CVE 清單 – 發現高風險與在野利用漏洞

聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。

指派機構(CNA / 來源):[email protected] 移除此篩選

顯示 2140375 筆結果
CVE 描述 最高 CVSS EPSS % 公開時間 更新時間
CVE-2025-13917 WSS Agent, prior to 9.8.5, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. 7.0 0.08% 2026-01-28 2026-06-17
CVE-2025-10847 DX Unified Infrastructure Management (Nimsoft/UIM) and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system. 8.4 0.43% 2025-10-01 2026-06-17
CVE-2025-0893 Symantec Diagnostic Tool (SymDiag), prior to 3.0.79, may be susceptible to a Privilege Escalation vulnerability. 7.8 0.06% 2025-02-19 2026-06-17
CVE-2024-38499 CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesn't allow a non-admin/non-root user to execute "caf encrypt"/"sd_acmd encrypt" commands. 7.3 0.22% 2024-12-17 2026-06-17
CVE-2024-38496 The vulnerability allows a malicious low-privileged PAM user to access information about other PAM users and their group memberships. 5.1 0.25% 2024-07-15 2026-06-17
CVE-2024-38495 A specific authentication strategy allows a malicious attacker to learn ids of all PAM users defined in its database. 5.3 0.28% 2024-07-15 2026-06-17
CVE-2024-38494 This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request. 8.6 0.56% 2024-07-15 2026-06-17
CVE-2024-38493 A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI. 6.8 0.29% 2024-07-15 2026-06-17
CVE-2024-38492 This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. 9.4 0.94% 2024-07-15 2026-06-17
CVE-2024-38491 The vulnerability allows an unauthenticated attacker to read arbitrary information from the database. 8.4 0.28% 2024-07-15 2026-06-17
CVE-2024-36459 A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser. 8.4 0.42% 2024-06-14 2026-06-17
CVE-2024-36458 The vulnerability allows a malicious low-privileged PAM user to perform server upgrade related actions. 5.1 0.20% 2024-07-15 2026-06-17
CVE-2024-36457 The vulnerability allows an attacker to bypass the authentication requirements for a specific PAM endpoint. 5.3 0.29% 2024-07-15 2026-06-17
CVE-2024-36456 This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. 9.4 0.94% 2024-07-15 2026-06-17
CVE-2024-36455 An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request. 9.4 0.47% 2024-07-15 2026-06-17
CVE-2024-11035 Carbon Black Cloud Windows Sensor, prior to 4.0.3, may be susceptible to an Information Leak vulnerability, which s a type of issue whereby sensitive information may b exposed due to a vulnerability in software. 2.5 0.07% 2025-03-05 2026-06-17
CVE-2023-23958 Symantec Protection Engine, prior to 9.1.0, may be susceptible to a Hash Leak vulnerability. 6.8 0.52% 2023-09-27 2026-06-17
CVE-2023-23957 An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4 5.4 0.28% 2023-09-19 2026-06-17
CVE-2023-23956 A user can supply malicious HTML and JavaScript code that will be executed in the client browser 5.4 3.08% 2023-05-30 2026-06-17
CVE-2023-23955 Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability. 8.1 0.47% 2023-05-31 2026-06-17
cvelogic Threat Intelligence