CVEリスト - 高リスク・悪用確認済み脆弱性 ATT&CK の技法:Execution / RCE / Command Execution

MITRE ATT&CK CVE list for this attack path. Use risk scores and timeline to decide what to patch first and what to track next.

CVSS スコア
表示中 101120 (ほかにも結果があります)
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2026-45077 Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the server:log listener (Symfony\Bridge\Monolog\Command\ServerLogCommand) binds to 0.0.0.0:9911 by default and processes each received frame with unserialize(base64_decode($message)) without authentication, integrity checks, or an allowed_classes allowlist, allowing any reachable host to submit attacker-chosen serialized PHP payloads that can crash the li 8.3 0.45% 2026-07-14 2026-07-15
CVE-2026-58636 Improper link resolution before file access ('link following') in Window PC Manager allows an authorized attacker to elevate privileges locally. 7.8 0.27% 2026-07-14 2026-07-16
CVE-2026-58608 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to execute code over a network. 8.8 0.53% 2026-07-14 2026-07-15
CVE-2026-58526 Use after free in Windows Storage allows an authorized attacker to elevate privileges locally. 7.0 0.15% 2026-07-14 2026-07-15
CVE-2026-57097 Untrusted search path in Microsoft XML allows an unauthorized attacker to bypass a security feature with a physical attack. 6.4 0.25% 2026-07-14 2026-07-14
CVE-2026-55003 Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network. 6.5 0.67% 2026-07-14 2026-07-14
CVE-2026-54999 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over an adjacent network. 8.8 0.30% 2026-07-14 2026-07-15
CVE-2026-54996 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally. 7.0 0.16% 2026-07-14 2026-07-15
CVE-2026-54991 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally. 7.8 0.19% 2026-07-14 2026-07-15
CVE-2026-54112 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K allows an authorized attacker to elevate privileges locally. 7.8 0.16% 2026-07-14 2026-07-15
CVE-2026-54111 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally. 7.0 0.16% 2026-07-14 2026-07-15
CVE-2026-54107 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K allows an authorized attacker to elevate privileges locally. 8.8 0.19% 2026-07-14 2026-07-15
CVE-2026-50384 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Clip Service allows an authorized attacker to elevate privileges locally. 7.0 0.16% 2026-07-14 2026-07-16
CVE-2026-50364 Improper link resolution before file access ('link following') in Windows Server Backup allows an authorized attacker to elevate privileges locally. 7.3 0.35% 2026-07-14 2026-07-16
CVE-2026-50356 Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Windows App Store allows an authorized attacker to elevate privileges locally. 7.0 0.16% 2026-07-14 2026-07-16
CVE-2026-49808 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally. 7.8 0.16% 2026-07-14 2026-07-16
CVE-2026-49806 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally. 7.0 0.16% 2026-07-14 2026-07-16
CVE-2026-49803 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally. 7.0 0.16% 2026-07-14 2026-07-16
CVE-2026-49802 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally. 7.0 0.16% 2026-07-14 2026-07-16
CVE-2026-49791 Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally. 7.1 0.28% 2026-07-14 2026-07-15
cvelogic Threat Intelligence