CVEリスト - 高リスク・悪用確認済み脆弱性 ATT&CK の技法:Execution / RCE / Command Execution

MITRE ATT&CK CVE list for this attack path. Use risk scores and timeline to decide what to patch first and what to track next.

CVSS スコア
表示中 81100 (ほかにも結果があります)
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2026-50398 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Media allows an authorized attacker to elevate privileges over a network. 8.8 0.47% 2026-07-14 2026-07-15
CVE-2026-50385 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an authorized attacker to elevate privileges locally. 8.8 0.19% 2026-07-14 2026-07-15
CVE-2026-50382 Untrusted pointer dereference in Windows DirectX allows an authorized attacker to execute code locally. 8.8 0.28% 2026-07-14 2026-07-15
CVE-2026-50379 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Media allows an authorized attacker to elevate privileges over a network. 7.5 0.36% 2026-07-14 2026-07-15
CVE-2026-50378 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Key Guard allows an authorized attacker to elevate privileges locally. 7.8 0.24% 2026-07-14 2026-07-16
CVE-2026-50376 Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network. 6.5 0.89% 2026-07-14 2026-07-15
CVE-2026-50371 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows LUAFV allows an authorized attacker to elevate privileges locally. 7.0 0.19% 2026-07-14 2026-07-14
CVE-2026-50369 Use after free in Windows Remote Desktop Services allows an authorized attacker to elevate privileges over a network. 8.8 0.65% 2026-07-14 2026-07-15
CVE-2026-50367 Incorrect access of indexable resource ('range error') in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally. 7.8 0.24% 2026-07-14 2026-07-15
CVE-2026-50361 Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. 7.8 0.19% 2026-07-14 2026-07-15
CVE-2026-50348 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an unauthorized attacker to elevate privileges over a network. 7.0 0.33% 2026-07-14 2026-07-15
CVE-2026-50345 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an authorized attacker to elevate privileges locally. 7.0 0.19% 2026-07-14 2026-07-15
CVE-2026-50337 Incorrect type conversion or cast in Windows Notification allows an authorized attacker to elevate privileges locally. 7.8 0.32% 2026-07-14 2026-07-15
CVE-2026-50322 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an authorized attacker to elevate privileges locally. 7.0 0.19% 2026-07-14 2026-07-16
CVE-2026-50321 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Driver allows an authorized attacker to elevate privileges locally. 7.8 0.19% 2026-07-14 2026-07-16
CVE-2026-50317 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Operating Systems allows an authorized attacker to elevate privileges locally. 7.8 0.24% 2026-07-14 2026-07-16
CVE-2026-50305 Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. 7.8 0.19% 2026-07-14 2026-07-16
CVE-2026-4018 TOCTOU Race Condition in specific trace commands of the TraceEvent() system call could allow an attacker with local access and with the PROCMGR_AID_TRACE ability, to cause information disclosure, data tampering or a crash of the QNX Neutrino kernel. 6.4 0.09% 2026-07-14 2026-07-15
CVE-2026-45077 Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the server:log listener (Symfony\Bridge\Monolog\Command\ServerLogCommand) binds to 0.0.0.0:9911 by default and processes each received frame with unserialize(base64_decode($message)) without authentication, integrity checks, or an allowed_classes allowlist, allowing any reachable host to submit attacker-chosen serialized PHP payloads that can crash the li 8.3 0.45% 2026-07-14 2026-07-15
CVE-2026-58636 Improper link resolution before file access ('link following') in Window PC Manager allows an authorized attacker to elevate privileges locally. 7.8 0.27% 2026-07-14 2026-07-16
cvelogic Threat Intelligence