NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2026-3991 | Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 MP2 HF15, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.8 | 0.16% | 2026-03-30 | 2026-04-01 |
| CVE-2026-3862 | Cross-site Scripting (XSS) allows an attacker to submit specially crafted data to the application which is returned unaltered in the resulting web page. | 4.6 | 0.19% | 2026-03-10 | 2026-05-07 |
| CVE-2026-11815 | An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution. | 5.3 | 0.29% | 2026-06-10 | 2026-06-10 |
| CVE-2026-11626 | CleanWipe Removal Tool (macOS), prior to 16.0.0.65, may be susceptible to an Local Privilege Escalation vulnerability, which is a type of issue whereby an attacker with limited privilege access on an affected system can escalate their privileges to gain administrative control. | 5.4 | 0.11% | 2026-06-10 | 2026-06-10 |
| CVE-2025-9059 | The Altiris Core Agent Updater package (AeXNSC.exe) is prone to an elevation of privileges vulnerability through DLL hijacking. | 8.8 | 0.11% | 2025-09-11 | 2026-04-15 |
| CVE-2025-8661 | A stored Cross-Site Scripting vulnerability (XSS) occurs when the server does not properly validate or encode the data entered by the user. | 4.6 | 0.15% | 2025-08-11 | 2025-09-16 |
| CVE-2025-8660 | Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed. | 5.6 | 0.29% | 2025-08-11 | 2025-09-16 |
| CVE-2025-5333 | Remote attackers can execute arbitrary code in the context of the vulnerable service process. | 9.5 | 0.69% | 2025-07-06 | 2026-04-15 |
| CVE-2025-3599 | Symantec Endpoint Protection Windows Agent, running an ERASER Engine prior to 119.1.7.8, may be susceptible to an Elevation of Privilege vulnerability, which may allow an attacker to delete resources that are normally protected from an application or user. | 6.5 | 0.23% | 2025-04-30 | 2025-08-21 |
| CVE-2025-24508 | Extraction of Account Connectivity Credentials (ACCs) from the IT Management Agent secure storage | 6.4 | 0.06% | 2025-07-07 | 2026-04-15 |
| CVE-2025-24507 | This vulnerability allows appliance compromise at boot time. | 8.9 | 0.18% | 2025-01-30 | 2026-04-15 |
| CVE-2025-24506 | A specific authentication strategy allows to learn ids of PAM users associated with certain authentication types. | 5.3 | 0.24% | 2025-01-30 | 2026-04-15 |
| CVE-2025-24505 | This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file. | 8.8 | 0.28% | 2025-01-30 | 2026-04-15 |
| CVE-2025-24504 | An improper input validation the CSRF filter results in unsanitized user input written to the application logs. | 5.3 | 0.23% | 2025-01-30 | 2026-04-15 |
| CVE-2025-24503 | A malicious actor can fix the session of a PAM user by tricking the user to click on a specially crafted link to the PAM server. | 9.3 | 0.23% | 2025-01-30 | 2026-04-15 |
| CVE-2025-24502 | An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address. | 5.3 | 0.21% | 2025-01-30 | 2026-04-15 |
| CVE-2025-24501 | An improper input validation allows an unauthenticated attacker to alter PAM logs by sending a specially crafted HTTP request. | 5.3 | 0.28% | 2025-01-30 | 2026-04-15 |
| CVE-2025-24500 | The vulnerability allows an unauthenticated attacker to access information in PAM database. | 8.7 | 0.22% | 2025-01-30 | 2026-04-15 |
| CVE-2025-13919 | Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a COM Hijacking vulnerability, which is a type of issue whereby an attacker attempts to establish persistence and evade detection by hijacking COM references in the Windows Registry. | 4.4 | 0.13% | 2026-01-28 | 2026-04-15 |
| CVE-2025-13918 | Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 6.7 | 0.15% | 2026-01-28 | 2026-04-15 |