NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2025-9059 | The Altiris Core Agent Updater package (AeXNSC.exe) is prone to an elevation of privileges vulnerability through DLL hijacking. | 8.8 | 0.11% | 2025-09-11 | 2026-06-17 |
| CVE-2025-24507 | This vulnerability allows appliance compromise at boot time. | 8.9 | 0.18% | 2025-01-30 | 2026-06-17 |
| CVE-2025-24500 | The vulnerability allows an unauthenticated attacker to access information in PAM database. | 8.7 | 0.22% | 2025-01-30 | 2026-06-17 |
| CVE-2025-24503 | A malicious actor can fix the session of a PAM user by tricking the user to click on a specially crafted link to the PAM server. | 9.3 | 0.23% | 2025-01-30 | 2026-06-17 |
| CVE-2025-24505 | This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file. | 8.8 | 0.28% | 2025-01-30 | 2026-06-17 |
| CVE-2024-38491 | The vulnerability allows an unauthenticated attacker to read arbitrary information from the database. | 8.4 | 0.28% | 2024-07-15 | 2026-06-17 |
| CVE-2024-36459 | A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser. | 8.4 | 0.42% | 2024-06-14 | 2026-06-17 |
| CVE-2025-10847 | DX Unified Infrastructure Management (Nimsoft/UIM) and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system. | 8.4 | 0.43% | 2025-10-01 | 2026-06-17 |
| CVE-2023-23955 | Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability. | 8.1 | 0.47% | 2023-05-31 | 2026-06-17 |
| CVE-2024-36455 | An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request. | 9.4 | 0.47% | 2024-07-15 | 2026-06-17 |
| CVE-2017-6323 | The Symantec Management Console prior to ITMS 8.1 RU1, ITMS 8.0_POST_HF6, and ITMS 7.6_POST_HF7 has an issue whereby XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. | 8.0 | 0.52% | 2018-04-16 | 2026-06-16 |
| CVE-2024-38494 | This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request. | 8.6 | 0.56% | 2024-07-15 | 2026-06-17 |
| CVE-2016-9092 | The Symantec Content Analysis (CA) 1.3, 2.x prior to 2.2.1.1, and Mail Threat Defense (MTD) 1.1 management consoles are susceptible to a cross-site request forging (CSRF) vulnerability. A remote attacker can use phishing or other social engineering techniques to access the management console with the privileges of an authenticated administrator user. | 8.8 | 0.57% | 2017-05-11 | 2026-06-16 |
| CVE-2016-2204 | The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input. | 8.2 | 0.67% | 2016-04-22 | 2026-06-16 |
| CVE-2022-37016 | Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 9.8 | 0.67% | 2022-12-01 | 2026-06-17 |
| CVE-2025-5333 | Remote attackers can execute arbitrary code in the context of the vulnerable service process. | 9.5 | 0.69% | 2025-07-06 | 2026-06-17 |
| CVE-2022-37015 | Symantec Endpoint Detection and Response (SEDR) Appliance, prior to 4.7.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 9.8 | 0.69% | 2022-11-08 | 2026-06-17 |
| CVE-2022-25625 | A malicious unauthorized PAM user can access the administration configuration data and change the values. | 8.8 | 0.70% | 2022-08-26 | 2026-06-17 |
| CVE-2018-12243 | The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths in the system identifier to access files that should not normally be accessible. | 8.8 | 0.77% | 2018-09-19 | 2026-06-16 |
| CVE-2022-25628 | An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4 | 8.8 | 0.89% | 2022-12-16 | 2026-06-17 |