CVE 列表 – 发现高风险与在野利用漏洞

聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。

分配机构(CNA / 来源):[email protected] 移除此筛选

显示 120213 条结果
«« 第一页 « 上一页 第 1 / 11 页 下一页 »
CVE 描述 最高 CVSS EPSS % 公开时间 更新时间
CVE-2026-3991 Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 MP2 HF15, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. 7.8 0.16% 2026-03-30 2026-06-17
CVE-2025-13918 Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. 6.7 0.15% 2026-01-28 2026-06-17
CVE-2025-13917 WSS Agent, prior to 9.8.5, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. 7.0 0.08% 2026-01-28 2026-06-17
CVE-2025-10847 DX Unified Infrastructure Management (Nimsoft/UIM) and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system. 8.4 0.43% 2025-10-01 2026-06-17
CVE-2025-9059 The Altiris Core Agent Updater package (AeXNSC.exe) is prone to an elevation of privileges vulnerability through DLL hijacking. 8.8 0.11% 2025-09-11 2026-06-17
CVE-2025-24508 Extraction of Account Connectivity Credentials (ACCs) from the IT Management Agent secure storage 6.4 0.06% 2025-07-07 2026-06-17
CVE-2025-5333 Remote attackers can execute arbitrary code in the context of the vulnerable service process. 9.5 0.69% 2025-07-06 2026-06-17
CVE-2025-3599 Symantec Endpoint Protection Windows Agent, running an ERASER Engine prior to 119.1.7.8, may be susceptible to an Elevation of Privilege vulnerability, which may allow an attacker to delete resources that are normally protected from an application or user. 6.5 0.23% 2025-04-30 2026-06-17
CVE-2025-0893 Symantec Diagnostic Tool (SymDiag), prior to 3.0.79, may be susceptible to a Privilege Escalation vulnerability. 7.8 0.06% 2025-02-19 2026-06-17
CVE-2025-24507 This vulnerability allows appliance compromise at boot time. 8.9 0.18% 2025-01-30 2026-06-17
CVE-2025-24505 This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file. 8.8 0.28% 2025-01-30 2026-06-17
CVE-2025-24503 A malicious actor can fix the session of a PAM user by tricking the user to click on a specially crafted link to the PAM server. 9.3 0.23% 2025-01-30 2026-06-17
CVE-2025-24500 The vulnerability allows an unauthenticated attacker to access information in PAM database. 8.7 0.22% 2025-01-30 2026-06-17
CVE-2024-38499 CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesn't allow a non-admin/non-root user to execute "caf encrypt"/"sd_acmd encrypt" commands. 7.3 0.22% 2024-12-17 2026-06-17
CVE-2024-38494 This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request. 8.6 0.56% 2024-07-15 2026-06-17
CVE-2024-38493 A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI. 6.8 0.29% 2024-07-15 2026-06-17
CVE-2024-38492 This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. 9.4 0.94% 2024-07-15 2026-06-17
CVE-2024-38491 The vulnerability allows an unauthenticated attacker to read arbitrary information from the database. 8.4 0.28% 2024-07-15 2026-06-17
CVE-2024-36456 This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. 9.4 0.94% 2024-07-15 2026-06-17
CVE-2024-36455 An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request. 9.4 0.47% 2024-07-15 2026-06-17
«« 第一页 « 上一页 第 1 / 11 页 下一页 »
cvelogic Threat Intelligence