CVEリスト - 高リスク・悪用確認済み脆弱性

NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。

Assigner(CNA/発行元):[email protected] この条件を外す

CVSS スコア
表示中 120 / 64
«« 先頭 « 前へ 1 / 4 次へ »
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2025-9059 The Altiris Core Agent Updater package (AeXNSC.exe) is prone to an elevation of privileges vulnerability through DLL hijacking. 8.8 0.11% 2025-09-11 2026-06-17
CVE-2025-24507 This vulnerability allows appliance compromise at boot time. 8.9 0.18% 2025-01-30 2026-06-17
CVE-2025-24500 The vulnerability allows an unauthenticated attacker to access information in PAM database. 8.7 0.22% 2025-01-30 2026-06-17
CVE-2025-24503 A malicious actor can fix the session of a PAM user by tricking the user to click on a specially crafted link to the PAM server. 9.3 0.23% 2025-01-30 2026-06-17
CVE-2025-24505 This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file. 8.8 0.28% 2025-01-30 2026-06-17
CVE-2024-38491 The vulnerability allows an unauthenticated attacker to read arbitrary information from the database. 8.4 0.28% 2024-07-15 2026-06-17
CVE-2024-36459 A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser. 8.4 0.42% 2024-06-14 2026-06-17
CVE-2025-10847 DX Unified Infrastructure Management (Nimsoft/UIM) and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system. 8.4 0.43% 2025-10-01 2026-06-17
CVE-2023-23955 Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability. 8.1 0.47% 2023-05-31 2026-06-17
CVE-2024-36455 An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request. 9.4 0.47% 2024-07-15 2026-06-17
CVE-2017-6323 The Symantec Management Console prior to ITMS 8.1 RU1, ITMS 8.0_POST_HF6, and ITMS 7.6_POST_HF7 has an issue whereby XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. 8.0 0.52% 2018-04-16 2026-06-16
CVE-2024-38494 This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request. 8.6 0.56% 2024-07-15 2026-06-17
CVE-2016-9092 The Symantec Content Analysis (CA) 1.3, 2.x prior to 2.2.1.1, and Mail Threat Defense (MTD) 1.1 management consoles are susceptible to a cross-site request forging (CSRF) vulnerability. A remote attacker can use phishing or other social engineering techniques to access the management console with the privileges of an authenticated administrator user. 8.8 0.57% 2017-05-11 2026-06-16
CVE-2016-2204 The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input. 8.2 0.67% 2016-04-22 2026-06-16
CVE-2022-37016 Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. 9.8 0.67% 2022-12-01 2026-06-17
CVE-2025-5333 Remote attackers can execute arbitrary code in the context of the vulnerable service process. 9.5 0.69% 2025-07-06 2026-06-17
CVE-2022-37015 Symantec Endpoint Detection and Response (SEDR) Appliance, prior to 4.7.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. 9.8 0.69% 2022-11-08 2026-06-17
CVE-2022-25625 A malicious unauthorized PAM user can access the administration configuration data and change the values. 8.8 0.70% 2022-08-26 2026-06-17
CVE-2018-12243 The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths in the system identifier to access files that should not normally be accessible. 8.8 0.77% 2018-09-19 2026-06-16
CVE-2022-25628 An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4 8.8 0.89% 2022-12-16 2026-06-17
«« 先頭 « 前へ 1 / 4 次へ »
cvelogic Threat Intelligence