Vulnerability detail

Tenable Blog · May 27, 2026

Tenable Research has developed a graph-based model linking 600+ threat groups to real-world customer exposures. It reveals which vulnerabilities sit at the intersection of severity, active exploitation, and organizational risk.Key takeawaysThe "patch everything" strategy is dead: Vulnerability prioritization based on exploitation risk offers a path forward. A directed graph model linking 600+ threat actors to vulnerabilities in 7,800 customer environments reveals that 68% of organizations carry at least one CVE previously exploited by a named adversary, and 321 tracked threat groups can reach at least one customer environment through an active vulnerability. Prevalence of "Elite Arsenal" CVEs requires immediate attention: The 242 "Elite Arsenal" CVEs — those meeting all three criteria of critical VPR (≥ 9), CISA KEV listing, and documented threat group exploitation — are nearly universally present across the studied customer base, with 241 of 242 actively detected. More than half are five or more years old, and 78% of the persistently exploited core are simultaneously weaponized by nation-state APTs, commodity malware operators, and ransomware gangs. Non-CVE exposures are universally dangerous: Non-CVE exposures, including misconfigurations, weak credentials, and end-of-life software, are present in virtually 100% of studied organizations, with 60% carrying at least one that maps to a tracked threat actor's preferred techniques. Preliminary modeling suggests these exposures may confer more breach risk than CVE-linked findings, yet no industry-standard scoring infrastructure exists to prioritize them.While the first two posts in this blog series documented the accelerating vulnerability flood and the widening remediation gap, today we answer the outstanding question: Where do these forces actually collide inside customer environments? Using a directed graph model that maps more than 600 tracked threat groups to vulnerabilities observed across 7,800 organizations,...

github · Created 2024-06-22 14:25:39 UTC · 0 stars

CVE-2023-23397: Remote Code Execution Vulnerability in Microsoft Outlook

github · Created 2023-10-26 09:26:32 UTC · 3 stars

This script exploits CVE-2023-23397, a Zero-Day vulnerability in Microsoft Outlook, allowing the generation of malicious emails for testing and educational purposes.

github · Created 2023-07-14 22:02:55 UTC · 21 stars

github · Created 2023-05-07 18:21:35 UTC · 6 stars

CVE-2023-23397 PoC

github · Created 2023-03-31 03:35:30 UTC · 3 stars

CVE-2023-23397漏洞的简单PoC，有效载荷通过电子邮件发送。

github · Created 2023-03-21 18:38:00 UTC · 25 stars

Proof of Concept for CVE-2023-23397 in Python

github · Created 2023-03-20 16:31:54 UTC · 123 stars

Simple PoC of the CVE-2023-23397 vulnerability with the payload sent by email.

github · Created 2023-03-19 08:07:58 UTC · 2 stars

github · Created 2023-03-18 21:14:21 UTC · 9 stars

github · Created 2023-03-17 17:35:14 UTC · 7 stars

Generates meeting requests taking advantage of CVE-2023-23397. This requires the outlook thick client to send.

github · Created 2023-03-17 10:18:26 UTC · 6 stars

Exploit POC for CVE-2023-23397

github · Created 2023-03-17 03:38:50 UTC · 0 stars

CVE-2023-23397 Remediation Script (Powershell)

github · Created 2023-03-16 19:43:39 UTC · 344 stars

github · Created 2023-03-16 19:10:37 UTC · 40 stars

Simple PoC in PowerShell for CVE-2023-23397

github · Created 2023-03-16 15:00:26 UTC · 4 stars

Python script to create a message with the vulenrability properties set

github · Created 2023-03-16 14:07:15 UTC · 3 stars

CVE-2023-23397 - Microsoft Outlook Vulnerability

github · Created 2023-03-15 17:03:38 UTC · 161 stars

Exploit for the CVE-2023-23397