Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2023-23952 | Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability. | 9.8 | 1.35% | 2023-06-01 | 2025-01-09 |
| CVE-2023-23956 | A user can supply malicious HTML and JavaScript code that will be executed in the client browser | 5.4 | 2.97% | 2023-05-30 | 2025-01-14 |
| CVE-2022-25630 | An authenticated user can embed malicious content with XSS into the admin group policy page. | 5.4 | 1.48% | 2022-12-09 | 2025-04-23 |
| CVE-2022-37017 | Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User Interface Password protection and Policy Import/Export Password protection, if it has been enabled. | 7.5 | 1.10% | 2022-12-01 | 2025-04-24 |
| CVE-2021-46825 | Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web server responses to unintended clients. Severity/CVSSv3: High / 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N | 9.1 | 1.37% | 2022-07-07 | 2024-11-21 |
| CVE-2021-30648 | The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance. | 9.8 | 1.45% | 2021-06-30 | 2024-11-21 |
| CVE-2021-30642 | An input validation flaw in the Symantec Security Analytics web UI 7.2 prior 7.2.7, 8.1, prior to 8.1.3-NSR3, 8.2, prior to 8.2.1-NSR2 or 8.2.2 allows a remote, unauthenticated attacker to execute arbitrary OS commands on the target with elevated privileges. | 9.8 | 2.67% | 2021-04-27 | 2024-11-21 |
| CVE-2020-12594 | A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control over the SMG appliance. This affects SMG prior to 10.7.4. | 7.2 | 1.49% | 2020-12-10 | 2024-11-21 |
| CVE-2020-12593 | Symantec Endpoint Detection & Response, prior to 4.5, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. | 7.5 | 1.97% | 2020-11-18 | 2024-11-21 |
| CVE-2020-5839 | Symantec Endpoint Detection And Response, prior to 4.4, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. | 7.5 | 2.00% | 2020-07-08 | 2024-11-21 |
| CVE-2020-5834 | Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to a directory traversal attack that could allow a remote actor to determine the size of files in the directory. | 5.3 | 1.65% | 2020-05-11 | 2024-11-21 |
| CVE-2019-18375 | The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console. | 6.5 | 1.23% | 2020-04-10 | 2024-11-21 |
| CVE-2019-19547 | Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. | 6.1 | 1.38% | 2020-01-13 | 2024-11-21 |
| CVE-2016-6585 | A Denial of Service vulnerability exists in Symantec Norton Mobile Security for Android prior to 3.16, which could let a remote malicious user conduct a man-in-the-middle attack via specially crafted JavaScript. | 5.3 | 1.39% | 2020-01-08 | 2024-11-21 |
| CVE-2016-6586 | A security bypass vulnerability exists in Symantec Norton Mobile Security for Android before 3.16, which could let a malicious user conduct a man-in-the-middle via specially crafted JavaScript to add arbitrary URLs to the URL whitelist. | 3.7 | 1.32% | 2020-01-08 | 2024-11-21 |
| CVE-2016-6589 | A Denial of Service vulnerability exists in the ITMS workflow process manager login window in Symantec IT Management Suite 8.0. | 6.5 | 1.68% | 2020-01-08 | 2024-11-21 |
| CVE-2019-18379 | Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface. | 7.3 | 1.12% | 2019-12-11 | 2024-11-21 |
| CVE-2019-18377 | Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.2 | 1.40% | 2019-12-11 | 2024-11-21 |
| CVE-2019-18374 | Symantec Critical System Protection (CSP), versions 8.0, 8.0 HF1 & 8.0 MP1, may be susceptible to an authentication bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing authentication controls. | 9.8 | 1.67% | 2019-11-25 | 2024-11-21 |
| CVE-2019-12750 | Symantec Endpoint Protection, prior to 14.2 RU1 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition, prior to 12.1 RU6 MP10c (12.1.7491.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.8 | 1.25% | 2019-07-31 | 2024-11-21 |