Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2013-5017 | SNMPConfig.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote attackers to execute arbitrary commands via unspecified vectors. | 9.8 | 23.87% | 2014-06-18 | 2026-05-06 |
| CVE-2018-5234 | The Norton Core router prior to v237 may be susceptible to a command injection exploit. This is a type of attack in which the goal is execution of arbitrary commands on the host system via vulnerable software. | 8.0 | 20.91% | 2018-04-30 | 2024-11-21 |
| CVE-2014-3437 | The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 7.5 | 17.68% | 2014-11-07 | 2026-05-06 |
| CVE-2013-1616 | The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script. | 8.3 | 15.66% | 2013-08-01 | 2026-04-29 |
| CVE-2014-3438 | Multiple cross-site scripting (XSS) vulnerabilities in console interface scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 | 13.74% | 2014-11-07 | 2026-05-06 |
| CVE-2014-7288 | Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action. | 9.0 | 11.20% | 2015-02-01 | 2026-05-06 |
| CVE-2016-10258 | Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code. | 6.8 | 10.46% | 2018-04-11 | 2024-11-21 |
| CVE-2014-9225 | The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors. | 4.0 | 10.12% | 2015-01-21 | 2026-05-06 |
| CVE-2014-3439 | ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to write to arbitrary files via unspecified vectors. | 6.1 | 9.86% | 2014-11-07 | 2026-05-06 |
| CVE-2016-2211 | The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS | 7.8 | 9.69% | 2016-06-30 | 2026-05-06 |
| CVE-2016-5309 | The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Ma | 5.5 | 8.03% | 2017-04-14 | 2026-05-13 |
| CVE-2016-5310 | The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Ma | 5.5 | 7.96% | 2017-04-14 | 2026-05-13 |
| CVE-2022-37017 | Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User Interface Password protection and Policy Import/Export Password protection, if it has been enabled. | 7.5 | 7.95% | 2022-12-01 | 2025-04-24 |
| CVE-2015-5692 | admin_messages.php in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary code by uploading a file with a safe extension and content type, and then leveraging an improper Sudo configuration to make this a setuid-root file. | 7.9 | 7.66% | 2015-09-20 | 2026-05-06 |
| CVE-2017-13677 | Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes. | 7.5 | 7.19% | 2018-04-11 | 2024-11-21 |
| CVE-2016-5304 | Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 6.8 | 7.15% | 2016-06-30 | 2026-05-06 |
| CVE-2023-23956 | A user can supply malicious HTML and JavaScript code that will be executed in the client browser | 5.4 | 7.11% | 2023-05-30 | 2025-01-14 |
| CVE-2018-12242 | The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network. | 9.8 | 6.15% | 2018-09-19 | 2024-11-21 |
| CVE-2018-5241 | Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, ASG and ProxySG incorrectly handle XML nodes with comments. A remote attacker can modify a valid SAML response without invalidating its cryptographic signature. This may allow the attacker to bypass use | 9.8 | 4.08% | 2018-05-29 | 2024-11-21 |
| CVE-2014-9224 | Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 | 3.98% | 2015-01-21 | 2026-05-06 |