Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2025-13917 | WSS Agent, prior to 9.8.5, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.0 | 0.08% | 2026-01-28 | 2026-04-15 |
| CVE-2025-10847 | DX Unified Infrastructure Management (Nimsoft/UIM) and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system. | 8.4 | 0.43% | 2025-10-01 | 2026-04-15 |
| CVE-2025-0893 | Symantec Diagnostic Tool (SymDiag), prior to 3.0.79, may be susceptible to a Privilege Escalation vulnerability. | 7.8 | 0.06% | 2025-02-19 | 2026-04-15 |
| CVE-2024-38499 | CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesn't allow a non-admin/non-root user to execute "caf encrypt"/"sd_acmd encrypt" commands. | 7.3 | 0.22% | 2024-12-17 | 2026-04-15 |
| CVE-2024-38496 | The vulnerability allows a malicious low-privileged PAM user to access information about other PAM users and their group memberships. | 5.1 | 0.25% | 2024-07-15 | 2026-04-15 |
| CVE-2024-38495 | A specific authentication strategy allows a malicious attacker to learn ids of all PAM users defined in its database. | 5.3 | 0.28% | 2024-07-15 | 2026-04-15 |
| CVE-2024-38494 | This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request. | 8.6 | 0.56% | 2024-07-15 | 2026-04-15 |
| CVE-2024-38493 | A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI. | 6.8 | 0.29% | 2024-07-15 | 2024-11-21 |
| CVE-2024-38492 | This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. | 9.4 | 0.94% | 2024-07-15 | 2026-04-15 |
| CVE-2024-38491 | The vulnerability allows an unauthenticated attacker to read arbitrary information from the database. | 8.4 | 0.28% | 2024-07-15 | 2026-04-15 |
| CVE-2024-36459 | A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser. | 8.4 | 0.42% | 2024-06-14 | 2026-04-15 |
| CVE-2024-36458 | The vulnerability allows a malicious low-privileged PAM user to perform server upgrade related actions. | 5.1 | 0.20% | 2024-07-15 | 2026-04-15 |
| CVE-2024-36457 | The vulnerability allows an attacker to bypass the authentication requirements for a specific PAM endpoint. | 5.3 | 0.29% | 2024-07-15 | 2026-04-15 |
| CVE-2024-36456 | This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. | 9.4 | 0.94% | 2024-07-15 | 2026-04-15 |
| CVE-2024-36455 | An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request. | 9.4 | 0.47% | 2024-07-15 | 2026-04-15 |
| CVE-2024-11035 | Carbon Black Cloud Windows Sensor, prior to 4.0.3, may be susceptible to an Information Leak vulnerability, which s a type of issue whereby sensitive information may b exposed due to a vulnerability in software. | 2.5 | 0.07% | 2025-03-05 | 2026-04-15 |
| CVE-2023-23958 | Symantec Protection Engine, prior to 9.1.0, may be susceptible to a Hash Leak vulnerability. | 6.8 | 0.52% | 2023-09-27 | 2024-11-21 |
| CVE-2023-23957 | An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4 | 5.4 | 0.28% | 2023-09-19 | 2024-11-21 |
| CVE-2023-23956 | A user can supply malicious HTML and JavaScript code that will be executed in the client browser | 5.4 | 2.97% | 2023-05-30 | 2025-01-14 |
| CVE-2023-23955 | Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability. | 8.1 | 0.47% | 2023-06-01 | 2025-01-09 |