MITRE ATT&CK CVE list for this attack path. Use risk scores and timeline to decide what to patch first and what to track next.
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-4433 | An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used to attempt to compromise the host. | 1.9 | 0.05% | 2026-03-24 | 2026-04-29 |
| CVE-2025-12221 | Busybox 1.31.1 - Multiple Known Vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | 2.1 | 0.04% | 2025-10-25 | 2025-11-07 |
| CVE-2025-20151 | A vulnerability in the implementation of the Simple Network Management Protocol Version 3 (SNMPv3) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to poll an affected device using SNMP, even if the device is configured to deny SNMP traffic from an unauthorized source or the SNMPv3 username is removed from the configuration. This vulnerability exists because of the way that the SNMPv3 configuration is stored in the Cisco IOS Software and Ci | 4.3 | 0.21% | 2025-05-07 | 2025-08-05 |
| CVE-2024-46909 | In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account. | 9.8 | 37.94% | 2024-12-02 | 2024-12-10 |
| CVE-2018-11922 | Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user. | 9.8 | 0.17% | 2024-11-26 | 2025-01-09 |
| CVE-2024-47294 | Access permission verification vulnerability in the input method framework module Impact: Successful exploitation of this vulnerability may affect availability. | 4.4 | 0.05% | 2024-09-27 | 2024-10-01 |
| CVE-2024-47291 | Permission vulnerability in the ActivityManagerService (AMS) module Impact: Successful exploitation of this vulnerability may affect availability. | 5.6 | 0.04% | 2024-09-27 | 2024-10-01 |
| CVE-2024-42031 | Access permission verification vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 | 0.18% | 2024-08-08 | 2025-03-19 |
| CVE-2024-32991 | Permission verification vulnerability in the wpa_supplicant module Impact: Successful exploitation of this vulnerability will affect availability. | 7.5 | 0.21% | 2024-05-14 | 2024-12-11 |
| CVE-2023-52719 | Privilege escalation vulnerability in the PMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 7.1 | 0.06% | 2024-05-14 | 2024-12-09 |
| CVE-2023-33105 | Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sent with an invalid transaction sequence number. | 7.5 | 2.38% | 2024-03-04 | 2025-01-10 |
| CVE-2023-33076 | Memory corruption in Core when updating rollback version for TA and OTA feature is enabled. | 5.9 | 0.04% | 2024-02-06 | 2024-11-21 |
| CVE-2023-43088 | Dell Client BIOS contains a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device. | 7.2 | 0.05% | 2023-12-22 | 2024-11-21 |
| CVE-2023-39385 | Vulnerability of configuration defects in the media module of certain products.. Successful exploitation of this vulnerability may cause unauthorized access. | 9.1 | 0.13% | 2023-08-13 | 2024-11-21 |
| CVE-2023-39392 | Vulnerability of insecure signatures in the OsuLogin module. Successful exploitation of this vulnerability may cause OsuLogin to be maliciously modified and overwritten. | 7.5 | 0.04% | 2023-08-13 | 2024-11-21 |
| CVE-2022-33233 | Memory corruption due to configuration weakness in modem wile sending command to write protected files. | 7.8 | 0.07% | 2023-02-12 | 2024-11-21 |
| CVE-2022-43516 | A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI) | 6.5 | 4.54% | 2022-12-05 | 2024-11-21 |
| CVE-2022-28762 | Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the Zoom client. A local malicious user could use this debugging port to connect to and control the Zoom Apps running in the Zoom client. | 7.3 | 0.18% | 2022-10-14 | 2024-11-21 |
| CVE-2022-36423 | OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices. | 7.4 | 0.13% | 2022-09-09 | 2024-11-21 |
| CVE-2022-37397 | An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. When anonymous or unauthenticated LDAP binding is enabled, it allows bypass of authentication with an empty password. | 8.3 | 0.49% | 2022-08-12 | 2024-11-21 |