聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。
分配机构(CNA / 来源):[email protected] 移除此筛选
| CVE | 描述 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|
| CVE-2026-11626 | CleanWipe Removal Tool (macOS), prior to 16.0.0.65, may be susceptible to an Local Privilege Escalation vulnerability, which is a type of issue whereby an attacker with limited privilege access on an affected system can escalate their privileges to gain administrative control. | 5.4 | 0.01% | 2026-06-10 | 2026-06-10 |
| CVE-2026-11815 | An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution. | 5.3 | 0.40% | 2026-06-10 | 2026-06-10 |
| CVE-2026-3991 | Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 MP2 HF15, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.8 | 0.01% | 2026-03-30 | 2026-04-01 |
| CVE-2026-3862 | Cross-site Scripting (XSS) allows an attacker to submit specially crafted data to the application which is returned unaltered in the resulting web page. | 4.6 | 0.03% | 2026-03-10 | 2026-05-07 |
| CVE-2025-13919 | Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a COM Hijacking vulnerability, which is a type of issue whereby an attacker attempts to establish persistence and evade detection by hijacking COM references in the Windows Registry. | 4.4 | 0.03% | 2026-01-28 | 2026-04-15 |
| CVE-2025-13918 | Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 6.7 | 0.01% | 2026-01-28 | 2026-04-15 |
| CVE-2025-13917 | WSS Agent, prior to 9.8.5, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.0 | 0.01% | 2026-01-28 | 2026-04-15 |
| CVE-2025-10847 | DX Unified Infrastructure Management (Nimsoft/UIM) and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system. | 8.4 | 0.17% | 2025-10-01 | 2026-04-15 |
| CVE-2025-9059 | The Altiris Core Agent Updater package (AeXNSC.exe) is prone to an elevation of privileges vulnerability through DLL hijacking. | 8.8 | 0.01% | 2025-09-11 | 2026-04-15 |
| CVE-2025-8661 | A stored Cross-Site Scripting vulnerability (XSS) occurs when the server does not properly validate or encode the data entered by the user. | 4.6 | 0.15% | 2025-08-11 | 2025-09-16 |
| CVE-2025-8660 | Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed. | 5.6 | 0.24% | 2025-08-11 | 2025-09-16 |
| CVE-2025-24508 | Extraction of Account Connectivity Credentials (ACCs) from the IT Management Agent secure storage | 6.4 | 0.06% | 2025-07-07 | 2026-04-15 |
| CVE-2025-5333 | Remote attackers can execute arbitrary code in the context of the vulnerable service process. | 9.5 | 1.68% | 2025-07-06 | 2026-04-15 |
| CVE-2025-3599 | Symantec Endpoint Protection Windows Agent, running an ERASER Engine prior to 119.1.7.8, may be susceptible to an Elevation of Privilege vulnerability, which may allow an attacker to delete resources that are normally protected from an application or user. | 6.5 | 0.39% | 2025-04-30 | 2025-08-21 |
| CVE-2024-11035 | Carbon Black Cloud Windows Sensor, prior to 4.0.3, may be susceptible to an Information Leak vulnerability, which s a type of issue whereby sensitive information may b exposed due to a vulnerability in software. | 2.5 | 0.07% | 2025-03-05 | 2026-04-15 |
| CVE-2025-0893 | Symantec Diagnostic Tool (SymDiag), prior to 3.0.79, may be susceptible to a Privilege Escalation vulnerability. | 7.8 | 0.06% | 2025-02-19 | 2026-04-15 |
| CVE-2025-24507 | This vulnerability allows appliance compromise at boot time. | 8.9 | 0.07% | 2025-01-30 | 2026-04-15 |
| CVE-2025-24506 | A specific authentication strategy allows to learn ids of PAM users associated with certain authentication types. | 5.3 | 0.05% | 2025-01-30 | 2026-04-15 |
| CVE-2025-24505 | This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file. | 8.8 | 0.55% | 2025-01-30 | 2026-04-15 |
| CVE-2025-24504 | An improper input validation the CSRF filter results in unsanitized user input written to the application logs. | 5.3 | 0.07% | 2025-01-30 | 2026-04-15 |