CVE 列表 – 发现高风险与在野利用漏洞

聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。

分配机构(CNA / 来源):[email protected] 移除此筛选

显示 81100375 条结果
CVE 描述 最高 CVSS EPSS % 公开时间 更新时间
CVE-2017-13682 In Symantec Encryption Desktop before SED 10.4.1 MP2HF1, a kernel memory leak is a type of resource leak that can occur when a computer program incorrectly manages memory allocations in such a way that memory which is no longer needed is not released. In object-oriented programming, a memory leak may happen when an object is stored in memory but cannot be accessed by the running code. 5.7 0.28% 2017-10-23 2026-06-16
CVE-2024-38495 A specific authentication strategy allows a malicious attacker to learn ids of all PAM users defined in its database. 5.3 0.28% 2024-07-15 2026-06-17
CVE-2025-24501 An improper input validation allows an unauthenticated attacker to alter PAM logs by sending a specially crafted HTTP request. 5.3 0.28% 2025-01-30 2026-06-17
CVE-2025-24505 This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file. 8.8 0.28% 2025-01-30 2026-06-17
CVE-2024-38491 The vulnerability allows an unauthenticated attacker to read arbitrary information from the database. 8.4 0.28% 2024-07-15 2026-06-17
CVE-2015-6556 EACommunicatorSrv.exe in the Framework Service in the client in Symantec Endpoint Encryption (SEE) before 11.1.0 allows remote authenticated users to discover credentials by triggering a memory dump. 2.3 0.28% 2015-12-18 2026-06-16
CVE-2025-8660 Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed. 5.6 0.29% 2025-08-11 2026-06-17
CVE-2024-38493 A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI. 6.8 0.29% 2024-07-15 2026-06-17
CVE-2024-36457 The vulnerability allows an attacker to bypass the authentication requirements for a specific PAM endpoint. 5.3 0.29% 2024-07-15 2026-06-17
CVE-2015-8150 Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows local users to obtain root access by modifying a batch file. 7.8 0.29% 2016-02-18 2026-06-16
CVE-2017-15526 Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a null pointer de-reference issue, which can result in a NullPointerException that can lead to a privilege escalation scenario. 6.8 0.29% 2017-11-13 2026-06-16
CVE-2015-8156 Unquoted Windows search path vulnerability in EEDService in Symantec Endpoint Encryption (SEE) 11.x before 11.1.1 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe. 7.8 0.29% 2016-05-13 2026-06-16
CVE-2026-11815 An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution. 5.3 0.29% 2026-06-10 2026-06-17
CVE-2016-6591 A security bypass vulnerability exists in Symantec Norton App Lock 1.0.3.186 and earlier if application pinning is enabled, which could let a local malicious user bypass security restrictions. 7.1 0.29% 2020-01-08 2026-06-16
CVE-2017-13675 A denial of service (DoS) attack in Symantec Endpoint Encryption before SEE 11.1.3HF2 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network. 4.2 0.29% 2017-10-10 2026-06-16
CVE-2019-18373 Norton App Lock, prior to 1.4.0.503, may be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking other apps on the device, thereby allowing the individual to gain access. 5.6 0.30% 2019-11-18 2026-06-16
CVE-2020-5835 Symantec Endpoint Protection Manager, prior to 14.3, has a race condition in client remote deployment which may result in an elevation of privilege on the remote machine. 7.0 0.30% 2020-05-11 2026-06-16
CVE-2019-12756 Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights. 2.3 0.30% 2019-11-15 2026-06-16
CVE-2013-1610 Unquoted Windows search path vulnerability in RDDService in Symantec PGP Desktop 10.0.x through 10.2.x and Symantec Encryption Desktop 10.3.0 before MP3 allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory. 6.8 0.30% 2013-08-05 2026-06-16
CVE-2016-6590 A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec Encryption Desktop 10.x prior to 10.4.1, which could let a local malicious user execute arbitrary code. 7.8 0.32% 2020-01-08 2026-06-16
cvelogic Threat Intelligence