MITRE ATT&CK CVE list for this attack path. Use risk scores and timeline to decide what to patch first and what to track next.
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2026-45077 | Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the server:log listener (Symfony\Bridge\Monolog\Command\ServerLogCommand) binds to 0.0.0.0:9911 by default and processes each received frame with unserialize(base64_decode($message)) without authentication, integrity checks, or an allowed_classes allowlist, allowing any reachable host to submit attacker-chosen serialized PHP payloads that can crash the li | 8.3 | 0.45% | 2026-07-14 | 2026-07-15 |
| CVE-2026-58636 | Improper link resolution before file access ('link following') in Window PC Manager allows an authorized attacker to elevate privileges locally. | 7.8 | 0.27% | 2026-07-14 | 2026-07-16 |
| CVE-2026-58608 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to execute code over a network. | 8.8 | 0.53% | 2026-07-14 | 2026-07-15 |
| CVE-2026-58526 | Use after free in Windows Storage allows an authorized attacker to elevate privileges locally. | 7.0 | 0.15% | 2026-07-14 | 2026-07-15 |
| CVE-2026-57097 | Untrusted search path in Microsoft XML allows an unauthorized attacker to bypass a security feature with a physical attack. | 6.4 | 0.25% | 2026-07-14 | 2026-07-14 |
| CVE-2026-55003 | Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network. | 6.5 | 0.67% | 2026-07-14 | 2026-07-14 |
| CVE-2026-54999 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over an adjacent network. | 8.8 | 0.30% | 2026-07-14 | 2026-07-15 |
| CVE-2026-54996 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally. | 7.0 | 0.16% | 2026-07-14 | 2026-07-15 |
| CVE-2026-54991 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally. | 7.8 | 0.19% | 2026-07-14 | 2026-07-15 |
| CVE-2026-54112 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K allows an authorized attacker to elevate privileges locally. | 7.8 | 0.16% | 2026-07-14 | 2026-07-15 |
| CVE-2026-54111 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally. | 7.0 | 0.16% | 2026-07-14 | 2026-07-15 |
| CVE-2026-54107 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K allows an authorized attacker to elevate privileges locally. | 8.8 | 0.19% | 2026-07-14 | 2026-07-15 |
| CVE-2026-50384 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Clip Service allows an authorized attacker to elevate privileges locally. | 7.0 | 0.16% | 2026-07-14 | 2026-07-16 |
| CVE-2026-50364 | Improper link resolution before file access ('link following') in Windows Server Backup allows an authorized attacker to elevate privileges locally. | 7.3 | 0.35% | 2026-07-14 | 2026-07-16 |
| CVE-2026-50356 | Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Windows App Store allows an authorized attacker to elevate privileges locally. | 7.0 | 0.16% | 2026-07-14 | 2026-07-16 |
| CVE-2026-49808 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally. | 7.8 | 0.16% | 2026-07-14 | 2026-07-16 |
| CVE-2026-49806 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally. | 7.0 | 0.16% | 2026-07-14 | 2026-07-16 |
| CVE-2026-49803 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally. | 7.0 | 0.16% | 2026-07-14 | 2026-07-16 |
| CVE-2026-49802 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally. | 7.0 | 0.16% | 2026-07-14 | 2026-07-16 |
| CVE-2026-49791 | Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally. | 7.1 | 0.28% | 2026-07-14 | 2026-07-15 |