Query library
runZero includes a substantial library of pre-built queries. These queries can be used to detect vulnerabilities, trigger alerts, and apply changes to assets, such as tags and ownership. These queries are categorized by use case and risk level. Custom queries can also be configured to report vulnerabilities on matching assets and services.
Best Practice #
| Name | Type | Severity | Query | US SaaS Link | EU SaaS Link |
|---|---|---|---|---|---|
| Google Workspace Account Without MFA | users | Medium | source:googleworkspace isEnforcedIn2Sv:f | Link | Link |
| Active Directory Account Expires Soon | users | Low | has:accountExpiresTS AND accountExpiresTS:<30days | Link | Link |
| Authenticated Web Service Without Encryption | services | Low | (_asset.protocol:http AND not _asset.protocol:tls) AND ( html.inputs:"password:" OR last.html.inputs:"password:" OR has:http.head.wwwAuthenticate OR has:last.http.head.wwwAuthenticate ) | Link | Link |
| HTTP Directory Indexing Enabled | services | Low | _asset.protocol:http AND protocol:http AND has:html.title AND (html.title:="Index of /%" OR html.title:="HFS /%" OR html.title:="Directory listing%") | Link | Link |
| Network Time Protocol Service With Skewed Clock | services | Low | _asset.protocol:ntp and protocol:ntp and has:ntp.skew | Link | Link |
| Obsolete SSL Protocol | services | Low | _asset.protocol:tls AND protocol:"tls" AND tls.supportedVersionNames:"SSL" | Link | Link |
| Open Wireless Network | wireless | Low | auth:open | Link | Link |
| SMB Signing Not Required | services | Low | _asset.protocol:smb AND protocol:smb AND has:smb.signing AND NOT smb.signing:required | Link | Link |
| SMB Version 1 Enabled | services | Low | _asset.protocol:smb1 protocol:smb1 | Link | Link |
| SNMP Default Community | services | Low | _asset.protocol:snmp AND protocol:snmp AND has:snmp.defaultCommunities | Link | Link |
| Wireless Network Using WEP Encryption | wireless | Low | enc:wep | Link | Link |
| Active Directory Account Password Does Not Expire | users | Info | passwordNeverExpires:true | Link | Link |
Certificates #
| Name | Type | Severity | Query | US SaaS Link | EU SaaS Link |
|---|---|---|---|---|---|
| Private Key Is Widely Shared | vulnerabilities | Medium | source:runzero AND (foreign_id:=rz-ioasm-pubkey-widely-shared OR foreign_id:=rz-ioasm-pubkey-known-private) | Link | Link |
| Expired Certificate On TLS Service | services | Low | _asset.protocol:tls AND tls.notAfterTS: | Link | Link |
| Certificate On TLS Service Expires Soon | services | Info | _asset.protocol:tls AND tls.notAfterTS:<6weeks AND tls.notAfterTS:>now | Link | Link |
Compliance #
| Name | Type | Severity | Query | US SaaS Link | EU SaaS Link |
|---|---|---|---|---|---|
| Kaspersky Lab Security Software | assets | Info | edr.name:Kaspersky | Link | Link |
| Kaspersky Lab Software | software | Info | vendor:Kaspersky | Link | Link |
| NDAA 2019 Section 889 Equipment | assets | Info | ((mac_vendor:zte OR mac_vendor:huawei OR mac_vendor:CRRC OR mac_vendor:dahua OR mac_vendor:hikvision OR mac_vendor:hisilicon OR mac_vendor:panda OR mac_vendor:dawning OR mac_vendor:hangzhou OR mac_vendor:hytera OR mac_vendor:inspur OR mac_vendor:"Aero Engine Corporation of China" OR mac_vendor:"Aviation Industry Corporation of China" OR mac_vendor:"China Aerospace" OR mac_vendor:"China Electronics" OR mac_vendor:"China General Nuclear Power" OR mac_vendor:"China Mobile" OR mac_vendor:"China National Nuclear Power" OR mac_vendor:"China North Industries Group" OR mac_vendor:"China Railway" OR mac_vendor:"China Shipbuilding" OR mac_vendor:"China South Industries Group" OR mac_vendor:"China State Shipbuilding" OR mac_vendor:"China Telecommunications" OR mac_vendor:ztec OR mac_vendor:ztek OR mac_vendor:"z-tec" OR mac_vendor:5shanghai OR mac_vendor:"Hella Sonnen" OR mac_vendor:anhui OR mac_vendor:"technology sdn bhd" OR mac_vendor:azteq) OR (hw:zte OR hw:huawei OR hw:CRRC OR hw:dahua OR hw:hikvision OR hw:hisilicon OR hw:panda OR hw:dawning OR hw:hangzhou OR hw:hytera OR hw:inspur OR hw:"Aero Engine Corporation of China" OR hw:"Aviation Industry Corporation of China" OR hw:"China Aerospace" OR hw:"China Electronics" OR hw:"China General Nuclear Power" OR hw:"China Mobile" OR hw:"China National Nuclear Power" OR hw:"China North Industries Group" OR hw:"China Railway" OR hw:"China Shipbuilding" OR hw:"China South Industries Group" OR hw:"China State Shipbuilding" OR hw:"China Telecommunications" OR hw:ztec OR hw:ztek OR hw:"z-tec" OR hw:5shanghai OR hw:"Hella Sonnen" OR hw:anhui OR hw:"technology sdn bhd" OR hw:azteq)) | Link | Link |
| Secure Networks Act Section 2 Equipment | assets | Info | (hw:huawei OR hw:="zte%" OR hw:hytera OR hw:hikvision OR hw:dahua OR hw:"china mobile" OR hw:"china telecom" OR hw:"china unicom" OR hw:"pacific networks corp" OR hw:"comnet (usa) llc" OR hw:zhejiang) OR (mac_vendor:huawei OR mac_vendor:="zte%" OR mac_vendor:hytera OR mac_vendor:hikvision OR mac_vendor:dahua OR mac_vendor:"china mobile" OR mac_vendor:"china telecom" OR mac_vendor:"china unicom" OR mac_vendor:"pacific networks corp" OR mac_vendor:"comnet (usa) llc" OR mac_vendor:"zhejiang") | Link | Link |
End-of-Life #
| Name | Type | Severity | Query | US SaaS Link | EU SaaS Link |
|---|---|---|---|---|---|
| Sangoma FreePBX | software | Critical | ((vendor:=FreePBX AND product:=PBX) OR (vendor:=Sangoma AND product:=FreePBX)) AND ((version:>="2.0.0(%)" AND version:<"3.0.0(%)") OR (version:>="12.0.0(%)" AND version:<"15.0.0(%)")) | Link | Link |
| Accellion File Transfer Appliance | assets | High | hw:"Accellion File Transfer Appliance" | Link | Link |
| AutomationDirect MB-GATEWAY | assets | High | hw:="AutomationDirect Modbus Gateway" OR hw:="Automation Direct Modbus Gateway" | Link | Link |
| Cisco Small Business Routers | assets | High | hw:"Cisco RV0" OR hw:"Cisco RV110W" OR hw:"Cisco RV130" OR hw:"Cisco RV132W" OR hw:"Cisco RV134W" OR hw:"Cisco RV160" OR hw:"Cisco RV215" OR hw:"Cisco RV260" OR hw:"Cisco RV320" OR hw:"Cisco RV325" OR hw:"Cisco RV340" OR hw:"Cisco RV345" | Link | Link |
| Cisco Small Business Switches | assets | High | hw:"Cisco" and type:"switch" and ( hw:"SRW224G4-K9-" OR hw:"SRW2016-K9-" OR hw:"SG500X-" OR hw:"SF300-" OR hw:"SRW208G-K9-" OR hw:"SG300-" OR hw:"SRW2048-K9-" OR hw:"SLM2048PT-" OR hw:"SRW208-K9-" OR hw:"SF302-" OR hw:"SLM2008PT-" OR hw:"SLM224PT-" OR hw:"SF500-" OR hw:"SLM2008T-" OR hw:"SG500-" OR hw:"SG200-" OR hw:"SF200-" OR hw:"SLM224GT-" OR hw:"SLM2016T-") | Link | Link |
| End-of-Life Operating System | assets | High | (os_eol_extended:>0 AND os_eol_extended: | Link | Link |
| Zyxel CPE Remote Command Execution | assets | High | hw:"VMG1312-B10A" OR hw:"VMG1312-B10B" OR hw:"VMG1312-B10E" OR hw:"VMG3312-B10A" OR hw:"VMG3313-B10A" OR hw:"VMG3926-B10B" OR hw:"VMG4325-B10A" OR hw:"VMG4380-B10A" OR hw:"VMG8324-B10A" OR hw:"VMG8924-B10A" OR hw:"SBG3300" OR hw:"SBG3500" | Link | Link |
| D-Link DNS Family NAS | assets | Info | fp.hw.product:="DNS-320L" OR fp.hw.product:="DNS-325" OR fp.hw.product:="DNS-327L" OR fp.hw.product:="DNS-340L" | Link | Link |
| Edimax IC-7100 IP Camera | assets | Info | hw:"EDIMAX IC-71%Camera" | Link | Link |
Internet Exposure #
| Name | Type | Severity | Query | US SaaS Link | EU SaaS Link |
|---|---|---|---|---|---|
| Publicly Exposed Configuration Database Server | services | High | service_has_public:t AND (_asset.protocols:zookeeper OR _asset.protocols:etcd2 OR _asset.protocols:consul) AND (protocol:zookeeper OR protocol:etcd2 OR protocol:consul) | Link | Link |
| Potential External Access To Internal Asset | vulnerabilities | Medium | source:runzero AND (foreign_id:=rz-query-rz-ioasm-internal-mac OR foreign_id:=rz-query-rz-ioasm-internal-pubkey) | Link | Link |
| Potential External Access To Remote Desktop Service | assets | Medium | has_public:t AND service_has_public:f AND ( ( _asset.protocol:rdp AND protocol:rdp ) OR ( _asset.protocol:vnc AND protocol:vnc ) OR ( _asset.protocol:teamviewer AND protocol:teamviewer ) OR ( _asset.protocol:spice AND protocol:spice ) ) | Link | Link |
| Publicly Exposed Baseboard Management Controller | assets | Medium | haspublic:t AND (type:bmc OR protocol:ipmi) | Link | Link |
| Publicly Exposed Remote Desktop Gateway | services | Medium | service_has_public:t AND ( (_asset.protocol:dtls OR _asset.protocol:http) AND ((protocol:dtls OR protocol:http) AND has:rdg.transport) ) | Link | Link |
| Publicly Exposed Remote Desktop Service | assets | Medium | service_has_public:t AND ( ( _asset.protocol:rdp AND protocol:rdp ) OR ( _asset.protocol:vnc AND protocol:vnc ) OR ( _asset.protocol:teamviewer AND protocol:teamviewer ) OR ( _asset.protocol:spice AND protocol:spice ) ) | Link | Link |
| Publicly Exposed SSH Server With Password Authentication | services | Medium | service_has_public:t AND ( _asset.protocol:ssh AND protocol:ssh AND ssh.authMethods:password ) | Link | Link |
| Publicly Exposed Windows Management Service | assets | Medium | service_has_public:t AND ( ( _asset.protocol:smb AND protocol:smb ) OR ( _asset.protocol:epm AND protocol:epm ) OR ( _asset.protocol:wsman AND protocol:wsman ) ) | Link | Link |
| Potential External Access To Configuration Database Server | services | Low | has_public:t AND service_has_public:f AND (_asset.protocols:zookeeper OR _asset.protocols:etcd2 OR _asset.protocols:consul) AND (protocol:zookeeper OR protocol:etcd2 OR protocol:consul) | Link | Link |
| Potential External Access To Key-Value Database Server | services | Low | has_public:t AND service_has_public:f AND (_asset.protocols:memcache OR _asset.protocols:redis) AND (protocol:memcache OR protocol:redis) | Link | Link |
| Potential External Access To NoSQL Database Server | services | Low | has_public:t AND service_has_public:f AND (_asset.protocols:mongodb OR _asset.protocols:couchdb OR _asset.protocols:cassandra OR _asset.protocols:elasticsearch OR _asset.protocols:riak OR _asset.protocols:influxdb) AND (protocol:mongodb OR protocol:couchdb OR protocol:cassandra protocol:elasticsearch OR protocol:riak OR protocol:influxdb) | Link | Link |
| Potential External Access To Operational Technology Service | services | Low | has_public:t AND service_has_public:f AND (_asset.protocols:bacnet OR _asset.protocols:modbus OR _asset.protocols:dnp3 OR _asset.protocols:opcua OR _asset.protocols:cip OR _asset.protocols:ethernetip OR _asset.protocols:profinet OR _asset.protocols:prosoft OR _asset.protocols:s7comm OR _asset.protocols:fins OR _asset.protocols:comtrol OR _asset.protocols:atg) AND (protocol:bacnet OR protocol:modbus OR protocol:dnp3 OR protocol:opcua OR protocol:cip OR protocol:ethernetip OR protocol:profinet OR protocol:prosoft OR protocol:s7comm OR protocol:fins OR protocol:comtrol OR protocol:atg) | Link | Link |
| Potential External Access To Relational Database Server | services | Low | has_public:t AND service_has_public:f AND (_asset.protocols:mysql OR _asset.protocols:postgres OR _asset.protocols:mssql OR _asset.protocols:oracledb) AND (protocol:mysql OR protocol:postgres OR protocol:mssql OR protocol:oracledb) | Link | Link |
| Potential External Access To Remote Desktop Gateway | services | Low | has_public:t AND service_has_public:f AND ( (_asset.protocol:dtls OR _asset.protocol:http) AND ((protocol:dtls OR protocol:http) AND has:rdg.transport) ) | Link | Link |
| Potential External Access To SSH Server With Password Authentication | services | Low | has_public:t AND service_has_public:f AND (_asset.protocol:ssh AND protocol:ssh AND ssh.authMethods:password) | Link | Link |
| Potential External Access To Windows Management Service | assets | Low | has_public:t AND service_has_public:f AND ( ( _asset.protocol:smb AND protocol:smb ) OR ( _asset.protocol:epm AND protocol:epm ) OR ( _asset.protocol:wsman AND protocol:wsman ) ) | Link | Link |
| Publicly Exposed Key-Value Database Server | services | Low | service_has_public:t AND (_asset.protocols:memcache OR _asset.protocols:redis) AND (protocol:memcache OR protocol:redis) | Link | Link |
| Publicly Exposed NoSQL Database Server | services | Low | service_has_public:t AND (_asset.protocols:mongodb OR _asset.protocols:couchdb OR _asset.protocols:cassandra OR _asset.protocols:elasticsearch OR _asset.protocols:riak OR _asset.protocols:influxdb) AND (protocol:mongodb OR protocol:couchdb OR protocol:cassandra protocol:elasticsearch OR protocol:riak OR protocol:influxdb) | Link | Link |
| Publicly Exposed Operational Technology Service | services | Low | service_has_public:t AND (_asset.protocols:bacnet OR _asset.protocols:modbus OR _asset.protocols:dnp3 OR _asset.protocols:opcua OR _asset.protocols:cip OR _asset.protocols:ethernetip OR _asset.protocols:profinet OR _asset.protocols:prosoft OR _asset.protocols:s7comm OR _asset.protocols:fins OR _asset.protocols:comtrol OR _asset.protocols:atg) AND (protocol:bacnet OR protocol:modbus OR protocol:dnp3 OR protocol:opcua OR protocol:cip OR protocol:ethernetip OR protocol:profinet OR protocol:prosoft OR protocol:s7comm OR protocol:fins OR protocol:comtrol OR protocol:atg) | Link | Link |
| Publicly Exposed Relational Database Server | services | Low | service_has_public:t AND (_asset.protocols:mysql OR _asset.protocols:postgres OR _asset.protocols:mssql OR _asset.protocols:oracledb) AND (protocol:mysql OR protocol:postgres OR protocol:mssql OR protocol:oracledb) | Link | Link |
Open Access #
| Name | Type | Severity | Query | US SaaS Link | EU SaaS Link |
|---|---|---|---|---|---|
| Cisco Smart Install Service | services | Critical | _asset.protocol:ciscosmi protocol:ciscosmi | Link | Link |
| Sun Solaris sadmind RPC Service | services | Critical | _asset.protocol:rpcbind protocol:rpcbind rpcbind.programs:"100232-v10-" | Link | Link |
| Unauthenticated Android Debug Bridge | services | Critical | _asset.protocol:adb AND protocol:adb AND has:adb.features | Link | Link |
| Unauthenticated Apache ZooKeeper Database | services | Critical | _asset.protocol:zookeeper AND protocol:zookeeper AND zk.access:allowed | Link | Link |
| Unauthenticated CNCF etcd Database | services | Critical | _asset.protocol:etcd2 protocol:etcd2 etcd2.access:allowed | Link | Link |
| Unauthenticated Distributed Ruby Service | services | Critical | _asset.protocol:drbd AND protocol:drbd | Link | Link |
| Unauthenticated MongoDB Database | services | Critical | _asset.protocol:mongodb AND protocol:mongodb AND mongodb.auth:open | Link | Link |
| Zabbix Agent Without ACL | services | Critical | _asset.protocol:zabbix-agent AND protocol:zabbix-agent AND NOT zabbix.isLocal:true | Link | Link |
| Unauthenticated Apache CouchDB Database | services | High | _asset.protocol:couchdb AND protocol:couchdb | Link | Link |
| Unauthenticated Cassandra Database | services | High | _asset.protocol:cassandra AND protocol:cassandra | Link | Link |
| Unauthenticated Elastic Search Database | services | High | _asset.protocol:elasticsearch AND protocol:elasticsearch | Link | Link |
| Unauthenticated HashiCorp Consul Database | services | High | _asset.protocol:consul protocol:consul has:consul.config.datacenter | Link | Link |
| Unauthenticated InfluxDB Database | services | High | _asset.protocol:influxdb AND protocol:influxdb | Link | Link |
| Unauthenticated Memcached Database | services | High | _asset.protocol:memcache AND protocol:memcache | Link | Link |
| Unauthenticated Redis Database | services | High | _asset.protocol:redis AND protocol:redis AND has:redis.redisVersion | Link | Link |
| Unauthenticated Riak Database | services | High | (_asset.protocol:riak AND protocol:riak) OR (_asset.protocol:riak-http AND protocol:riak-http) | Link | Link |
| Click Modular Router Shell | services | Medium | _asset.protocol:click protocol:click | Link | Link |
| Unauthenticated MongoDB Database (Limited) | services | Medium | _asset.protocol:mongodb AND protocol:mongodb AND mongodb.auth:limited | Link | Link |
| World-Readable NFS Export | services | Medium | _asset.protocol:mountd AND protocol:="mountd" AND nfs.allowed:"%=*" | Link | Link |
Rapid Response #
| Name | Type | Severity | Query | US SaaS Link | EU SaaS Link |
|---|---|---|---|---|---|
| Rapid Response: Adobe Commerce & Magento Session Takeover With Unconfirmed RCE (CVE-2025-54236) | software | Critical | vendor:=Adobe AND product:=Magento AND (version:>0 AND version:<="2.4.9-alpha2") | Link | Link |
| Rapid Response: Fortra GoAnywhere MFT License Servlet Deserialization Vulnerability (CVE-2025-10035) | software | Critical | vendor:=Fortra AND (product:="Goanywhere Managed File Transfer" OR product:="GoAnywhere MFT%") AND (version:>0 AND version:<7.8.4 AND NOT version:=7.6.3) | Link | Link |
| Rapid Response: Rockwell Automation ControlLogix Ethernet RCE (CVE-2025-7353) | services | Critical | (_asset.protocol:="ethernetip" OR asset.protocol:="ethernetip-udp") AND protocol:"ethernetip" AND (ethernetip.product:="1756-EN2T/D" OR ethernetip.product:="1756-EN2F/C" OR ethernetip.product:="1756-EN2TR/C" OR ethernetip.product:="1756-EN3TR/B" OR ethernetip.product:="1756-EN2TP/A") AND (ethernetip.revision:<"12" OR ethernetip.revision:"12.0%") | Link | Link |
| Rapid Response: SAP NetWeaver (RMI-P4) Insecure Deserialization (CVE-2025-42944) | software | Critical | vendor:=SAP AND product:"NetWeaver" AND (version:>0 AND version:<=7.50) | Link | Link |
| Rapid Response: Sangoma FreePBX RCE (CVE-2025-57819) | software | Critical | ((vendor:=FreePBX AND product:=PBX) OR (vendor:=Sangoma AND product:=FreePBX)) AND (version:>0 AND (version:<"15.0.66(%)" OR version:<"16.0.89(%)" OR version:<"17.0.3(%)")) | Link | Link |
| Rapid Response: SolarWinds Web Help Desk RCE (CVE-2025-26399) | software | Critical | vendor:=SolarWinds AND (product:="Web Help Desk" OR product:="webhelpdesk") AND (version:>0 AND version:<12.8.7.2174) | Link | Link |
| Rapid Response: Plex Media Server 1.41.7.X To 1.42.0.X < 1.42.1 Undisclosed Vulnerability (CVE-2025-34158) | software | Medium | vendor:=Plex AND product:"Media Server" AND (version:>0 AND version:<"1.42.1") | Link | Link |
| Rapid Response: Arcserve Unified Data Protection < 10.2 Heap Overflow Vulnerabilities | software | Info | (vendor:=Arcserve OR vendor:="Arcserve (USA)") AND (product:=UDP OR product:="Arcserve Unified Data Protection") AND version:<10.2 | Link | Link |
| Rapid Response: Cisco ASA and FTD Multiple Vulnerabilities (September 2025) | assets | Info | (os:="Cisco Adaptive Security Appliance" OR hw:="Cisco ASA%") AND (protocol:http OR protocol:tls) | Link | Link |
| Rapid Response: Cisco IOS and IOS XE SNMP DoS and RCE Vulnerability (CVE-2025-20352) | assets | Info | (os:="Cisco IOS" OR os:="Cisco IOS XE" OR hw:="Cisco Meraki MS390%" OR hw:="Cisco Meraki C9300%") AND has:snmp.v2DefaultCommunities | Link | Link |
| Rapid Response: Daikin Security Gateway Authentication Bypass (CVE-2025-10127) | services | Info | _asset.protocol:http AND protocol:http AND has:html.title AND html.title:="Security GW" AND has:favicon.ico.image.mmh3 AND favicon.ico.image.mmh3:="1417553504" | Link | Link |
| Rapid Response: Dassault Systèmes (3DS) DELMIA Apriso RCE (CVE-2025-5086) | services | Info | _asset.protocol:http AND protocol:http AND has:last.html.title AND last.html.title:="DELMIA Apriso%" | Link | Link |
| Rapid Response: Fortinet FortiSIEM OS Command Injection (CVE-2025-25256) | software | Info | vendor:="Fortinet" product:="FortiSIEM" | Link | Link |
| Rapid Response: Fortinet FortiWeb Authentication Bypass (CVE-2025-52970) | software | Info | vendor:=Fortinet AND product:=FortiWeb | Link | Link |
| Rapid Response: Multiple Vulnerabilities In N-Able N-Central | software | Info | vendor:="N-able" product:="N-central" | Link | Link |
| Rapid Response: NetScaler ADC And NetScaler Gateway Multiple Vulnerabilities | assets | Info | hw:="Citrix Netscaler Gateway" OR os:="Citrix ADC" OR os:="Citrix NetScaler" | Link | Link |
| Rapid Response: Trend Micro Apex One OS Command Injection Vulnerabilities | software | Info | vendor:="Trend Micro" product:="Apex One" | Link | Link |
| Rapid Response: VMware Aria Operations Local Privilege Escalation (CVE-2025-41244) | services | Info | _asset.protocol:http AND protocol:http AND has:last.html.title AND last.html.title:="VMware Aria Operations" | Link | Link |
| Rapid Response: WatchGuard Firebox IKED RCE (CVE-2025-9242) | assets | Info | os:="WatchGuard Fireware" | Link | Link |
Vulnerability #
| Name | Type | Severity | Query | US SaaS Link | EU SaaS Link |
|---|---|---|---|---|---|
| AirPlay Protocol Remote Code Execution (AirBorne) | assets | Critical | hw:="apple%" AND protocol:airplay AND ( (os:="apple macos" AND ((osversion:>"13.0" AND osversion:<"13.7.5") OR (osversion:>"14.0" AND osversion:<"14.7.5") OR (osversion:>"15.0" AND osversion:<"15.4"))) OR (os:="apple ipados" AND ((osversion:>"17.0" AND osversion:<"17.7.6") OR (osversion:>"18.0" AND osversion:<"18.4"))) OR ((os:="apple tvos" OR os:="apple audioos") AND osversion:>0 AND osversion:<"18.4") OR (os:="apple ios" AND osversion:>0 AND osversion:<"18.4") OR (os:="apple visionos" AND osversion:>0 AND osversion:<"2.4") ) | Link | Link |
| Apache 2.4.49 < 2.4.51 Information Disclosure | software | Critical | _asset.protocol:http product:HTTPD AND version:>=2.4.49 AND version:<2.4.51 | Link | Link |
| Apache ActiveMQ Remote Code Execution (CVE-2023-46604) | software | Critical | _asset.protocol:activemq AND product:ActiveMQ AND ((version:>0 AND version:<5.15.16) OR (version:>=5.16.0 AND version:<5.16.7) OR (version:>=5.17.0 AND version:<5.17.6) OR (version:>=5.18.0 AND version:<5.18.3)) | Link | Link |
| Apache Solr Log4Shell Remote Code Execution | software | Critical | vendor:=Apache AND product:Solr AND ((version:>=7.4.0 AND version:<7.7.3) OR (version:>=8.0.0 AND version:<8.11.0)) | Link | Link |
| Apache Tomcat 10.1.0-M1 < 10.1.34 Multiple Vulnerabilities | software | Critical | product:Tomcat AND (version:>10.1.0-M1 AND version:<10.1.34) | Link | Link |
| Apache Tomcat 11.0.0-M1 < 11.0.2 Multiple Vulnerabilities | software | Critical | product:Tomcat AND (version:>11.0.0-M1 AND version:<11.0.2) | Link | Link |
| Apache Tomcat 9.0.0-M1 < 9.0.98 Multiple Vulnerabilities | software | Critical | product:Tomcat AND (version:>9.0.0-M1 AND version:<9.0.98) | Link | Link |
| Apple tvOS < 16.2 Multiple Vulnerabilities | assets | Critical | os:"Apple tvOS" AND osversion:>0 AND osversion:<16.2 | Link | Link |
| Atlassian Confluence 8.0 < 8.5.4 Remote Code Execution | software | Critical | vendor:=Atlassian AND product:Confluence AND (version:>=8.0 AND version:<8.5.4) | Link | Link |
| Atlassian Confluence Cross-Site Scripting (CVE-2024-4367) | software | Critical | vendor:=Atlassian AND product:Confluence AND ( (version:>0 AND version:<7.19.25) OR (version:>=7.20.0 AND version:<8.5.11) OR (version:>=8.6.0 AND version:<8.9.3)) | Link | Link |
| Atlassian Confluence Path Traversal (CVE-2019-3396) | software | Critical | vendor:=Atlassian AND product:Confluence AND NOT type:=Mobile AND ( (version:>0 AND version:<6.6.12) OR (version:>=6.7.0 AND version:<6.12.3) OR (version:>=6.13.0 AND version:<6.13.3) OR (version:>=6.14.0 AND version:<6.14.2)) | Link | Link |
| Atlassian Confluence Privilege Escalation (CVE-2023-22515) | software | Critical | vendor:=Atlassian AND product:Confluence AND ( (version:>=8.0 AND version:<8.3.3) OR (version:>=8.4.0 AND version:<8.4.3) OR (version:>=8.5.0 AND version:<8.5.2)) | Link | Link |
| Atlassian Confluence Remote Code Execution (CVE-2021-26084) | software | Critical | vendor:=Atlassian AND product:Confluence AND ( (version:>0 AND version:<6.13.23) OR (version:>=6.14.0 AND version:<7.4.11) OR (version:>=7.5.0 AND version:<7.11.6) OR (version:>=7.12.0 AND version:<7.12.5)) | Link | Link |
| Atlassian Confluence Remote Code Execution (CVE-2022-26134) | software | Critical | vendor:=Atlassian AND product:Confluence AND ( (version:>=1.3.0 AND version:<7.4.17) OR (version:>=7.13.0 AND version:<7.13.7) OR (version:>=7.14.0 AND version:<7.14.3) OR (version:>=7.15.0 AND version:<7.15.2) OR (version:>=7.16.0 AND version:<7.16.4) OR (version:>=7.17.0 AND version:<7.17.4) OR (version:>=7.18.0 AND version:<7.18.1) OR ) | Link | Link |
| Atlassian Confluence Server-Side Request Forgery (CVE-2019-3395) | software | Critical | vendor:=Atlassian AND product:Confluence AND ( (version:>0 AND version:<6.6.7) OR (version:>=6.7.0 AND version:<6.8.5) OR (version:>=6.9.0 AND version:<6.9.3)) | Link | Link |
| Broadcom VMware ESXi Guest Escape | assets | Critical | os:"vmware esxi" AND ((os_version:>0 AND os_version:<6) OR (os_version:>6 AND os_version:<"6.7.0 build-24514018") OR (os_version:>7 AND os_version:<"7.0.3 build-24585291") OR (os_version:>8 AND os_version:<"8.0.2") OR (os_version:>"8.0.2" AND os_version:<"8.0.2 build-24585300") OR (os_version:>"8.0.3" AND os_version:<"8.0.3 build-24585383")) | Link | Link |
| Broadcom VMware ESXi VM Escape | assets | Critical | os:"vmware esxi" AND ((os_version:>7 AND os_version:<"7.0.3 build-24784741") OR (os_version:>8 AND (os_version:<"8.0.2 build-24789317" OR os_version:<"8.0.3 build-24784735"))) | Link | Link |
| Cacti < 1.2.23 Remote Code Execution | software | Critical | _asset.products:Cacti AND vendor:Cacti AND product:Cacti AND (version:>0 AND version:<1.2.23) | Link | Link |
| Cleo Harmony < 5.8.0.21 Unrestricted File Upload/Download | software | Critical | vendor:=Cleo AND product:harmony AND (version:>0 AND version:<5.8.0.21) | Link | Link |
| Cleo Lexicom < 5.8.0.21 Unrestricted File Upload/Download | software | Critical | vendor:=Cleo AND product:lexicom AND (version:>0 AND version:<5.8.0.21) | Link | Link |
| Cleo VLTrader < 5.8.0.21 Unrestricted File Upload/Download | software | Critical | vendor:=Cleo AND product:vltrader AND (version:>0 AND version:<5.8.0.21) | Link | Link |
| ConnectWise ScreenConnect < 23.9.8 Remote Code Execution | software | Critical | vendor:ConnectWise AND product:ScreenConnect AND (version:>0 AND version:<23.9.8) | Link | Link |
| Elastic Kibana 8.15.0 < 8.17.3 Remote Code Execution | software | Critical | vendor:Elastic AND product:kibana AND (version:>8.14 AND version:<8.17.3) | Link | Link |
| Elasticsearch < 1.2 Remote Code Execution | software | Critical | vendor:elastic AND product:search AND ( (version:>0 AND version:<1.2 AND NOT version:"0:%") OR (version:"0:%" AND version:>"0:0" AND version:<"0:1.2")) | Link | Link |
| F5 Big-IP Remote Code Execution (CVE-2021-22986) | assets | Critical | os:="F5 Networks BIG-IP" AND ( (osversion:>"12.1" AND osversion:<"12.1.5.3") OR (osversion:>"13.1" AND osversion:<"13.1.3.6") OR (osversion:>"14.1" AND osversion:<"14.1.4") OR (osversion:>"15.1" AND osversion:<"15.1.2.1") OR (osversion:>"16.0" AND osversion:<"16.0.1.1") ) | Link | Link |
| GitLab Remote Code Execution (CVE-2021-22205) | software | Critical | vendor:=GitLab AND product:gitlab AND ((version:>11.9 AND version:<13.8.7) OR (version:>13.9 AND version:<13.9.5) OR (version:>13.10 AND version:<13.10.2)) | Link | Link |
| HPE iLO 4 Authentication Bypass | assets | Critical | os:"iLO 4" and os_version:>0 AND os_version:<=2.53 | Link | Link |
| HashiCorp Vault Multiple Vulnerabilities - HCSEC-2025-22 | software | Critical | vendor:="HashiCorp" AND product:"Vault" AND ( (version:>=1.20.0 AND version:<1.20.2) OR (version:>=1.19.0 AND version:<1.19.8) OR (version:>=1.18.0 AND version:<1.18.13) OR (version:>0 AND version:<1.16.24)) | Link | Link |
| Microsoft OMI WSMAN Authentication Bypass | services | Critical | _asset.protocol:wsman AND wsman.productVendor:="Open Management Infrastructure" AND (wsman.productVersion:=0.% or wsman.productVersion:=1.0.% or wsman.productVersion:=1.1.% or wsman.productVersion:1.2.% or wsman.productVersion:=1.3.% or wsman.productVersion:=1.4.% or wsman.productVersion:=1.5.% or wsman.productVersion:=1.6.0-% or wsman.productVersion:=1.6.1-% or wsman.productVersion:=1.6.2-% or wsman.productVersion:=1.6.3-% or wsman.productVersion:=1.6.4-% or wsman.productVersion:=1.6.5-% or wsman.productVersion:=1.6.6-% or wsman.productVersion:=1.6.7-% or wsman.productVersion:=1.6.8-0) | Link | Link |
| Multiple Fortinet Products Buffer Overflow | assets | Critical | hw:="Fortinet%" AND type:="SIP Gateway" AND ((osversion:="7.2.0") OR (osversion:>"7.0.0" AND osversion:<"7.0.7") OR (osversion:>="6.4.0" AND osversion:<"6.4.11")) | Link | Link |
| PHP 8.1.0 < 8.1.29 Multiple Vulnerabilities | software | Critical | os:"Windows" AND _asset.products:apache AND product:PHP AND (version:>8.1 AND version:<8.1.29) | Link | Link |
| PHP 8.2.0 < 8.2.20 Multiple Vulnerabilities | software | Critical | os:"Windows" AND _asset.products:apache AND product:PHP AND (version:>8.2 AND version:<8.2.20) | Link | Link |
| PHP 8.3.0 < 8.3.8 Multiple Vulnerabilities | software | Critical | os:"Windows" AND _asset.products:apache AND product:PHP AND (version:>8.3 AND version:<8.3.8) | Link | Link |
| Palo Alto Networks PAN-OS Authentication Bypass | assets | Critical | os:="Palo Alto Networks PAN-OS" AND (osversion:>"11.1.6-h1" AND osversion:<11.2.4-h4) AND (osversion:>"10.2.13-h3" AND osversion:<11.1.6-h1) AND (osversion:>"10.1.14-h9" AND osversion:<"10.2.13-h3") AND (osversion:>"10.1.0" AND osversion:<"10.1.14-h9") | Link | Link |
| Plesk Panel 9.0.X < 9.2.3 Remote Code Execution | software | Critical | not os:Windows AND vendor:=parallels AND product:=plesk AND (version:>9.0.0 AND version:<9.5.4) | Link | Link |
| Rejetto HTTP File Server 2 Remote Code Execution | software | Critical | vendor:Rejetto AND product:"HTTP File Server" AND version:>0 AND version:<3 | Link | Link |
| Rejetto HTTP File Server 2.0 < 2.3M Remote Code Execution | software | Critical | os:Windows AND vendor:Rejetto AND product:"HTTP File Server" AND version:>=2.0 AND version:<"2.3m" | Link | Link |
| Roundcube Webmail Remote Code Execution | software | Critical | vendor:=Roundcube AND product:=Webmail AND ((version:>=1.5 AND version:<1.5.10) OR (version:>=1.6 AND version:<1.6.11)) | Link | Link |
| SonicWall SMA1000 < 12.4.3 Remote Code Execution | assets | Critical | hw:="SonicWall SMA1000" AND (osversion:>0 AND osversion:<12.4.3) | Link | Link |
| SonicWall SSLVPN Authentication Bypass (CVE-2024-53704) | assets | Critical | os:SonicOS AND ( (osversion:>"6.0" AND osversion:<"6.5.5.1-6n") OR (osversion:>"7.0" AND osversion:<"7.0.1-5165") OR (osversion:>"7.1" AND osversion:<"7.1.3-7015") OR (hw:TZ80 AND osversion:>"8.0" AND osversion:<"8.0.0-8037")) | Link | Link |
| Squid URN Handling Buffer Overflow (CVE-2025-54574) | software | Critical | vendor:"Squid Cache" and product:"Squid" and version:>0 AND version:<6.4 | Link | Link |
| VMware vCenter Server 7.0 < 7.0 U3t / 8.0 < 8.0 U3d Multiple Vulnerabilities | software | Critical | vendor:vmware AND (product:"vcenter server" OR product:"cloud foundation") AND ((version:>7.0 AND version:<"7.0.3 build-24322018") OR (version:>8.0 AND version:<"8.0.3 build-24322831")) | Link | Link |
| Apache Tomcat 10.1.0-M1 < 10.1.43 Multiple Vulnerabilities | software | High | product:Tomcat AND (version:>10.1.0-M1 AND version:<10.1.43) | Link | Link |
| Apache Tomcat 10.1.0-M1 < 10.1.44 HTTP/2 MadeYouReset DoS | software | High | product:Tomcat AND (version:>10.1.0-M1 AND version:<10.1.44) | Link | Link |
| Apache Tomcat 11.0.0-M1 < 11.0.10 Multiple Vulnerabilities | software | High | product:Tomcat AND (version:>11.0.0-M1 AND version:<11.0.10) | Link | Link |
| Apache Tomcat 11.0.0-M1 < 11.0.9 Multiple Vulnerabilities | software | High | product:Tomcat AND (version:>11.0.0-M1 AND version:<11.0.9) | Link | Link |
| Apache Tomcat 9.0.0-M1 < 9.0.107 Multiple Vulnerabilities | software | High | product:Tomcat AND (version:>9.0.0-M1 AND version:<9.0.107) | Link | Link |
| Apache Tomcat 9.0.0-M1 < 9.0.108 HTTP/2 MadeYouReset DoS | software | High | product:Tomcat AND (version:>9.0.0-M1 AND version:<9.0.108) | Link | Link |
| Apache Tomcat Partial PUT Deserialization Vulnerability | software | High | _asset.products:"Tomcat" AND product:"Tomcat" AND ((version:>=11.0.0 AND version:<11.0.3) OR (version:>=10.1.0 AND version:<10.1.35) OR (version:>=9.0.0 AND version:<9.0.99)) | Link | Link |
| Apple tvOS < 11.4 Multiple Vulnerabilities | assets | High | os:"Apple tvOS" AND osversion:>0 AND osversion:<11.4 | Link | Link |
| Apple tvOS < 13.3.1 Multiple Vulnerabilities | assets | High | os:"Apple tvOS" AND osversion:>0 AND osversion:<13.3.1 | Link | Link |
| Apple tvOS < 15.2 Multiple Vulnerabilities | assets | High | os:"Apple tvOS" AND osversion:>0 AND osversion:<15.2 | Link | Link |
| Atlassian Confluence 5.2 < 7.19.22 Remote Code Execution | software | High | vendor:=Atlassian AND product:Confluence AND (version:>=5.2 AND version:<7.19.22) | Link | Link |
| Cisco ConfD SSH Server Remote Code Execution | software | High | vendor:="Cisco" AND product:="ConfD" AND ( (version:>"7.0.0.0" AND version:<"7.7.19.1") OR (version:>"8.0.0.0" AND version:<"8.0.17.1") OR (version:>"8.1.0.0" AND version:<"8.1.16.2") OR (version:>"8.2.0.0" AND version:<"8.2.11.1") OR (version:>"8.3.0.0" AND version:<"8.3.8.1") OR (version:>"8.4.0.0" AND version:<"8.4.4.1")) | Link | Link |
| Cisco IOS XE Arbitrary File Upload | assets | High | os:="Cisco IOS XE" AND hw:"Catalyst" AND ( (osversion:>="17.7.0" AND osversion:<="17.7.1") OR (osversion:>="17.10.0" AND osversion:<="17.10.1") OR (osversion:>="17.8.0" AND osversion:<="17.8.1") OR (osversion:>="17.9.0" AND osversion:<="17.9.5") OR (osversion:>="17.11.0" AND osversion:<="17.11.1") OR (osversion:>="17.12.0" AND osversion:<="17.2.3") OR (osversion:>="17.13.0" AND osversion:<="17.13.1") OR (osversion:>="17.14.0" AND osversion:<="17.14.1") OR (osversion:>="17.11.0" AND osversion:<="17.11.99") ) | Link | Link |
| Commvault Command Center Remote Code Execution | software | High | vendor:="Commvault" AND product:="Command Center" AND version:>"11.38.0" AND version:<"11.38.20" | Link | Link |
| ConnectWise ScreenConnect < 25.2.4 ViewState Code Injection | software | High | vendor:=ConnectWise AND product:=ScreenConnect AND (version:>0 AND version:<25.2.4) | Link | Link |
| Dell EMC Unity, UnityVSA, And Unity XT | assets | High | os:"EMC Unity" AND osversion:>0 AND osversion:<5.5.0.0.0.5.259 | Link | Link |
| DrayTek Vigor2960/Vigor300B Command Injection | assets | High | (hw:"DrayTek Vigor2960" OR hw:"DrayTek Vigor300b" OR hw:"DrayTek Vigor 2960" OR hw:"DrayTek Vigor 300b") AND osversion:>0 AND osversion:<"1.5.1.5" | Link | Link |
| Eclipse Jetty 12.0 < 12.0.25 HTTP/2 MadeYouReset DoS | software | High | (vendor:=Eclipse OR vendor:="Mort Bay") AND product:Jetty AND (version:>12 AND version:<12.0.25) | Link | Link |
| Erlang OTP SSH Server Remote Code Execution | software | High | _asset.protocols:ssh AND vendor:="Erlang" AND product:="SSH" AND ((version:>=5.2.0 AND version:<5.2.10) OR (version:>4.0.0.0 AND version:<4.15.3.12) OR (version:>5.1.0.0 AND version:<5.1.4.7)) | Link | Link |
| Langflow Authentication Bypass | software | High | _asset.protocol:http AND vendor:=Langflow AND product:=Langflow AND (version:>0 AND version:<1.3.0) | Link | Link |
| Lantronix Xport Authentication Bypass | assets | High | hw:lantronix AND ((os:="Lantronix XPort%" AND not os:="Lantronix XPort Edge%") OR (lantronix.type:="XE" OR lantronix.type:="SE" OR lantronix.type:="AR" OR lantronix.type:="EH")) | Link | Link |
| Multiple Vulnerabilities In Microsoft SQL Server | software | High | vendor:=Microsoft AND (product:="SQL Server" OR product:="SQL Server 20%") AND ((version:>=13.0.0 AND version:<13.0.7055.9) OR (version:>=14.0.0 AND version:<14.0.3495.9) OR (version:>=15.0.0 AND version:<15.0.4435.7) OR (version:>=16.0.0 AND version:<16.0.4200.1)) | Link | Link |
| SAP NetWeaver Visual Composer Metadata Uploader Arbitrary File Upload | software | High | vendor:="SAP" AND product:"NetWeaver" AND (version:>7.0 AND version:<7.55) | Link | Link |
| Samsung MagicINFO Path Traversal Vulnerability | software | High | vendor:="Samsung" AND product:"MagicINFO Server" AND version:>0 AND version:<"21.1052" | Link | Link |
| Solr 5.0.0 < 8.4.0 Remote Code Execution | software | High | vendor:=Apache AND product:Solr AND (version:>=5.0.0 AND version:<8.4.0) | Link | Link |
| SysAid Help Desk XML Entity Remote Code Execution | software | High | vendor:="SysAid" AND product:"Help Desk" AND version:>0 AND version:<24.4.60 | Link | Link |
| Trimble Cityworks File Deserialization Vulnerability | software | High | vendor:="Trimble" AND product:="Cityworks" AND version:>0 AND version:<"23.10" | Link | Link |
| VMware ESXi OpenSLP Heap Buffer Overflow | assets | High | fp.os.product:"ESX" and port:427 and ( fp.os.version:="1.%" or fp.os.version:="2.%" or fp.os.version:="3.%" or fp.os.version:="4.%" or fp.os.version:="5.%" or fp.os.version:="6.0%" or fp.os.version:="6.5.0 build-4564106" or fp.os.version:="6.5.0 build-4887370" or fp.os.version:="6.5.0 build-5146843" or fp.os.version:="6.5.0 build-5146846" or fp.os.version:="6.5.0 build-5224529" or fp.os.version:="6.5.0 build-5310538" or fp.os.version:="6.5.0 build-5969300" or fp.os.version:="6.5.0 build-5969303" or fp.os.version:="6.5.0 build-6765664" or fp.os.version:="6.5.0 build-7273056" or fp.os.version:="6.5.0 build-7388607" or fp.os.version:="6.5.0 build-7967591" or fp.os.version:="6.5.0 build-8285314" or fp.os.version:="6.5.0 build-8294253" or fp.os.version:="6.5.0 build-8935087" or fp.os.version:="6.5.0 build-9298722" or fp.os.version:="6.5.0 build-10175896" or fp.os.version:="6.5.0 build-10390116" or fp.os.version:="6.5.0 build-10719125" or fp.os.version:="6.5.0 build-10868328" or fp.os.version:="6.5.0 build-10884925" or fp.os.version:="6.5.0 build-11925212" or fp.os.version:="6.5.0 build-13004031" or fp.os.version:="6.5.0 build-13635690" or fp.os.version:="6.5.0 build-13873656" or fp.os.version:="6.5.0 build-13932383" or fp.os.version:="6.5.0 build-14320405" or fp.os.version:="6.5.0 build-14874964" or fp.os.version:="6.5.0 build-14990892" or fp.os.version:="6.5.0 build-15256468" or fp.os.version:="6.5.0 build-15177306" or fp.os.version:="6.5.0 build-15256549" or fp.os.version:="6.5.0 build-16207673" or fp.os.version:="6.5.0 build-16389870" or fp.os.version:="6.5.0 build-16576879" or fp.os.version:="6.5.0 build-16576891" or fp.os.version:="6.5.0 build-16901156" or fp.os.version:="6.5.0 build-17097218" or fp.os.version:="6.5.0 build-17167537" or fp.os.version:="6.7.0 build-8169922" or fp.os.version:="6.7.0 build-8941472" or fp.os.version:="6.7.0 build-9214924" or fp.os.version:="6.7.0 build-9484548" or fp.os.version:="6.7.0 build-10176752" or fp.os.version:="6.7.0 build-10176879" or fp.os.version:="6.7.0 build-10302608" or fp.os.version:="6.7.0 build-10764712" or fp.os.version:="6.7.0 build-11675023" or fp.os.version:="6.7.0 build-13004448" or fp.os.version:="6.7.0 build-12986307" or fp.os.version:="6.7.0 build-13006603" or fp.os.version:="6.7.0 build-13473784" or fp.os.version:="6.7.0 build-13644319" or fp.os.version:="6.7.0 build-13981272" or fp.os.version:="6.7.0 build-14141615" or fp.os.version:="6.7.0 build-14320388" or fp.os.version:="6.7.0 build-15018017" or fp.os.version:="6.7.0 build-15160134" or fp.os.version:="6.7.0 build-15160138" or fp.os.version:="6.7.0 build-15999342" or fp.os.version:="6.7.0 build-15820472" or fp.os.version:="6.7.0 build-16075168" or fp.os.version:="6.7.0 build-16316930" or fp.os.version:="6.7.0 build-16701467" or fp.os.version:="6.7.0 build-16713306" or fp.os.version:="6.7.0 build-16773714" or fp.os.version:="6.7.0 build-17167699" or fp.os.version:="6.7.0 build-17098360" or fp.os.version:="6.7.0 build-17167734" or fp.os.version:="7.0.0%" or fp.os.version:="7.0.1 build-16850804" or fp.os.version:="7.0.1 build-17119627" or fp.os.version:="7.0.1 build-17168206" or fp.os.version:="7.0.1 build-17325020") | Link | Link |
| AirPlay SDK Remote Code Execution (AirBorne) | software | Medium | vendor:=Apple AND product:="airplay sdk%" AND ((version:>2.0 AND version:<2.7.1) OR (version:>3.0 AND version:<3.6.0.126)) | Link | Link |
| GitLab SAML Authentication Bypass | software | Medium | vendor:=GitLab AND product:gitlab AND ((version:>17.9 AND version:<17.9.2) OR (version:>17.8 AND version:<17.8.5) OR (version:>17.7 AND version:<17.7.7)) | Link | Link |
| OpenSSH 9.1p1 Double-Free | services | Medium | _asset.protocol:ssh AND protocol:ssh AND (_service.product:="OpenBSD:OpenSSH:9.1" OR _service.product:="OpenBSD:OpenSSH:9.1p1") | Link | Link |
| lighttpd Web Server Out-of-Bounds Memory Read | services | Medium | product:lighttpd (_service.product:=lighttpd:lighttpd:1.4.0% OR _service.product:=lighttpd:lighttpd:1.4.1% OR _service.product:=lighttpd:lighttpd:1.4.2% OR _service.product:=lighttpd:lighttpd:1.4.3% OR _service.product:=lighttpd:lighttpd:1.4.4%) | Link | Link |
Updated