{
	"id": "b8a1767a-2b96-448b-8214-09bad072ce92",
	"created_at": "2026-04-06T00:15:46.567811Z",
	"updated_at": "2026-04-10T13:12:31.047595Z",
	"deleted_at": null,
	"sha1_hash": "1d43a3b61525681779e7247a531ee52470dd06f1",
	"title": "What are CVEs?",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 244799,
	"plain_text": "What are CVEs?\r\nBy DarkOwl Content Team\r\nPublished: 2024-05-14 · Archived: 2026-04-05 14:55:02 UTC\r\nMay 14, 2024\r\nCybersecurity might has well have its own language. There are so many acronyms, terms, sayings that\r\ncybersecurity professionals and threat actors both use that unless you are deeply knowledgeable, have experience\r\nin the security field or have a keen interest, one may not know. Understanding what these acronyms and terms\r\nmean is the first step to developing a thorough understanding of cybersecurity and in turn better protecting\r\nyourself, clients, and employees.\r\nIn this blog series, we aim to explain and simplify some of the most commonly used terms. In this edition, let’s\r\ndive into CVEs.\r\nCVEs 101\r\nCVE is an acronym thrown around frequently in the cybersecurity space. CVE stands for Common Vulnerabilities\r\nand Exposures. A CVE is a list of publicly disclosed cybersecurity vulnerabilities that are assigned a unique\r\nidentifier called a CVE ID. According to the National Institute of Standards and Technology, CVE defines a\r\nvulnerability as “a weakness in the computational logic (e.g., code) found in software and hardware components\r\nthat, when exploited, results in a negative impact to confidentiality, integrity, or availability. Mitigation of the\r\nvulnerabilities in this context typically involves coding changes, but could also include specification changes or\r\neven specification deprecations (e.g., removal of affected protocols or functionality in their entirety).” When a\r\nsecurity vulnerability is identified, it receives a CVE ID number. This identifier is used to monitor and reference\r\nthe vulnerability in security advisories released by vendors and researchers, and have a uniform way in searching\r\nthe same vulnerability across databases.\r\nThe concept of the CVE database originated in a whitepaper by co-creators Steven M. Christey and David E.\r\nMann of the MITRE Corporation. The initial CVE list was publicly available in 1999, and continues to grow.\r\nThere are currently over 247,000 CVEs and in the first week of 2024 alone, over 600 were cataloged. The system\r\nis maintained by the United States’ National Cybersecurity FFRDC, which is run by the MITRE Corporation and\r\nreceives finding from the US Department of Homeland Security’s National Cyber Division.\r\nKeeping a record of all CVEs allows security and IT researchers to coordinate efforts in prioritizing and resolving\r\nthese vulnerabilities. To keep CVE records organized, there is a CVE Program dedicated to identifying, defining,\r\nand cataloging publicly disclosed cybersecurity vulnerabilities.\r\nNot only are CVEs important for keeping track of vulnerabilities in a way that is repeatable, searchable and\r\ntrackable, but they raise security awareness. Because CVEs are publicly documented, there is better awareness of\r\npotential threats and security concerns. Individuals and organizations have the ability to search vulnerabilities and\r\nhttps://www.darkowl.com/blog-content/what-are-cves/\r\nPage 1 of 8\n\ntake the necessary actions to secure their computer systems and networks. CVEs allow security professionals to\r\nstay up to date on the latest security flaws and vulnerabilities.\r\nCVEs in the Wild\r\nCVE-2023-34362: MOVEit Transfer\r\nIn 2019, the Cl0p ransomware gang shifted their focus to exploiting the MOVEit vulnerability to target victims\r\nstarting in May 2023, and they carried on with this campaign throughout the summer. They exploited the SQL\r\ninjection vulnerability known as CVE-2023-34362 in the MOVEit transfer system, which is extensively utilized\r\nfor managing file transfer operations across numerous organizations. Cl0p’s exploitation of this vulnerability had\r\nsignificant repercussions for several prominent brands and companies, garnering substantial media coverage. It’s\r\nestimated that roughly 2,000 instances of the MOVEit vulnerability were exploited, affecting approximately 60\r\nmillion individuals worldwide. These figures may be conservative due to under-reported incidents and efforts by\r\naffected entities to conceal the extent of network intrusions. Nevertheless, experts projected that the group stood to\r\ngain around $100 million from exploiting this vulnerability. If this vulnerability were to be left unaddressed, it\r\ncould lead to significant data breaches, loss of sensitive information, and severe disruption of services.\r\nCVE-2023-22515: Confluence Data Center and Server by Atlassian\r\nLast fall, the Ukrainian Cyber Alliance (UCA) used CVE-2023-22515, which involves Confluence, to escalate\r\nprivileges and access Trigona’s confluence server. They gained insight into the infrastructure and published\r\nTrigona’s support documents, exfilled the developer environment and information pertaining to Trigona’s crypto\r\npayments, as well as the back-end of Trigona’s chat service and blog/leak site details. After collecting all the\r\ninformation, UCA defaced and deleted Trigona’s site. Open CVE’s provide danger to all, including the\r\ncybercriminals who use the impacted tools.\r\nCVE-2022-42475: FortiOS SSL-VPN Vulnerability\r\nContinuing their world-wide efforts to infiltrate government, military, and key sources of intel, China exploited an\r\nextant Fortinet vulnerability (CVE-2022-42475) in early February of this year. This was done to deploy a\r\nbackdoor named COATHANGER and gain access to a network used by the Dutch military. This was the first time\r\nhttps://www.darkowl.com/blog-content/what-are-cves/\r\nPage 2 of 8\n\nthe Dutch have publicly attributed a cyber incident to Chinese actors. This vulnerability, along with CVE-2023-\r\n22515, emphasize the importance of maintaining good security hygiene and always updating computer systems to\r\nthe latest version.\r\nCVEs in DarkOwl Vision\r\nCyber Actors Discuss CVEs on the Darknet\r\nCyber criminals and hackers frequently discuss vulnerabilities on the darknet for various platforms. Discussions of\r\nrelevant software and exploitability of specific CVEs can assist an organization in determining potential\r\nunpatched vulnerabilities. Figure 2 shows a forum discussion about an exploit for CVE-2022-30190, which is a\r\nMicrosoft office vulnerability that hackers can leverage for remote code execution.\r\nFigure 2: DarkOwl Vision search reveals an exploit based on CVE-2022-30190; Source: DarkOwl Vision\r\nFigure 3 shows a post to a hacker forum on the darknet by the user known by the moniker, PresidentXS, that\r\ndiscusses an Azure vulnerability, CVE-2019-1306, “Azure DevOps and Team Foundation Server Remote Code\r\nhttps://www.darkowl.com/blog-content/what-are-cves/\r\nPage 3 of 8\n\nExecution Vulnerability.” An attacker successfully exploiting this vulnerability allows for malicious code\r\nexecution on an ADO service account.\r\nFigure 3: Source: DarkOwl Vision\r\nPosts and discussion threads like these examples in DarkOwl Vision are useful for reviewing comments, exploring\r\napplications, and use cases for the vulnerability specifically.\r\nTokenization\r\nBased on feedback from our customers, CVEs are identified and tokenized within our indexed documentation\r\ncollection. DarkOwl Vision UI users can search for results containing a specific CVE number, as well as for\r\nresults containing any number of CVEs. CVE tokenization makes it easier to search for CVEs along side\r\nkeywords or other entities such as onion domains or threat actor aliases.\r\nhttps://www.darkowl.com/blog-content/what-are-cves/\r\nPage 4 of 8\n\nFigure 4: CVE search in Vision UI; Source: DarkOwl Vision\r\nActor Explore\r\nDarkOwl’s Actor Explore feature provides invaluable insights into cyber threat actors, empowering security\r\nprofessionals, researchers, and organizations with analyst curated information about threat actors, enhancing their\r\nability to understand and combat cybersecurity threats effectively. Each actor profile in Actor Explore includes a\r\ndetailed dossier, offering an in-depth overview of the threat actor and includes extensive information such as\r\ndarknet fingerprints, targets, tools, CVEs, contact information, and more. Actor Explore connects this information\r\nto our other data sets, including leak sites, ransomware sites, alias, cryptocurrency, etcetera that actors are\r\nassociated with. This wealth of data enables users to gain a profound understanding of the threat actors, their\r\ntactics, and the potential risks they pose.\r\nA DarkOwl Vision user can also search in Actor Explore by CVE. This filtering option makes it easier to find and\r\ncompare actors of interest.\r\nhttps://www.darkowl.com/blog-content/what-are-cves/\r\nPage 5 of 8\n\nFigure 5: DarkOwl Actor Explore result for Cl0p and the CVEs they exploit; Source: DarkOwl Vision\r\nhttps://www.darkowl.com/blog-content/what-are-cves/\r\nPage 6 of 8\n\nFigure 6: Example of CVE filtering in Actor Explore; Source: DarkOwl Vision\r\nResources\r\nKeeping up to date on CVEs is essential to maintaining a secure IT environment. Below are a couple free\r\nresources available for tracking and researching CVEs.\r\nCVE Program Mission: Identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. View\r\nthe 228,713 CVE records available.\r\nCVE Tracker: A New Motional Open-Source Tool for Tracking Common Vulnerabilities and Exposures.\r\nView tool here.\r\nTo take investigations the next step, root cause mapping of vulnerabilities is best done by correlating CVE\r\nRecords. Check out guidance from Mitre here.\r\nTo see DarkOwl Vision and our collection of CVEs in action, contact us.\r\nhttps://www.darkowl.com/blog-content/what-are-cves/\r\nPage 7 of 8\n\nSource: https://www.darkowl.com/blog-content/what-are-cves/\r\nhttps://www.darkowl.com/blog-content/what-are-cves/\r\nPage 8 of 8",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MISPGALAXY",
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.darkowl.com/blog-content/what-are-cves/"
	],
	"report_names": [
		"what-are-cves"
	],
	"threat_actors": [
		{
			"id": "4a73cb62-be05-49d2-9dbb-1298606ec0a3",
			"created_at": "2025-03-07T02:00:03.799095Z",
			"updated_at": "2026-04-10T02:00:03.827106Z",
			"deleted_at": null,
			"main_name": "Ukrainian Cyber Alliance",
			"aliases": [
				"UCA"
			],
			"source_name": "MISPGALAXY:Ukrainian Cyber Alliance",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "98cd3bc4-fd41-4087-be03-f6f8f3be7b67",
			"created_at": "2025-05-29T02:00:03.220566Z",
			"updated_at": "2026-04-10T02:00:03.871851Z",
			"deleted_at": null,
			"main_name": "Cyber Alliance",
			"aliases": [],
			"source_name": "MISPGALAXY:Cyber Alliance",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434546,
	"ts_updated_at": 1775826751,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/1d43a3b61525681779e7247a531ee52470dd06f1.pdf",
		"text": "https://archive.orkl.eu/1d43a3b61525681779e7247a531ee52470dd06f1.txt",
		"img": "https://archive.orkl.eu/1d43a3b61525681779e7247a531ee52470dd06f1.jpg"
	}
}