聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2025-0893 | Symantec Diagnostic Tool (SymDiag), prior to 3.0.79, may be susceptible to a Privilege Escalation vulnerability. | 7.8 | 0.06% | 2025-02-19 | 2026-06-17 |
| CVE-2025-24508 | Extraction of Account Connectivity Credentials (ACCs) from the IT Management Agent secure storage | 6.4 | 0.06% | 2025-07-07 | 2026-06-17 |
| CVE-2024-11035 | Carbon Black Cloud Windows Sensor, prior to 4.0.3, may be susceptible to an Information Leak vulnerability, which s a type of issue whereby sensitive information may b exposed due to a vulnerability in software. | 2.5 | 0.07% | 2025-03-05 | 2026-06-17 |
| CVE-2025-13917 | WSS Agent, prior to 9.8.5, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.0 | 0.08% | 2026-01-28 | 2026-06-17 |
| CVE-2026-11626 | CleanWipe Removal Tool (macOS), prior to 16.0.0.65, may be susceptible to an Local Privilege Escalation vulnerability, which is a type of issue whereby an attacker with limited privilege access on an affected system can escalate their privileges to gain administrative control. | 5.4 | 0.11% | 2026-06-10 | 2026-06-17 |
| CVE-2025-9059 | The Altiris Core Agent Updater package (AeXNSC.exe) is prone to an elevation of privileges vulnerability through DLL hijacking. | 8.8 | 0.11% | 2025-09-11 | 2026-06-17 |
| CVE-2025-13919 | Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a COM Hijacking vulnerability, which is a type of issue whereby an attacker attempts to establish persistence and evade detection by hijacking COM references in the Windows Registry. | 4.4 | 0.13% | 2026-01-28 | 2026-06-17 |
| CVE-2025-13918 | Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 6.7 | 0.15% | 2026-01-28 | 2026-06-17 |
| CVE-2025-8661 | A stored Cross-Site Scripting vulnerability (XSS) occurs when the server does not properly validate or encode the data entered by the user. | 4.6 | 0.15% | 2025-08-11 | 2026-06-17 |
| CVE-2026-3991 | Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 MP2 HF15, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.8 | 0.16% | 2026-03-30 | 2026-06-17 |
| CVE-2022-25631 | Symantec Endpoint Protection, prior to 14.3 RU6 (14.3.9210.6000), may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated | 7.8 | 0.17% | 2023-01-20 | 2026-06-17 |
| CVE-2025-24507 | This vulnerability allows appliance compromise at boot time. | 8.9 | 0.18% | 2025-01-30 | 2026-06-17 |
| CVE-2023-23953 | Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to an Elevation of Privilege vulnerability. | 7.8 | 0.19% | 2023-05-31 | 2026-06-17 |
| CVE-2026-3862 | Cross-site Scripting (XSS) allows an attacker to submit specially crafted data to the application which is returned unaltered in the resulting web page. | 4.6 | 0.19% | 2026-03-10 | 2026-06-17 |
| CVE-2014-3431 | Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors. | 4.3 | 0.20% | 2014-06-21 | 2026-06-16 |
| CVE-2024-36458 | The vulnerability allows a malicious low-privileged PAM user to perform server upgrade related actions. | 5.1 | 0.20% | 2024-07-15 | 2026-06-17 |
| CVE-2025-24502 | An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address. | 5.3 | 0.21% | 2025-01-30 | 2026-06-17 |
| CVE-2019-9703 | Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. | 7.8 | 0.21% | 2019-07-01 | 2026-06-16 |
| CVE-2019-9702 | Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. | 7.8 | 0.21% | 2019-07-01 | 2026-06-16 |
| CVE-2013-5008 | The agent and task-agent components in Symantec Management Platform 7.0 and 7.1 before 7.1 SP2 Mp1.1v7 rollup, as used in certain Altiris products, use the same registry-entry encryption key across different customers' installations, which makes it easier for local users to obtain sensitive information about package-server access, or cause a denial of service, by leveraging knowledge of this key. | 4.6 | 0.22% | 2013-10-10 | 2026-06-16 |