MITRE ATT&CK — FreeIntelHub

T1190 — Exploit Public-Facing Application (Initial Access)

177 articles found

Zero Day Initiative CVE Feb 12

ZDI-26-091: Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interactio...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 12

ZDI-26-090: Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interactio...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 12

ZDI-26-089: Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interactio...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 12

ZDI-26-088: Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interactio...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 12

ZDI-26-087: Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interactio...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 12

ZDI-26-086: Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interactio...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 12

ZDI-26-085: Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interactio...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 12

ZDI-26-084: Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interactio...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Ivanti Feb 12

ZDI-26-079: Ivanti Endpoint Manager ROI SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to expl...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 12

ZDI-26-078: Deciso OPNsense diag_backup.php filename Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deciso OPNsense. Authentication is required to ex...

T1190 T1059 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 12

ZDI-26-076: GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Although authentication is required to exploi...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 12

ZDI-26-074: GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Although authentication is required to exploi...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apple Feb 12

ZDI-26-073: Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vul...

T1190 T1059 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apple Feb 12

ZDI-26-072: Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vul...

T1190 T1059 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apple Feb 12

ZDI-26-071: Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vul...

T1190 T1059 1 IOC

Zero Day Initiative →

Wordfence Blog Vulnerability Disclosure WordPress Feb 10

800,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in WPvivid Backup WordPress Plugin

On January 12th, 2026, we received a submission for an Arbitrary File Upload vulnerability in WPvivid Backup, a WordPress plugin with more than 800,000 activ...

T1190

Wordfence Blog →

Infosecurity Magazine Vulnerability Disclosure Feb 9

New Zero-Click Flaw in Claude Desktop Extensions, Anthropic Declines Fix

Security researchers from LayerX identified a new flaw in 50 Claude Desktop Extensions that could lead to unauthorized remote code execution

T1190

Infosecurity Magazine →

Zero Day Initiative CVE Adobe Feb 6

ZDI-26-070: Adobe ColdFusion CAR File Parsing Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe ColdFusion. Authentication is required to exploit thi...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 6

ZDI-26-069: (0Day) Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xmind. User interaction is required to exploit this vulnera...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 5

ZDI-26-066: (Pwn2Own) Lexmark CX532adwe getCFFNames Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX532adwe printers. Authentication is not...

T1190 1 IOC

Zero Day Initiative →

Discovery

T1046 Network Service Discovery

Lateral Movement

T1021 Remote Services

Command and Control

T1071 Application Layer Protocol T1573 Encrypted Channel T1572 Protocol Tunneling

Exfiltration

T1041 Exfiltration Over C2 Channel T1567 Exfiltration Over Web Service

Impact

T1486 Data Encrypted for Impact T1489 Service Stop T1498 Network Denial of Service T1491 Defacement T1529 System Shutdown/Reboot

Resource Development

T1583 Acquire Infrastructure T1588 Obtain Capabilities

Reconnaissance

T1592 Gather Victim Host Information T1598 Phishing for Information

MITRE ATT&CK Mapping

T1190 — Exploit Public-Facing Application (Initial Access)

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Command and Control

Exfiltration

Impact

Resource Development

Reconnaissance