NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2023-4966 KEV | Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. | 9.4 | 100.00% | 2023-10-10 | 2025-10-24 |
| CVE-2025-5777 KEV | Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server | 9.3 | 99.90% | 2025-06-17 | 2025-10-30 |
| CVE-2023-3519 KEV | Unauthenticated remote code execution | 9.8 | 99.34% | 2023-07-19 | 2025-10-24 |
| CVE-2023-24489 KEV | A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller. | 9.8 | 95.08% | 2023-07-10 | 2026-02-26 |
| CVE-2023-24488 | Cross site scripting vulnerability in Citrix ADC and Citrix Gateway in allows and attacker to perform cross site scripting | 6.1 | 80.91% | 2023-07-10 | 2024-11-21 |
| CVE-2023-5914 | Cross-site scripting (XSS) | 5.4 | 73.14% | 2024-01-17 | 2024-11-21 |
| CVE-2023-6549 KEV | Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read | 8.2 | 57.63% | 2024-01-17 | 2026-02-26 |
| CVE-2023-6184 | Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting | 5.0 | 46.61% | 2024-01-18 | 2024-11-21 |
| CVE-2025-12101 | Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server | 5.9 | 24.58% | 2025-11-11 | 2026-04-15 |
| CVE-2024-6235 | Sensitive information disclosure in NetScaler Console | 9.4 | 21.33% | 2024-07-10 | 2025-05-14 |
| CVE-2025-7775 KEV | Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS an | 9.2 | 18.97% | 2025-08-26 | 2025-10-24 |
| CVE-2024-8069 KEV | Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server | 5.1 | 14.74% | 2024-11-12 | 2025-10-24 |
| CVE-2022-27511 | Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted. | 8.1 | 12.05% | 2022-06-16 | 2024-11-21 |
| CVE-2024-12284 | Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows. | 8.8 | 11.92% | 2025-02-20 | 2025-07-25 |
| CVE-2025-6543 KEV | Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server | 9.2 | 9.76% | 2025-06-25 | 2025-10-24 |
| CVE-2025-4365 | Arbitrary file read in NetScaler Console and NetScaler SDX (SVM) | 6.9 | 7.01% | 2025-06-17 | 2025-08-06 |
| CVE-2022-27518 KEV | Unauthenticated remote arbitrary code execution | 9.8 | 6.93% | 2022-12-13 | 2026-02-25 |
| CVE-2025-7776 | Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it | 8.8 | 6.66% | 2025-08-26 | 2025-09-03 |
| CVE-2025-5349 | Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway | 8.7 | 3.65% | 2025-06-17 | 2025-08-06 |
| CVE-2023-6548 KEV | Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface. | 5.5 | 3.19% | 2024-01-17 | 2025-10-24 |