聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2026-3991 | Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 MP2 HF15, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.8 | 0.16% | 2026-03-30 | 2026-04-01 |
| CVE-2025-13917 | WSS Agent, prior to 9.8.5, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.0 | 0.08% | 2026-01-28 | 2026-04-15 |
| CVE-2025-10847 | DX Unified Infrastructure Management (Nimsoft/UIM) and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system. | 8.4 | 0.43% | 2025-10-01 | 2026-04-15 |
| CVE-2025-9059 | The Altiris Core Agent Updater package (AeXNSC.exe) is prone to an elevation of privileges vulnerability through DLL hijacking. | 8.8 | 0.11% | 2025-09-11 | 2026-04-15 |
| CVE-2025-5333 | Remote attackers can execute arbitrary code in the context of the vulnerable service process. | 9.5 | 0.69% | 2025-07-06 | 2026-04-15 |
| CVE-2025-0893 | Symantec Diagnostic Tool (SymDiag), prior to 3.0.79, may be susceptible to a Privilege Escalation vulnerability. | 7.8 | 0.06% | 2025-02-19 | 2026-04-15 |
| CVE-2025-24507 | This vulnerability allows appliance compromise at boot time. | 8.9 | 0.18% | 2025-01-30 | 2026-04-15 |
| CVE-2025-24505 | This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file. | 8.8 | 0.28% | 2025-01-30 | 2026-04-15 |
| CVE-2025-24503 | A malicious actor can fix the session of a PAM user by tricking the user to click on a specially crafted link to the PAM server. | 9.3 | 0.23% | 2025-01-30 | 2026-04-15 |
| CVE-2025-24500 | The vulnerability allows an unauthenticated attacker to access information in PAM database. | 8.7 | 0.22% | 2025-01-30 | 2026-04-15 |
| CVE-2024-38499 | CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesn't allow a non-admin/non-root user to execute "caf encrypt"/"sd_acmd encrypt" commands. | 7.3 | 0.22% | 2024-12-17 | 2026-04-15 |
| CVE-2024-38494 | This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request. | 8.6 | 0.56% | 2024-07-15 | 2026-04-15 |
| CVE-2024-38492 | This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. | 9.4 | 0.94% | 2024-07-15 | 2026-04-15 |
| CVE-2024-38491 | The vulnerability allows an unauthenticated attacker to read arbitrary information from the database. | 8.4 | 0.28% | 2024-07-15 | 2026-04-15 |
| CVE-2024-36456 | This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. | 9.4 | 0.94% | 2024-07-15 | 2026-04-15 |
| CVE-2024-36455 | An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request. | 9.4 | 0.47% | 2024-07-15 | 2026-04-15 |
| CVE-2024-36459 | A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser. | 8.4 | 0.42% | 2024-06-14 | 2026-04-15 |
| CVE-2023-23955 | Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability. | 8.1 | 0.47% | 2023-06-01 | 2025-01-09 |
| CVE-2023-23953 | Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to an Elevation of Privilege vulnerability. | 7.8 | 0.19% | 2023-06-01 | 2025-01-09 |
| CVE-2023-23952 | Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability. | 9.8 | 1.35% | 2023-06-01 | 2025-01-09 |