Weaknesses¶
NodeZero identifies and surfaces many weaknesses that it finds during a pentest. Within test results, these weaknesses are designated either with a CVE identifier (e.g., CVE-2021-44228) for publicly identified Common Vulnerabilities and Exposures, or with an H3 weakness identifier (e.g., H3-2022-0001) for weaknesses discovered through Horizon3 AI original research.
This page provides a reference for H3 (Horizon3 AI–discovered) weaknesses. These weaknesses might appear in your pentest reports up to 90 days before we publicly list them on this site. (For details, please see our Vulnerability Disclosure Policy). Once these weaknesses are publicly disclosed and assigned a CVE ID, we add that CVE in pentest results.
For details on previously disclosed CVEs that NodeZero finds in tests, please search the official CVE website maintained by the MITRE Corporation.
| Weakness ID | Name |
|---|---|
| H3-2020-0001 | Remote Desktop Username Disclosure |
| H3-2020-0002 | Anonymous Access to ZooKeeper API |
| H3-2020-0003 | Anonymous Access to Printer using PJL or PS |
| H3-2020-0004 | Zone Transfer Allowed to Any Server |
| H3-2020-0005 | Anonymous FTP Enabled |
| H3-2020-0006 | LDAP Null Bind Allowed |
| H3-2020-0007 | SMB Null Session Allowed |
| H3-2020-0008 | Guest Account Enabled |
| H3-2020-0009 | Weak NFS Export Permissions |
| H3-2020-0010 | NFS UID/GID Manipulation Possible |
| H3-2020-0011 | Weak NTFS Permissions |
| H3-2020-0012 | LLMNR/NBT-NS Poisoning Possible |
| H3-2020-0013 | SMB Relay Attack Possible |
| H3-2020-0014 | Weak or Default Credentials |
| H3-2020-0015 | Lack of Network Segmentation/Segregation |
| H3-2020-0016 | Insecure IPMI Implementation |
| H3-2020-0017 | IPMI Cipher Zero Vulnerability |
| H3-2020-0018 | Fundamentally Insecure Protocols Detected |
| H3-2020-0019 | Outdated Vulnerable Software Versions Detected |
| H3-2020-0020 | Credential Reuse Identified |
| H3-2020-0021 | Unauthenticated Access to the Jenkins Script Console |
| H3-2020-0022 | Insecure Java JMX Configuration |
| H3-2020-0023 | Apache Hadoop YARN ResourceManager Unauthenticated Command Execution |
| H3-2020-0024 | Vulnerable SSL Insecure Client Renegotiation |
| H3-2020-0025 | Vulnerable SSL Version |
| H3-2020-0026 | Vulnerable SSL RC4 Algorithm |
| H3-2020-0027 | Vulnerable SSL Weak Ciphers |
| H3-2020-0028 | FTP Directory Traversal Vulnerability |
| H3-2020-0029 | Print Spooler Service on Domain Controller Enabled |
| H3-2020-0030 | Android Debug Bridge (ADB) over TCP Enabled |
| H3-2021-0001 | Public Access to Amazon S3 Bucket |
| H3-2021-0002 | Subdomain Takeover |
| H3-2021-0003 | Unauthenticated Access to Sensitive Kubelet API Endpoints |
| H3-2021-0004 | Kubernetes Privileged Container Exposure |
| H3-2021-0005 | Unauthenticated Kubelet API Remote Code Execution Vulnerability |
| H3-2021-0006 | Unauthenticated Kubernetes API Server Access |
| H3-2021-0007 | Kubernetes Service Account Token Exposure |
| H3-2021-0008 | Unauthenticated Etcd Access |
| H3-2021-0009 | Unauthenticated Docker Registry API Access |
| H3-2021-0010 | Unauthenticated Docker Engine API Access |
| H3-2021-0011 | Kerberos Pre-Authentication Disabled |
| H3-2021-0012 | Weak or Default Credentials - FTP |
| H3-2021-0013 | Weak or Default Credentials - Telnet |
| H3-2021-0014 | Weak or Default Credentials - SSH |
| H3-2021-0015 | Weak or Default Credentials - SNMP |
| H3-2021-0016 | Weak or Default Credentials - Microsoft SQL Server |
| H3-2021-0017 | Weak or Default Credentials - MySQL |
| H3-2021-0018 | Weak or Default Credentials - Postgres |
| H3-2021-0019 | Weak or Default Credentials - Password Spray |
| H3-2021-0020 | Weak or Default Credentials - Cracked Credentials |
| H3-2021-0021 | Weak or Default Credentials - Web Applications |
| H3-2021-0022 | IPV6 DNS Hijacking Possible Using Mitm6 |
| H3-2021-0023 | Public Access to Azure Blob Storage Container |
| H3-2021-0024 | Dangling DNS Record |
| H3-2021-0025 | Expired SSL/TLS Certificate |
| H3-2021-0026 | Public Self-Signed Certificate |
| H3-2021-0027 | Weak Account Lockout Threshold |
| H3-2021-0028 | Weak Password Strength Requirements |
| H3-2021-0029 | AWS Unrestricted Assume Role Access |
| H3-2021-0030 | SMB Signing Not Required |
| H3-2021-0031 | Public Access to Git Repository |
| H3-2021-0032 | Credential Reuse |
| H3-2021-0033 | mDNS Poisoning Possible |
| H3-2021-0034 | LLMNR Poisoning Possible |
| H3-2021-0035 | NBT-NS Poisoning Possible |
| H3-2021-0036 | Unauthenticated Access to Elasticsearch |
| H3-2021-0037 | Werkzeug Debug Console Enabled |
| H3-2021-0038 | Kerberoasting |
| H3-2021-0039 | Unrestricted Sudo Privileges |
| H3-2021-0040 | AWS Instance Metadata Service v1 Exposed |
| H3-2021-0041 | Apache Druid Server-Side Request Forgery Vulnerability |
| H3-2021-0042 | Credential Dumping - Security Account Manager (SAM) Database |
| H3-2021-0043 | Credential Dumping - Local Security Authority (LSA) Secrets |
| H3-2021-0044 | Credential Dumping - Local Security Authority Subsystem Service (LSASS) Memory |
| H3-2021-0045 | Credential Dumping - /etc/shadow File |
| H3-2021-0046 | Credential Dumping - Active Directory Services Database (NTDS) |
| H3-2021-0047 | JBoss Application Server HTTP Invoker Remote Code Execution Vulnerability |
| H3-2021-0048 | Open Mail Relay |
| H3-2022-0001 | Web Application Cross Site Scripting Vulnerability |
| H3-2022-0002 | Azure Multi-Factor Authentication Disabled |
| H3-2022-0003 | Remote Desktop Protocol (RDP) Port Exposed to the Internet |
| H3-2022-0004 | Server Message Block (SMB) Port Exposed to the Internet |
| H3-2022-0005 | Secure Socket Shell (SSH) Port Exposed to the Internet |
| H3-2022-0006 | Database Port Exposed to the Internet |
| H3-2022-0007 | Telnet Port Exposed to the Internet |
| H3-2022-0008 | File Transfer Protocol (FTP) Port Exposed to the Internet |
| H3-2022-0009 | Simple Network Management Protocol (SNMP) Port Exposed to the Internet |
| H3-2022-0010 | Risky Port Exposed to the Internet |
| H3-2022-0011 | Zoho ManageEngine ADAudit Plus Remote Code Execution Vulnerability |
| H3-2022-0012 | Unauthenticated Access to Jira Dashboards |
| H3-2022-0013 | Unauthenticated Access to Jira Projects |
| H3-2022-0015 | Web Application Path Traversal Vulnerability |
| H3-2022-0016 | Active Directory Certificate Services Misconfiguration Privilege Escalation - Subject Alternative Name |
| H3-2022-0017 | Active Directory Certificate Services Misconfiguration Privilege Escalation - Any Purpose or No (aka SubCA) EKU Misconfiguration |
| H3-2022-0018 | Active Directory Certificate Services Misconfigured Enrollment Agent Template |
| H3-2022-0019 | Active Directory Certificate Services - Template May Be Requested by Enrollment Agent Signature |
| H3-2022-0020 | Active Directory Certificate Services Misconfigured Template Access Controls |
| H3-2022-0021 | Active Directory Certificate Services Domain Escalation via Vulnerable PKI AD Object Access Controls |
| H3-2022-0022 | Active Directory Certificate Services - EDITF_ATTRIBUTESUBJECTALTNAME2 flag set |
| H3-2022-0023 | Active Directory Certificate Services: Vulnerable Certificate Authority Access Control |
| H3-2022-0024 | Active Directory Certificate Services Misconfiguration: NTLM Relay to AD CS HTTP Endpoint |
| H3-2022-0025 | Unauthenticated Access to Kibana |
| H3-2022-0026 | Unauthenticated Access to Kubeflow |
| H3-2022-0027 | Unauthenticated Access to Jupyter |
| H3-2022-0028 | Unauthenticated Access to Apache Solr |
| H3-2022-0029 | Unauthenticated Access to ThoughtWorks GoCD |
| H3-2022-0030 | Unauthenticated Access to Paessler PRTG Network Monitor |
| H3-2022-0031 | Unauthenticated Access to Mongo Express |
| H3-2022-0032 | Unauthenticated Access to Prometheus Alertmanager |
| H3-2022-0033 | Unauthenticated Access to Jenkins People Directory |
| H3-2022-0034 | Anonymous Access to Zoho ManageEngine ADManager Plus Employee Search |
| H3-2022-0035 | Unauthenticated Access to JavaMelody Monitoring Console |
| H3-2022-0036 | Guest Access to Zabbix Dashboards |
| H3-2022-0037 | Laravel Debug Mode Enabled |
| H3-2022-0038 | Ruby on Rails Debug Mode Enabled |
| H3-2022-0039 | Golang pprof Debugging Endpoint Enabled |
| H3-2022-0040 | Symfony Debug Mode Enabled |
| H3-2022-0041 | Symfony Profiler Enabled |
| H3-2022-0042 | Django Debug Mode Enabled |
| H3-2022-0043 | Backup File Exposure |
| H3-2022-0044 | Shell History File Exposure |
| H3-2022-0045 | PHPinfo Page Exposed |
| H3-2022-0046 | Rails Database Configuration File Exposure |
| H3-2022-0047 | Apache Tomcat Example Scripts Exposed |
| H3-2022-0048 | Apache Web Server Configuration File Exposure |
| H3-2022-0049 | IIS web.config File Exposure |
| H3-2022-0050 | PHP-FPM Configuration File Exposure |
| H3-2022-0051 | Symfony Configuration File Exposure |
| H3-2022-0052 | Ansible Configuration File Exposure |
| H3-2022-0053 | Laravel .env File Exposure |
| H3-2022-0054 | CGI Test Script Exposed |
| H3-2022-0055 | phpMyAdmin Setup Page Exposed |
| H3-2022-0056 | Anonymous Deployment Privileges in JFrog Artifactory |
| H3-2022-0057 | jQuery File Upload Widget Exposed |
| H3-2022-0058 | Jolokia Local File Inclusion Misconfiguration |
| H3-2022-0059 | Spring Boot Configuration Properties Actuator Exposed |
| H3-2022-0060 | Spring Boot Env Actuator Exposed |
| H3-2022-0061 | Apache Web Server htpasswd File Exposure |
| H3-2022-0062 | Microsoft FrontPage service.pwd File Exposure |
| H3-2022-0063 | Private Keys Exposed on Web Server |
| H3-2022-0064 | Rails Secret Token Exposure |
| H3-2022-0065 | Unauthenticated Access to Apache Airflow |
| H3-2022-0066 | Git Repo Exposed on a Web Server |
| H3-2022-0067 | Weak or Default Credentials - MongoDB |
| H3-2022-0068 | Airflow Configuration Exposure |
| H3-2022-0069 | Web Directory Listing |
| H3-2022-0070 | Anonymous MongoDB Access |
| H3-2022-0071 | Jenkins Self-Signup Enabled |
| H3-2022-0072 | Apache Airflow Debug Mode Enabled |
| H3-2022-0073 | Microsoft Windows Machine Account NTLM Coercion via Authenticated LSARPC Spoofing |
| H3-2022-0074 | AWS Assume Role Access |
| H3-2022-0075 | Public-Facing Application Exposed with HTTP Basic Authentication |
| H3-2022-0076 | Unauthenticated AWS Cognito Role |
| H3-2022-0077 | Amazon Relational Database Service (RDS) DB Instance Is Exposed to the Internet |
| H3-2022-0078 | Unauthenticated Gitlab User Enumeration |
| H3-2022-0079 | Credential Dumping - AWS Instance Metadata Service v2 |
| H3-2022-0080 | WordPress Unauthenticated User Enumeration |
| H3-2022-0081 | Atlassian Jira Unauthenticated User Enumeration via the User Picker Browser |
| H3-2022-0082 | Exposed Kubernetes Version |
| H3-2022-0083 | Anonymous Access to the Kubernetes Dashboard |
| H3-2022-0084 | Credential Reuse - Windows Local Administrator Accounts |
| H3-2022-0085 | Credential Reuse - Shared Windows Local User and Domain User Accounts |
| H3-2022-0086 | Domain User with Local Administrator Privileges |
| H3-2022-0087 | Password Reuse |
| H3-2022-0088 | Public Access to Amazon EC2 AMI |
| H3-2022-0089 | Public Access to Amazon EBS Snapshot |
| H3-2022-0090 | Public Access to Amazon RDS Snapshot |
| H3-2022-0091 | Credential Dumping - Chrome Browser |
| H3-2022-0092 | Kubernetes Remote Code Execution with Service Token |
| H3-2022-0093 | Weak or Default Credentials - Cracked Credentials from Active Directory Services Database (NTDS) |
| H3-2022-0094 | Kubernetes Read with Service Account Token |
| H3-2022-0095 | Password Reuse Found in Active Directory Services Database (NTDS) |
| H3-2022-0096 | Lexmark Printer Command Injection Vulnerability |
| H3-2022-0097 | Kerberos Pass-the-Ticket Attack |
| H3-2023-0001 | Apache Superset Authentication Bypass Misconfiguration |
| H3-2023-0002 | Flask Authentication Bypass Misconfiguration |
| H3-2023-0003 | Pre-Windows 2000 Computer Set |
| H3-2023-0004 | Detection: Kerberoasting |
| H3-2023-0005 | Detection: A Hidden Machine Account Was Created |
| H3-2023-0006 | Detection: Pass-The-Hash |
| H3-2023-0007 | Detection: 3CXDesktopApp Supply Chain Attack |
| H3-2023-0008 | AWS Multi-Factor Authentication Disabled |
| H3-2023-0009 | Kerberos Unconstrained Delegation |
| H3-2023-0010 | Kerberos Constrained Delegation |
| H3-2023-0011 | Microsoft Windows Machine Account NTLM Coercion via EventLog Remoting Protocol Manipulation |
| H3-2023-0012 | Microsoft Windows Machine Account NTLM Coercion via Print Spooler Protocol Manipulation |
| H3-2023-0013 | Authenticated Microsoft Windows Machine Account NTLM Coercion via File Server Remote VSS Protocol Manipulation |
| H3-2023-0014 | Authenticated Microsoft Windows Machine Account NTLM Coercion via Distributed File System Namespace Management Protocol Manipulation |
| H3-2023-0015 | Authenticated Microsoft Windows Machine Account NTLM Coercion via EventLog Remoting Protocol Manipulation |
| H3-2023-0016 | Authenticated Microsoft Windows Machine Account NTLM Coercion via Print Spooler Protocol Manipulation |
| H3-2023-0017 | Microsoft Windows Machine Account NTLM Coercion via File Server Remote VSS Protocol Manipulation |
| H3-2023-0018 | Microsoft Windows Machine Account NTLM Coercion via Distributed File System Namespace Management Protocol Manipulation |
| H3-2023-0019 | Credential Dumping - Data Protection API (DPAPI) Secrets |
| H3-2023-0020 | PaperCut File Upload Remote Code Execution Vulnerability |
| H3-2023-0021 | Phished Credential |
| H3-2023-0022 | PaperCut Arbitrary File Read and Deletion Vulnerability |
| H3-2023-0023 | Apache Solr Arbitrary File Read Vulnerability |
| H3-2023-0027 | NextGen Mirth Connect Remote Code Execution Vulnerability |
| H3-2023-0028 | H2 Embedded Database Misconfiguration |
| H3-2023-0029 | Password in Active Directory User Attribute |
| H3-2023-0030 | Active Directory - User Password Not Required |
| H3-2024-0001 | AWS Privilege Escalation - iam:AttachUserPolicy |
| H3-2024-0002 | AWS Privilege Escalation - iam:PutUserPolicy |
| H3-2024-0003 | AWS Privilege Escalation - iam:AttachRolePolicy |
| H3-2024-0004 | AWS Privilege Escalation - iam:PutRolePolicy |
| H3-2024-0005 | AWS Privilege Escalation - iam:CreateAccessKey |
| H3-2024-0006 | AWS Privilege Escalation - iam:CreateLoginProfile |
| H3-2024-0007 | AWS Privilege Escalation - iam:UpdateLoginProfile |
| H3-2024-0008 | AWS Privilege Escalation - iam:UpdateAssumeRolePolicy |
| H3-2024-0009 | AWS Privilege Escalation - iam:CreatePolicyVersion |
| H3-2024-0010 | Microsoft Entra (AzureAD) Connect Credential Dumping |
| H3-2024-0011 | Microsoft Entra (AzureAD) - Over-Privileged Service Principal |
| H3-2024-0012 | Microsoft Entra (AzureAD) - Service Principal Takeover |
| H3-2024-0015 | NextChat Open Proxy Server-Side Request Forgery Vulnerability |
| H3-2024-0016 | AWS Privilege Escalation - iam:AttachGroupPolicy |
| H3-2024-0017 | AWS Privilege Escalation - iam:PutGroupPolicy |
| H3-2024-0018 | Unauthenticated Access to Redis |
| H3-2024-0019 | Credential Dumping - Office365 Application Memory |
| H3-2024-0028 | NodeZero Remote Access Tool Deployed and Executed |
| H3-2024-0029 | Active Directory User has Entra Administrator Role |
| H3-2024-0030 | Traccar Device Image Upload Remote Code Execution Vulnerability |
| H3-2024-0031 | Gradio Arbitrary File Read Vulnerability |
| H3-2024-0032 | Traccar Self-Signup Enabled |
| H3-2024-0033 | Jupyter Server on Windows Credential Leak Vulnerability |
| H3-2024-0034 | NTLM Authentication Endpoint Exposed to the Internet |
| H3-2024-0035 | AWS Access Key Id Third Party Canary |
| H3-2024-0036 | Improper use of AWS Administrator Access |
| H3-2024-0037 | Azure Cloud Kerberos Trust Abuse |
| H3-2024-0038 | Microsoft Entra (AzureAD) - Entra Group Takeover |
| H3-2024-0039 | Microsoft Graph App Role Privilege Elevation |
| H3-2024-0040 | Palo Alto Expedition Authenticated Command Injection Vulnerability |
| H3-2024-0041 | Palo Alto Expedition Unauthenticated SQL Injection Vulnerability |
| H3-2024-0042 | Palo Alto Expedition Authenticated Sensitive Information Leak Vulnerability |
| H3-2024-0043 | AWS Privilege Escalation via iam:PassRole and cloudformation:CreateStack |
| H3-2024-0044 | AWS Privilege Escalation via iam:PassRole, lambda:CreateFunction, and lambda:InvokeFunction |
| H3-2024-0045 | AWS Privilege Escalation via iam:PassRole and ec2:RunInstances |
| H3-2024-0046 | Over-Privileged StackSet Execution Role |
| H3-2024-0051 | Intune Mobile Device Management Remote Code Execution (RCE) |
| H3-2024-0052 | CUPS-browsed Server Side Request Forgery Vulnerability |
| H3-2024-0053 | Ivanti Endpoint Manager Multiple NTLM Credential Coercion Vulnerabilities |
| H3-2024-0054 | Kubernetes Identity can Create a Pod and Escape to the Node |
| H3-2024-0056 | Microsoft SQL Server NTLM Credential Coercion Vulnerability |
| H3-2024-0057 | Active Directory gMSA Account Password Exposure |
| H3-2024-0058 | Improper use of K8S Cluster Admin Access |
| H3-2024-0059 | Kubernetes Service Account Can Execute Code in Pods |
| H3-2024-0060 | Insecure Storage of Connection Strings in Application Properties |
| H3-2024-0061 | CyberPower PowerPanel Enterprise SQL Injection Vulnerability |
| H3-2025-0001 | SimpleHelp Path Traversal Vulnerability |
| H3-2025-0002 | Management Console Exposed to the Internet |
| H3-2025-0003 | IIS Shortname Disclosure Vulnerability |
| H3-2025-0004 | GitHub Actions Artifacts Credential Leakage |
| H3-2025-0005 | GitHub Actions Dangerous Triggers |
| H3-2025-0006 | GitHub Actions Excessive Permissions |
| H3-2025-0007 | GitHub Actions Hardcoded Container Credentials |
| H3-2025-0008 | GitHub Actions Imposter Commit |
| H3-2025-0009 | GitHub Actions Known Vulnerable Actions |
| H3-2025-0010 | GitHub Actions Ref Confusion |
| H3-2025-0011 | GitHub Actions Self Hosted Runner |
| H3-2025-0012 | GitHub Actions Template Injection |
| H3-2025-0013 | GitHub Actions Unpinned Uses |
| H3-2025-0014 | GitHub Actions Insecure Commands |
| H3-2025-0015 | GitHub Actions Dangerous Environment Variable Writes |
| H3-2025-0016 | GitHub Actions Cache Poisoning |
| H3-2025-0017 | GitHub Actions Secrets Inheritance |
| H3-2025-0018 | GitHub Actions Dangerous Bot Conditions |
| H3-2025-0019 | Git Repo-Jacking |
| H3-2025-0020 | Wordpress Accessible WPConfig |
| H3-2025-0021 | Wordpress Directory Listing |
| H3-2025-0022 | Wordpress DB Repair Exposed |
| H3-2025-0023 | Wordpress Newsletter Manager < 1.5 - Unauthenticated Open Redirect |
| H3-2025-0024 | Active Directory Misconfiguration: Low-Privilege User with GenericAll Privileges |
| H3-2025-0025 | Langflow Code Injection Vulnerability |
| H3-2025-0026 | Kentico Xperience Staging Service Authentication Bypass WT-2025-0006 Vulnerability |
| H3-2025-0027 | Kentico Xperience Staging Service Authentication Bypass WT-2025-0011 Vulnerability |
| H3-2025-0028 | Unsecured InfluxDB Access via Misconfiguration |
| H3-2025-0032 | Generic .env File Exposure |
| H3-2025-0033 | Docker Compose File Exposure |
| H3-2025-0034 | GoCD Encryption Key Exposure in Pipeline Configuration |
| H3-2025-0044 | Oracle EBS Bispgraph File Access Vulnerability |
| H3-2025-0046 | Samsung MagicINFO 9 Server Remote Code Execution Vulnerability |
| H3-2025-0047 | Puppet Node Manager Authorization Bypass |
| H3-2025-0048 | PHP Debug Interface Exposure |
| H3-2025-0049 | Thinkphp Remote Code Execution Vulnerability |
| H3-2025-0051 | UpdraftPlus Plugin PEM Key Exposure |
| H3-2025-0052 | Golden Ticket |
| H3-2025-0053 | Fortinet FortiSIEM Arbitrary File Write Remote Code Execution Vulnerability |
| H3-2025-0054 | N-able N-central Authenticated XML External Entity (XXE) Vulnerability |
| H3-2025-0055 | FreePBX Authentication Bypass File Upload RCE |
| H3-2025-0056 | FreePBX Authentication Bypass SQL Injection |
| H3-2025-0057 | N-able N-central Authentication Bypass Vulnerability |
| H3-2025-0058 | SCCM Hierarchy Takeover via NTLM Coercion and Relay to MSSQL |
| H3-2025-0060 | Gladinet Centrestack MachineKey Deserialization Vulnerability |
| H3-2025-0062 | SCCM Hierarchy Takeover via NTLM Coercion and Relay to SMB |
| H3-2025-0064 | osTicket Self-Signup Enabled |
| H3-2025-0065 | osTicket Anonymous Ticket Creation with Rich Text Content Enabled |
| H3-2025-0066 | osTicket PHP Filter Chain Injection Vulnerability |
| H3-2025-0067 | LAPS Password Exposure |
| H3-2025-0068 | Privilege Escalation - Potato Style Exploit |
| H3-2025-0073 | LDAP Signing Not Required |
| H3-2025-0074 | LDAP Channel Binding Not Required |
| H3-2025-0080 | Sensitive Information Disclosure to Unauthenticated Users |
| H3-2026-0002 | Kubernetes Nodes Proxy GET Permission Remote Code Execution |
| H3-2026-0003 | MSSQL EXECUTE AS Impersonation Privilege Escalation Vulnerability |
| H3-2026-0004 | Active Directory Certificate Services Misconfiguration: NTLM Relay to AD CS RPC Endpoint |
| H3-2026-0005 | Web Application UNC Absolute Path Traversal Vulnerability |
| H3-2026-0007 | SSH ControlMaster Socket Abuse |
| H3-2026-0008 | Apache ActiveMQ Jolokia Remote Code Execution Vulnerability |
| H3-2026-0011 | Reversible Password Encryption Enabled on Domain Controller |
| H3-2026-0012 | Fortinet FortiClient EMS Improper Access Control Vulnerability |
| H3-2026-0013 | Insecure Direct Object Reference (IDOR) / Broken Object Level Authorization (BOLA) |
| H3-2026-0014 | Nagios XI SQL Injection Vulnerability |
| H3-2026-0015 | Azure Storage Account Allows Blob Public Access |
| H3-2026-0016 | Net-SNMP EXTEND-MIB Read/Write Access Remote Code Execution |
| H3-2026-0021 | Azure Container Registry Anonymous Pull Enabled |
| H3-2026-0022 | Azure Container Registry Public Network Access Enabled |
| H3-2026-0023 | Azure Container Registry Admin User Enabled |