Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2025-4879 | Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows | 7.3 | 0.07% | 2025-06-17 | 2025-08-06 |
| CVE-2025-0320 | Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows | 8.6 | 0.07% | 2025-06-17 | 2025-08-06 |
| CVE-2025-1223 | An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac | 5.9 | 0.15% | 2025-02-20 | 2026-04-29 |
| CVE-2025-1222 | An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac | 5.9 | 0.15% | 2025-02-20 | 2026-04-29 |
| CVE-2024-6151 | Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS | 8.5 | 0.16% | 2024-07-10 | 2025-07-25 |
| CVE-2022-26355 | Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module (TPM) to incorrectly store that key in the Microsoft Software Key Storage Provider (MSKSP). This issue only occurs if PowerShell was used when configuring FAS to store the registration authority certificate’s private key in the TPM. It does not occur if the TPM was not selected for use or if the FAS adminis | 4.4 | 0.17% | 2022-03-10 | 2024-11-21 |
| CVE-2024-5661 | An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive. | 6.0 | 0.17% | 2024-06-13 | 2024-11-21 |
| CVE-2024-7890 | Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows | 5.4 | 0.18% | 2024-09-11 | 2024-10-22 |
| CVE-2023-24486 | A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched. | 5.5 | 0.18% | 2023-07-10 | 2024-11-21 |
| CVE-2023-24491 | A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that of NT AUTHORITY\SYSTEM. | 7.8 | 0.19% | 2023-07-11 | 2024-11-21 |
| CVE-2024-6149 | Redirection of users to a vulnerable URL in Citrix Workspace app for HTML5 | 4.8 | 0.21% | 2024-07-10 | 2025-07-25 |
| CVE-2023-24485 | Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app. | 7.8 | 0.22% | 2023-02-16 | 2025-03-19 |
| CVE-2024-6677 | Privilege escalation in uberAgent | 7.3 | 0.22% | 2024-07-12 | 2025-07-25 |
| CVE-2024-6150 | A non-admin user can cause short-term disruption in Target VM availability in Citrix Provisioning | 4.8 | 0.24% | 2024-07-10 | 2025-07-25 |
| CVE-2025-6759 | Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Windows Virtual Delivery Agent for CVAD and Citrix DaaS | 7.3 | 0.24% | 2025-07-08 | 2025-08-06 |
| CVE-2024-7889 | Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows | 7.0 | 0.25% | 2024-09-11 | 2024-10-22 |
| CVE-2023-24484 | A malicious user can cause log files to be written to a directory that they do not have permission to write to. | 5.5 | 0.26% | 2023-02-16 | 2025-03-18 |
| CVE-2023-24483 | A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA. | 7.8 | 0.27% | 2023-02-16 | 2025-03-18 |
| CVE-2022-27513 | Remote desktop takeover via phishing | 8.3 | 0.27% | 2022-11-08 | 2024-11-21 |
| CVE-2023-24490 | Users with only access to launch VDA applications can launch an unauthorized desktop | 6.3 | 0.30% | 2023-07-10 | 2024-11-21 |