Threats / Contributors / Mandiant
Research org
contributor
Mandiant
cited as evidence in 52 · CNA assigner on 2 · credited finder on 3 of 53 known-exploited records. Every aggregate on this page is recomputed from the records listed below — each one already cited to its public source.
mandiant.com ↗ · home of the cited advisories
53
records cited in
deterministic count3
finder / reporter credits
CVE.org credits2
CVE records catalogued (CNA)
assigner46%
avg modeled exploit prob.
FIRST EPSS, 52/5332%
ransomware-associated
17 of 53 · CISA flag01
Known for
— recomputed from this contributor’s own recordsSurfacesApplication / other (26), Edge / remote-access infra (18), Operating system / kernel (5), Hypervisor / virtualization (3), Server / web platform (1)
WeaknessAuthentication (12), Memory safety (11), Injection (9), Path traversal / file (5), Authorization / access control (3)
PortfolioApple (8), SonicWall (5), Ivanti (5), Cisco (3), Oracle (3), Veritas (3)
PeopleNamed individuals credited under this contributor:
Stallone D’Souza, MandiantMandiant Threat DefensePeter Ukhanov from Google/Mandiant
02
Narrative reach
— how far this contributor’s records carry an attacker, front door → lights out1Front door
52reach this stage2Keys to the kingdom
52reach this stage3Lateral reach
48reach this stage4Data at risk
12reach this stage5Lights out
1reach this stageFurthest any of these records carries an attacker: 5 · Lights out. 12 of 52 narrative-framed records reach data-at-risk or lights-out. (furthest-position idiom, reused from the landing map; the stage mapping is a model output over cited evidence.)
03
Recent highlights
— this contributor’s newest known-exploited records04
Every record they’re cited in
— all 53, each linked to its cited sourceThis is the evidence behind every number above. Sorted ransomware-first, then by modeled exploit probability.
CVE-2024-21887Ivanti100%RWKEVCVE-2019-19781Citrix100%RWKEVCVE-2023-46805Ivanti100%RWKEVCVE-2025-0282Ivanti100%RWKEVCVE-2025-22457Ivanti100%RWKEVCVE-2022-42475Fortinet99%RWKEVCVE-2024-1708ConnectWise88%RWKEVCVE-2021-20021SonicWall83%RWKEVCVE-2021-27877Veritas65%RWKEVCVE-2021-20023SonicWall51%RWKEVCVE-2021-22893Ivanti47%RWKEVCVE-2021-20016SonicWall40%RWKEVCVE-2021-27878Veritas24%RWKEVCVE-2021-20022SonicWall17%RWKEVCVE-2021-27876Veritas13%RWKEVCVE-2026-35273Oracle8%RWKEVCVE-2023-4966Citrix NetScaler ADC/Gateway “Citrix Bleed”—RWKEVCVE-2023-44487IETF100%KEVCVE-2020-10189Zoho100%KEVCVE-2019-1653Cisco100%KEVCVE-2020-14750Oracle99%KEVCVE-2023-34048VMware99%KEVCVE-2022-3236Sophos99%KEVCVE-2024-47575Fortinet97%KEVCVE-2019-1652Cisco96%KEVCVE-2021-21311Adminer90%KEVCVE-2025-12480Gladinet90%KEVCVE-2020-14871Oracle80%KEVCVE-2022-28810Zoho70%KEVCVE-2020-8218Pulse Secure33%KEVCVE-2025-53690Sitecore26%KEVCVE-2022-0185Linux25%KEVCVE-2022-26871Trend Micro20%KEVCVE-2021-44207Acclaim Systems18%KEVCVE-2023-7101Spreadsheet::ParseExcel17%KEVCVE-2020-27950Apple17%KEVCVE-2022-22948VMware14%KEVCVE-2023-20867VMware14%KEVCVE-2026-22769Dell13%KEVCVE-2022-41328Fortinet12%KEVCVE-2022-20821Cisco12%KEVCVE-2021-30952Apple8%KEVCVE-2021-20035SonicWall4%KEVCVE-2023-43000Apple4%KEVCVE-2021-35247SolarWinds3%KEVCVE-2022-48503Apple3%KEVCVE-2021-43226Microsoft3%KEVCVE-2022-40139Trend Micro3%KEVCVE-2025-21590Juniper2%KEVCVE-2025-31277Apple1%KEVCVE-2023-41974Apple1%KEVCVE-2025-43520Apple0%KEVCVE-2025-43510Apple0%KEV
05