CVEリスト - 高リスク・悪用確認済み脆弱性

NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。

Assigner(CNA/発行元):[email protected] この条件を外す

CVSS スコア
表示中 2140 / 13924
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2026-58647 Improper neutralization of input during web page generation ('cross-site scripting') in Power BI allows an authorized attacker to perform spoofing over a network. 8.0 0.54% 2026-07-14 2026-07-16
CVE-2026-49177 Out-of-bounds read in Windows TCP/IP allows an authorized attacker to disclose information locally. 5.5 0.31% 2026-07-14 2026-07-16
CVE-2026-58545 Improper access control in Windows Kernel allows an authorized attacker to bypass a security feature locally. 5.5 0.25% 2026-07-14 2026-07-16
CVE-2026-58626 Use after free in Windows Remote Desktop Services allows an authorized attacker to execute code over a network. 8.8 0.85% 2026-07-14 2026-07-16
CVE-2026-58627 Uncontrolled resource consumption in Windows DHCP Server allows an unauthorized attacker to deny service over a network. 7.5 0.89% 2026-07-14 2026-07-16
CVE-2026-58629 Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally. 7.0 0.23% 2026-07-14 2026-07-16
CVE-2026-58632 Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally. 7.8 0.30% 2026-07-14 2026-07-16
CVE-2026-58637 Use after free in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally. 7.0 0.23% 2026-07-14 2026-07-16
CVE-2026-58638 Missing cryptographic step in Windows Boot Loader allows an authorized attacker to bypass a security feature locally. 6.0 0.23% 2026-07-14 2026-07-16
CVE-2026-62826 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. 4.6 該当なし 2026-07-16 2026-07-16
CVE-2026-59117 Integer overflow or wraparound in Windows Terminal allows an unauthorized attacker to execute code over a network. 7.5 該当なし 2026-07-16 2026-07-16
CVE-2026-58643 Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network. 6.1 該当なし 2026-07-16 2026-07-16
CVE-2026-58598 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Backup Engine allows an authorized attacker to elevate privileges locally. 7.0 該当なし 2026-07-16 2026-07-16
CVE-2026-50653 Loop with unreachable exit condition ('infinite loop') in Azure Active Directory allows an unauthorized attacker to deny service over a network. 7.5 0.80% 2026-07-14 2026-07-16
CVE-2026-50652 Deserialization of untrusted data in Azure Active Directory allows an unauthorized attacker to deny service over a network. 7.5 1.17% 2026-07-14 2026-07-16
CVE-2026-50647 Loop with unreachable exit condition ('infinite loop') in Active Directory Federation Services (AD FS) allows an unauthorized attacker to deny service over a network. 7.5 1.10% 2026-07-14 2026-07-16
CVE-2026-50411 Stack-based buffer overflow in Active Directory Federation Services (AD FS) allows an unauthorized attacker to deny service over a network. 7.5 0.80% 2026-07-14 2026-07-16
CVE-2026-50368 Stack-based buffer overflow in Active Directory Federation Services allows an unauthorized attacker to deny service over a network. 7.5 0.80% 2026-07-14 2026-07-16
CVE-2026-50355 Stack-based buffer overflow in Active Directory Federation Services allows an unauthorized attacker to deny service over a network. 7.5 1.10% 2026-07-14 2026-07-16
CVE-2026-50324 Loop with unreachable exit condition ('infinite loop') in Active Directory Federation Services (AD FS) allows an unauthorized attacker to deny service over a network. 5.9 0.80% 2026-07-14 2026-07-16
cvelogic Threat Intelligence