuid": "fd776135-8e5d-4387-9f59-380aa3df5498", "origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-23T00:00:00Z", "recorded_at": "2026-02-02T13:23:54Z", "first_seen_at": "2025-01-23T00:00:00Z"}, "scope": {"notes": "Affected: Atlassian / Confluence Server and Data Server | Exploitation type: ransomware | Origin source: cnw"}, "references": [{"id": "CVE-2023-22515", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22515"}, {"id": "EUVD-2023-26655", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-26655"}], "evidence": [{"source": "enisa-cnw-kev", "type": "csirt_report", "signal": "confirmed_compromise", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2023-26655", "notes": "-", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "Confluence Server and Data Server", "dateReported": "23/01/25", "originSource": "cnw", "vendorProject": "Atlassian", "exploitationType": "ransomware", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}]}
{"uuid": "909840f5-f5e0-41a7-a93d-79d2df8e2551", "vulnerability": {"vulnId": "CVE-2023-27997", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-23T00:00:00+00:00"}, "gcve": {"object_uuid": "909840f5-f5e0-41a7-a93d-79d2df8e2551", "origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-23T00:00:00Z", "recorded_at": "2026-02-02T13:23:54Z", "first_seen_at": "2025-01-23T00:00:00Z"}, "scope": {"notes": "Affected: Fortinet / FortiOS and FortiProxy | Exploitation type: ransomware | Origin source: cnw"}, "references": [{"id": "CVE-2023-27997", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27997"}, {"id": "EUVD-2023-31722", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-31722"}], "evidence": [{"source": "enisa-cnw-kev", "type": "csirt_report", "signal": "confirmed_compromise", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2023-31722", "notes": "-", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "FortiOS and FortiProxy", "dateReported": "23/01/25", "originSource": "cnw", "vendorProject": "Fortinet", "exploitationType": "ransomware", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}]}
{"uuid": "28270eb4-56ca-4ff4-8cc0-bd6661b2ba7b", "vulnerability": {"vulnId": "CVE-2017-0144", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-23T00:00:00+00:00"}, "gcve": {"object_uuid": "28270eb4-56ca-4ff4-8cc0-bd6661b2ba7b", "origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-23T00:00:00Z", "recorded_at": "2026-02-02T13:23:54Z", "first_seen_at": "2025-01-23T00:00:00Z"}, "scope": {"notes": "Affected: Microsoft / Windows (SMBv1 - EternalBlue) | Exploitation type: ransomware | Origin source: cnw"}, "references": [{"id": "CVE-2017-0144", "url": "https://www.cve.org/CVERecord?id=CVE-2017-0144"}, {"id": "EUVD-2017-0511", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2017-0511"}], "evidence": [{"source": "enisa-cnw-kev", "type": "csirt_report", "signal": "confirmed_compromise", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2017-0511", "notes": "-", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "Windows (SMBv1 - EternalBlue)", "dateReported": "23/01/25", "originSource": "cnw", "vendorProject": "Microsoft", "exploitationType": "ransomware", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}]}
{"uuid": "b868fc15-ceb2-4b78-b60c-910f63afee4e", "vulnerability": {"vulnId": "CVE-2023-3519", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-23T00:00:00+00:00"}, "gcve": {"object_uuid": "b868fc15-ceb2-4b78-b60c-910f63afee4e", "origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-23T00:00:00Z", "recorded_at": "2026-02-02T13:23:54Z", "first_seen_at": "2025-01-23T00:00:00Z"}, "scope": {"notes": "Affected: Citrix / Citrix ADC and Citrix Gateway | Exploitation type: ransomware | Origin source: cnw"}, "references": [{"id": "CVE-2023-3519", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3519"}, {"id": "EUVD-2023-44176", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-44176"}], "evidence": [{"source": "enisa-cnw-kev", "type": "csirt_report", "signal": "confirmed_compromise", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2023-44176", "notes": "-", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "Citrix ADC and Citrix Gateway", "dateReported": "23/01/25", "originSource": "cnw", "vendorProject": "Citrix", "exploitationType": "ransomware", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}]}
{"uuid": "d4c9d523-8783-43c5-93fc-7d1106d68d4b", "vulnerability": {"vulnId": "CVE-2020-0787", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-23T00:00:00+00:00"}, "gcve": {"object_uuid": "d4c9d523-8783-43c5-93fc-7d1106d68d4b", "origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-23T00:00:00Z", "recorded_at": "2026-02-02T13:23:54Z", "first_seen_at": "2025-01-23T00:00:00Z"}, "scope": {"notes": "Affected: Microsoft / Windows BITS26 | Exploitation type: ransomware | Origin source: cnw"}, "references": [{"id": "CVE-2020-0787", "url": "https://www.cve.org/CVERecord?id=CVE-2020-0787"}, {"id": "EUVD-2020-2274", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2020-2274"}], "evidence": [{"source": "enisa-cnw-kev", "type": "csirt_report", "signal": "confirmed_compromise", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2020-2274", "notes": "-", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "Windows BITS26", "dateReported": "23/01/25", "originSource": "cnw", "vendorProject": "Microsoft", "exploitationType": "ransomware", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}]}
{"uuid": "2a69e6af-0944-47bc-8819-d13de8d45d53", "vulnerability": {"vulnId": "CVE-2024-8190", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-17T00:00:00+00:00"}, "gcve": {"object_uuid": "2a69e6af-0944-47bc-8819-d13de8d45d53", "origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-17T00:00:00Z", "recorded_at": "2026-02-02T13:23:54Z", "first_seen_at": "2025-01-17T00:00:00Z"}, "scope": {"notes": "Affected: Ivanti / CSA (Cloud Services Appliance) | Origin source: cnw"}, "references": [{"id": "CVE-2024-8190", "url": "https://www.cve.org/CVERecord?id=CVE-2024-8190"}, {"id": "EUVD-2024-49004", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-49004"}], "evidence": [{"source": "enisa-cnw-kev", "type": "csirt_report", "signal": "successful_exploitation", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2024-49004", "notes": "-", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "CSA (Cloud Services Appliance)", "dateReported": "17/01/25", "originSource": "cnw", "vendorProject": "Ivanti", "exploitationType": "-", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}]}
{"uuid": "206c31c6-b4a6-46fa-8e4d-95dd5f0d8911", "vulnerability": {"vulnId": "CVE-2024-9380", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-17T00:00:00+00:00"}, "gcve": {"object_uuid": "206c31c6-b4a6-46fa-8e4d-95dd5f0d8911", "origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-17T00:00:00Z", "recorded_at": "2026-02-02T13:23:54Z", "first_seen_at": "2025-01-17T00:00:00Z"}, "scope": {"notes": "Affected: Ivanti / CSA (Cloud Services Appliance) | Origin source: cnw"}, "references": [{"id": "CVE-2024-9380", "url": "https://www.cve.org/CVERecord?id=CVE-2024-9380"}, {"id": "EUVD-2024-49898", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-49898"}], "evidence": [{"source": "enisa-cnw-kev", "type": "csirt_report", "signal": "successful_exploitation", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2024-49898", "notes": "-", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "CSA (Cloud Services Appliance)", "dateReported": "17/01/25", "originSource": "cnw", "vendorProject": "Ivanti", "exploitationType": "-", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}]}
{"uuid": "fe14dbbb-4054-4eaa-8465-8f20cc02e7a4", "vulnerability": {"vulnId": "CVE-2024-8963", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-17T00:00:00+00:00"}, "gcve": {"object_uuid": "fe14dbbb-4054-4eaa-8465-8f20cc02e7a4", "origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-17T00:00:00Z", "recorded_at": "2026-02-02T13:23:54Z", "first_seen_at": "2025-01-17T00:00:00Z"}, "scope": {"notes": "Affected: Ivanti / CSA (Cloud Services Appliance) | Origin source: cnw"}, "references": [{"id": "CVE-2024-8963", "url": "https://www.cve.org/CVERecord?id=CVE-2024-8963"}, {"id": "EUVD-2024-49510", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-49510"}], "evidence": [{"source": "enisa-cnw-kev", "type": "csirt_report", "signal": "successful_exploitation", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2024-49510", "notes": "-", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "CSA (Cloud Services Appliance)", "dateReported": "17/01/25", "originSource": "cnw", "vendorProject": "Ivanti", "exploitationType": "-", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}]}