NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2023-3519 KEV | Unauthenticated remote code execution | 9.8 | 93.48% | 2023-07-19 | 2025-10-24 |
| CVE-2023-24489 KEV | A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller. | 9.8 | 94.39% | 2023-07-10 | 2026-02-26 |
| CVE-2022-27518 KEV | Unauthenticated remote arbitrary code execution | 9.8 | 27.69% | 2022-12-13 | 2026-02-25 |
| CVE-2022-27510 | Unauthorized access to Gateway user capabilities | 9.8 | 1.18% | 2022-11-08 | 2024-11-21 |
| CVE-2023-24492 | A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts. | 9.6 | 0.44% | 2023-07-11 | 2024-11-21 |
| CVE-2024-6235 | Sensitive information disclosure in NetScaler Console | 9.4 | 87.09% | 2024-07-10 | 2025-05-14 |
| CVE-2023-4966 KEV | Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. | 9.4 | 94.35% | 2023-10-10 | 2025-10-24 |
| CVE-2025-5777 KEV | Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server | 9.3 | 64.97% | 2025-06-17 | 2025-10-30 |
| CVE-2025-7775 KEV | Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS an | 9.2 | 7.79% | 2025-08-26 | 2025-10-24 |
| CVE-2025-6543 KEV | Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server | 9.2 | 1.06% | 2025-06-25 | 2025-10-24 |
| CVE-2025-7776 | Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it | 8.8 | 0.32% | 2025-08-26 | 2025-09-03 |
| CVE-2024-12284 | Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows. | 8.8 | 4.24% | 2025-02-20 | 2025-07-25 |
| CVE-2025-8424 | Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access | 8.7 | 0.38% | 2025-08-26 | 2026-04-15 |
| CVE-2025-5349 | Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway | 8.7 | 0.88% | 2025-06-17 | 2025-08-06 |
| CVE-2025-0320 | Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows | 8.6 | 0.07% | 2025-06-17 | 2025-08-06 |
| CVE-2024-6286 | Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows | 8.5 | 0.15% | 2024-07-10 | 2025-07-25 |
| CVE-2024-6151 | Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS | 8.5 | 0.16% | 2024-07-10 | 2025-07-25 |
| CVE-2024-8534 | Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled OR the appliance must be configured as a Gateway (VPN Vserver) and RDP Proxy Server Profile is created and set to Gateway (VPN Vserver) OR the appliance must be configured as a Auth Server (AAA Vserver) with RDP Feature enabled | 8.4 | 1.35% | 2024-11-12 | 2025-07-25 |
| CVE-2023-3466 | Reflected Cross-Site Scripting (XSS) | 8.3 | 1.24% | 2023-07-19 | 2024-11-21 |
| CVE-2022-27513 | Remote desktop takeover via phishing | 8.3 | 0.41% | 2022-11-08 | 2024-11-21 |