聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2026-3991 | Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 MP2 HF15, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.8 | 0.16% | 2026-03-30 | 2026-04-01 |
| CVE-2026-3862 | Cross-site Scripting (XSS) allows an attacker to submit specially crafted data to the application which is returned unaltered in the resulting web page. | 4.6 | 0.19% | 2026-03-10 | 2026-05-07 |
| CVE-2026-11815 | An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution. | 5.3 | 0.29% | 2026-06-10 | 2026-06-10 |
| CVE-2026-11626 | CleanWipe Removal Tool (macOS), prior to 16.0.0.65, may be susceptible to an Local Privilege Escalation vulnerability, which is a type of issue whereby an attacker with limited privilege access on an affected system can escalate their privileges to gain administrative control. | 5.4 | 0.11% | 2026-06-10 | 2026-06-10 |
| CVE-2025-9059 | The Altiris Core Agent Updater package (AeXNSC.exe) is prone to an elevation of privileges vulnerability through DLL hijacking. | 8.8 | 0.11% | 2025-09-11 | 2026-04-15 |
| CVE-2025-8661 | A stored Cross-Site Scripting vulnerability (XSS) occurs when the server does not properly validate or encode the data entered by the user. | 4.6 | 0.15% | 2025-08-11 | 2025-09-16 |
| CVE-2025-8660 | Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed. | 5.6 | 0.29% | 2025-08-11 | 2025-09-16 |
| CVE-2025-5333 | Remote attackers can execute arbitrary code in the context of the vulnerable service process. | 9.5 | 0.69% | 2025-07-06 | 2026-04-15 |
| CVE-2025-3599 | Symantec Endpoint Protection Windows Agent, running an ERASER Engine prior to 119.1.7.8, may be susceptible to an Elevation of Privilege vulnerability, which may allow an attacker to delete resources that are normally protected from an application or user. | 6.5 | 0.23% | 2025-04-30 | 2025-08-21 |
| CVE-2025-24508 | Extraction of Account Connectivity Credentials (ACCs) from the IT Management Agent secure storage | 6.4 | 0.06% | 2025-07-07 | 2026-04-15 |
| CVE-2025-24507 | This vulnerability allows appliance compromise at boot time. | 8.9 | 0.18% | 2025-01-30 | 2026-04-15 |
| CVE-2025-24506 | A specific authentication strategy allows to learn ids of PAM users associated with certain authentication types. | 5.3 | 0.24% | 2025-01-30 | 2026-04-15 |
| CVE-2025-24505 | This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file. | 8.8 | 0.28% | 2025-01-30 | 2026-04-15 |
| CVE-2025-24504 | An improper input validation the CSRF filter results in unsanitized user input written to the application logs. | 5.3 | 0.23% | 2025-01-30 | 2026-04-15 |
| CVE-2025-24503 | A malicious actor can fix the session of a PAM user by tricking the user to click on a specially crafted link to the PAM server. | 9.3 | 0.23% | 2025-01-30 | 2026-04-15 |
| CVE-2025-24502 | An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address. | 5.3 | 0.21% | 2025-01-30 | 2026-04-15 |
| CVE-2025-24501 | An improper input validation allows an unauthenticated attacker to alter PAM logs by sending a specially crafted HTTP request. | 5.3 | 0.28% | 2025-01-30 | 2026-04-15 |
| CVE-2025-24500 | The vulnerability allows an unauthenticated attacker to access information in PAM database. | 8.7 | 0.22% | 2025-01-30 | 2026-04-15 |
| CVE-2025-13919 | Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a COM Hijacking vulnerability, which is a type of issue whereby an attacker attempts to establish persistence and evade detection by hijacking COM references in the Windows Registry. | 4.4 | 0.13% | 2026-01-28 | 2026-04-15 |
| CVE-2025-13918 | Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 6.7 | 0.15% | 2026-01-28 | 2026-04-15 |