Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2025-24503 | A malicious actor can fix the session of a PAM user by tricking the user to click on a specially crafted link to the PAM server. | 9.3 | 0.05% | 2025-01-30 | 2026-04-15 |
| CVE-2025-24502 | An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address. | 5.3 | 0.05% | 2025-01-30 | 2026-04-15 |
| CVE-2025-24501 | An improper input validation allows an unauthenticated attacker to alter PAM logs by sending a specially crafted HTTP request. | 5.3 | 0.14% | 2025-01-30 | 2026-04-15 |
| CVE-2025-24500 | The vulnerability allows an unauthenticated attacker to access information in PAM database. | 8.7 | 0.06% | 2025-01-30 | 2026-04-15 |
| CVE-2024-38499 | CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesn't allow a non-admin/non-root user to execute "caf encrypt"/"sd_acmd encrypt" commands. | 7.3 | 0.08% | 2024-12-17 | 2026-04-15 |
| CVE-2024-38496 | The vulnerability allows a malicious low-privileged PAM user to access information about other PAM users and their group memberships. | 5.1 | 0.05% | 2024-07-15 | 2026-04-15 |
| CVE-2024-38495 | A specific authentication strategy allows a malicious attacker to learn ids of all PAM users defined in its database. | 5.3 | 0.05% | 2024-07-15 | 2026-04-15 |
| CVE-2024-38494 | This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request. | 8.6 | 0.56% | 2024-07-15 | 2026-04-15 |
| CVE-2024-38493 | A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI. | 6.8 | 0.07% | 2024-07-15 | 2024-11-21 |
| CVE-2024-38492 | This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. | 9.4 | 1.57% | 2024-07-15 | 2026-04-15 |
| CVE-2024-38491 | The vulnerability allows an unauthenticated attacker to read arbitrary information from the database. | 8.4 | 0.06% | 2024-07-15 | 2026-04-15 |
| CVE-2024-36458 | The vulnerability allows a malicious low-privileged PAM user to perform server upgrade related actions. | 5.1 | 0.07% | 2024-07-15 | 2026-04-15 |
| CVE-2024-36457 | The vulnerability allows an attacker to bypass the authentication requirements for a specific PAM endpoint. | 5.3 | 0.02% | 2024-07-15 | 2026-04-15 |
| CVE-2024-36456 | This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. | 9.4 | 1.31% | 2024-07-15 | 2026-04-15 |
| CVE-2024-36455 | An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request. | 9.4 | 1.13% | 2024-07-15 | 2026-04-15 |
| CVE-2024-36459 | A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser. | 8.4 | 0.32% | 2024-06-14 | 2026-04-15 |
| CVE-2023-23958 | Symantec Protection Engine, prior to 9.1.0, may be susceptible to a Hash Leak vulnerability. | 6.8 | 0.24% | 2023-09-27 | 2024-11-21 |
| CVE-2023-23957 | An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4 | 5.4 | 0.28% | 2023-09-19 | 2024-11-21 |
| CVE-2023-23955 | Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability. | 8.1 | 0.21% | 2023-06-01 | 2025-01-09 |
| CVE-2023-23954 | Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Stored Cross-Site Scripting vulnerability. | 5.4 | 0.49% | 2023-06-01 | 2025-01-09 |