NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2025-35991 | Improper initialization in the UEFI firmware for some Intel platforms within Ring 0: Bare Metal OS may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and avail | 5.6 | 0.10% | 2026-05-12 | 2026-05-13 |
| CVE-2025-35990 | Improper input validation for some Intel Endpoint Management Assistant (EMA) software before version 1.14.5 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via adjacent access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerab | 8.7 | 0.19% | 2026-05-12 | 2026-05-13 |
| CVE-2025-35979 | Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Processors within VMX non-root (guest) operation may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user intera | 6.8 | 0.10% | 2026-05-12 | 2026-05-13 |
| CVE-2025-35969 | Uncontrolled search path for some Intel(R) Server Firmware Update Utility Software before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may i | 5.4 | 0.09% | 2026-05-12 | 2026-05-13 |
| CVE-2025-27723 | Use after free for some Linux kernel driver for the Intel(R) Ethernet 800 series before version 2.3.14 within Ring 0: Kernel may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality ( | 6.8 | 0.10% | 2026-05-12 | 2026-05-13 |
| CVE-2026-20709 | Use of Default Cryptographic Key in the hardware for some Intel(R) Pentium(R) Processor Silver Series, Intel(R) Celeron(R) Processor J Series, Intel(R) Celeron(R) Processor N Series may allow an escalation of privilege. Hardware reverse engineer adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via physical access when attack requirements are present with special internal knowledge and requires no user in | 5.8 | 0.11% | 2026-04-08 | 2026-04-08 |
| CVE-2025-22850 | Time-of-check time-of-use race condition in the UEFI PdaSmm module for some Intel(R) reference platforms may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) | 5.6 | 0.08% | 2026-03-10 | 2026-03-11 |
| CVE-2025-22444 | Exposure of resource to wrong sphere in the UEFI PdaSmm module for some Intel(R) reference platforms may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and | 5.6 | 0.10% | 2026-03-10 | 2026-03-11 |
| CVE-2025-20105 | Improper input validation in some UEFI firmware SMM module for the Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and a | 8.7 | 0.13% | 2026-03-10 | 2026-03-11 |
| CVE-2025-20096 | Improper input validation in the UEFI firmware for some Intel Reference Platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable data manipulation. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (none), integrity (high) and availability | 5.9 | 0.14% | 2026-03-10 | 2026-03-11 |
| CVE-2025-20073 | Improper buffer restrictions in the UEFI DXE module for some Intel(R) Reference Platforms within UEFI may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (none) and | 1.8 | 0.10% | 2026-03-10 | 2026-03-11 |
| CVE-2025-20068 | Improper input validation in the UEFI ImcErrorHandler module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high | 7.1 | 0.10% | 2026-03-10 | 2026-03-11 |
| CVE-2025-20064 | Improper input validation in the UEFI FlashUcAcmSmm module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) | 8.7 | 0.11% | 2026-03-10 | 2026-03-11 |
| CVE-2025-20028 | Time-of-check time-of-use race condition in the WheaERST SMM module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrit | 7.1 | 0.08% | 2026-03-10 | 2026-03-11 |
| CVE-2025-20027 | Improper input validation in the UEFI WheaERST module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and a | 7.1 | 0.10% | 2026-03-10 | 2026-03-11 |
| CVE-2025-20005 | Improper buffer restrictions in some UEFI firmware for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable data manipulation. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (high) and availa | 5.6 | 0.10% | 2026-03-10 | 2026-03-11 |
| CVE-2025-36552 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | 該当なし | 該当なし | 2026-02-13 | 2026-02-13 |
| CVE-2025-36545 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | 該当なし | 該当なし | 2026-02-13 | 2026-02-13 |
| CVE-2025-36542 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | 該当なし | 該当なし | 2026-02-13 | 2026-02-13 |
| CVE-2025-36538 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | 該当なし | 該当なし | 2026-02-13 | 2026-02-13 |