CVEリスト - 高リスク・悪用確認済み脆弱性

NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。

Assigner(CNA/発行元):[email protected] この条件を外す

CVSS スコア
表示中 120 / 4545
«« 先頭 « 前へ 1 / 228 次へ »
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2026-50518 Heap-based buffer overflow in Windows DHCP Server allows an unauthorized attacker to execute code over a network. 9.8 7.36% 2026-07-14 2026-07-15
CVE-2026-56164 KEV Missing authentication for critical function in Microsoft Office SharePoint allows an unauthorized attacker to elevate privileges over a network. 5.3 5.60% 2026-07-14 2026-07-14
CVE-2026-50522 Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network. 9.8 20.35% 2026-07-14 2026-07-15
CVE-2026-50507 Missing authentication for critical function in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. 6.8 5.01% 2026-06-09 2026-07-08
CVE-2026-49160 Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network. 7.5 48.44% 2026-06-09 2026-06-17
CVE-2026-47291 Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network. 9.8 21.51% 2026-06-09 2026-06-17
CVE-2026-45657 Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network. 9.8 15.48% 2026-06-09 2026-06-17
CVE-2026-42980 Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally. 7.8 5.66% 2026-06-09 2026-06-17
CVE-2026-42824 Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network. 6.5 7.64% 2026-06-04 2026-07-08
CVE-2026-45498 KEV Microsoft Defender Denial of Service Vulnerability 4.0 63.08% 2026-05-20 2026-06-17
CVE-2026-41091 KEV Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally. 7.8 8.37% 2026-05-20 2026-06-17
CVE-2026-42897 KEV Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. 8.1 5.64% 2026-05-14 2026-06-17
CVE-2026-41103 Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network. 9.1 5.38% 2026-05-12 2026-06-17
CVE-2026-41089 Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network. 9.8 72.25% 2026-05-12 2026-06-17
CVE-2026-40372 Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. 9.1 11.21% 2026-04-21 2026-07-14
CVE-2026-33825 KEV Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally. 7.8 6.75% 2026-04-14 2026-06-17
CVE-2026-33824 Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network. 9.8 55.85% 2026-04-14 2026-06-17
CVE-2026-32202 KEV Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network. 4.3 64.09% 2026-04-14 2026-06-17
CVE-2026-32201 KEV Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. 6.5 21.48% 2026-04-14 2026-06-17
CVE-2026-20945 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. 4.6 25.08% 2026-04-14 2026-06-17
«« 先頭 « 前へ 1 / 228 次へ »
cvelogic Threat Intelligence