Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-3991 | Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 MP2 HF15, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.8 | 0.01% | 2026-03-30 | 2026-04-01 |
| CVE-2025-13917 | WSS Agent, prior to 9.8.5, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.0 | 0.01% | 2026-01-28 | 2026-04-15 |
| CVE-2025-10847 | DX Unified Infrastructure Management (Nimsoft/UIM) and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system. | 8.4 | 0.17% | 2025-10-01 | 2026-04-15 |
| CVE-2025-9059 | The Altiris Core Agent Updater package (AeXNSC.exe) is prone to an elevation of privileges vulnerability through DLL hijacking. | 8.8 | 0.01% | 2025-09-11 | 2026-04-15 |
| CVE-2025-5333 | Remote attackers can execute arbitrary code in the context of the vulnerable service process. | 9.5 | 1.68% | 2025-07-06 | 2026-04-15 |
| CVE-2025-0893 | Symantec Diagnostic Tool (SymDiag), prior to 3.0.79, may be susceptible to a Privilege Escalation vulnerability. | 7.8 | 0.06% | 2025-02-19 | 2026-04-15 |
| CVE-2025-24507 | This vulnerability allows appliance compromise at boot time. | 8.9 | 0.07% | 2025-01-30 | 2026-04-15 |
| CVE-2025-24505 | This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file. | 8.8 | 0.55% | 2025-01-30 | 2026-04-15 |
| CVE-2025-24503 | A malicious actor can fix the session of a PAM user by tricking the user to click on a specially crafted link to the PAM server. | 9.3 | 0.05% | 2025-01-30 | 2026-04-15 |
| CVE-2025-24500 | The vulnerability allows an unauthenticated attacker to access information in PAM database. | 8.7 | 0.06% | 2025-01-30 | 2026-04-15 |
| CVE-2024-38499 | CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesn't allow a non-admin/non-root user to execute "caf encrypt"/"sd_acmd encrypt" commands. | 7.3 | 0.08% | 2024-12-17 | 2026-04-15 |
| CVE-2024-38494 | This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request. | 8.6 | 0.56% | 2024-07-15 | 2026-04-15 |
| CVE-2024-38492 | This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. | 9.4 | 1.57% | 2024-07-15 | 2026-04-15 |
| CVE-2024-38491 | The vulnerability allows an unauthenticated attacker to read arbitrary information from the database. | 8.4 | 0.06% | 2024-07-15 | 2026-04-15 |
| CVE-2024-36456 | This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. | 9.4 | 1.31% | 2024-07-15 | 2026-04-15 |
| CVE-2024-36455 | An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request. | 9.4 | 1.13% | 2024-07-15 | 2026-04-15 |
| CVE-2024-36459 | A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser. | 8.4 | 0.32% | 2024-06-14 | 2026-04-15 |
| CVE-2023-23955 | Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability. | 8.1 | 0.21% | 2023-06-01 | 2025-01-09 |
| CVE-2023-23953 | Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to an Elevation of Privilege vulnerability. | 7.8 | 0.05% | 2023-06-01 | 2025-01-09 |
| CVE-2023-23952 | Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability. | 9.8 | 1.26% | 2023-06-01 | 2025-01-09 |