聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。
分配机构(CNA / 来源):[email protected] 移除此筛选
| CVE | 描述 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|
| CVE-2022-27506 | Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI | 2.7 | 0.61% | 2022-04-13 | 2026-06-17 |
| CVE-2022-26355 | Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module (TPM) to incorrectly store that key in the Microsoft Software Key Storage Provider (MSKSP). This issue only occurs if PowerShell was used when configuring FAS to store the registration authority certificate’s private key in the TPM. It does not occur if the TPM was not selected for use or if the FAS adminis | 4.4 | 0.17% | 2022-03-10 | 2026-06-17 |
| CVE-2024-6150 | A non-admin user can cause short-term disruption in Target VM availability in Citrix Provisioning | 4.8 | 0.24% | 2024-07-10 | 2026-06-17 |
| CVE-2024-6149 | Redirection of users to a vulnerable URL in Citrix Workspace app for HTML5 | 4.8 | 0.21% | 2024-07-10 | 2026-06-17 |
| CVE-2023-6184 | Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting | 5.0 | 46.61% | 2024-01-17 | 2026-06-17 |
| CVE-2024-8069 KEV | Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server | 5.1 | 14.74% | 2024-11-12 | 2026-06-17 |
| CVE-2024-8068 KEV | Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain | 5.1 | 1.39% | 2024-11-12 | 2026-06-17 |
| CVE-2024-5492 | Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites in NetScaler ADC and NetScaler Gateway | 5.1 | 0.57% | 2024-07-10 | 2026-06-17 |
| CVE-2024-6148 | Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5 | 5.3 | 0.40% | 2024-07-10 | 2026-06-17 |
| CVE-2022-27516 | User login brute force protection functionality bypass | 5.3 | 0.60% | 2022-11-08 | 2026-06-17 |
| CVE-2022-27512 | Temporary disruption of the ADM license service. The impact of this includes preventing new licenses from being issued or renewed by Citrix ADM. | 5.3 | 0.88% | 2022-06-16 | 2026-06-17 |
| CVE-2024-7890 | Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows | 5.4 | 0.18% | 2024-09-11 | 2026-06-17 |
| CVE-2023-5914 | Cross-site scripting (XSS) | 5.4 | 73.14% | 2024-01-17 | 2026-06-17 |
| CVE-2023-6548 KEV | Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface. | 5.5 | 3.19% | 2024-01-17 | 2026-06-17 |
| CVE-2023-24486 | A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched. | 5.5 | 0.18% | 2023-07-10 | 2026-06-17 |
| CVE-2023-24484 | A malicious user can cause log files to be written to a directory that they do not have permission to write to. | 5.5 | 0.26% | 2023-02-16 | 2026-06-17 |
| CVE-2024-8535 | Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources OR the appliance must be configured as an Auth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources | 5.8 | 0.42% | 2024-11-12 | 2026-06-17 |
| CVE-2025-1223 | An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac | 5.9 | 0.15% | 2025-02-19 | 2026-06-17 |
| CVE-2025-1222 | An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac | 5.9 | 0.15% | 2025-02-19 | 2026-06-17 |
| CVE-2025-12101 | Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server | 5.9 | 24.58% | 2025-11-11 | 2026-06-17 |