Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
An attacker could exploit this vulnerability by uploading arbitrary files via the a specific endpoint, leading to unauthorized remote code execution or system compromise.
An arbitrary code execution vulnerability exists in the git functionality of Truffle Security Co. TruffleHog 3.90.2. A specially crafted repository can lead to a arbitrary code execution. An attacker
CVE-2025-10283
CRITICAL CVSS 9.6
Find Similar
BBOT's gitdumper module could be abused to execute commands through a malicious git repository.
An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery (CSRF) protection.
CVE-2024-50704
CRITICAL CVSS 10.0
Find Similar
Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request.
CVE-2018-25270
CRITICAL CVSS 9.3
Find Similar
ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can cr
CVE-2024-50707
CRITICAL CVSS 10.0
Find Similar
Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via the X-Forwarded-For header in an HTTP GET request.
CVE-2024-52320
CRITICAL CVSS 9.3
Find Similar
The affected product is vulnerable to a command injection. An unauthenticated attacker could send commands through a malicious HTTP request which could result in remote code execution.
A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed (CRLF)
CVE-2026-26216
CRITICAL CVSS 10.0
Find Similar
Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using
CVE-2026-22679
CRITICAL CVSS 9.3
Find Similar
Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows atta
CVE-2025-34117
CRITICAL CVSS 9.3
Find Similar
A remote code execution vulnerability exists in multiple Netcore and Netis routers models with firmware released prior to August 2014 due to the presence of an undocumented backdoor listener on UDP po
CVE-2024-11984
CRITICAL CVSS 9.4
Find Similar
A unrestricted upload of file with dangerous type vulnerability in epaper draft function in Corporate Training Management System before 10.13 allows remote authenticated users to bypass file upload re
A remote code execution vulnerability exists in Code Runner MCP Server when run with the --transport http option, which exposes the /mcp JSON-RPC endpoint without authentication on port 3088. An unaut
CVE-2021-47851
CRITICAL CVSS 9.3
Find Similar
Mini Mouse 9.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary commands through an unauthenticated HTTP endpoint. Attackers can leverage the /op=command end
A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution.
A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on
Textpattern versions prior to 4.8.3 contain an authenticated remote code execution vulnerability that allows logged-in users to upload malicious PHP files. Attackers can upload a PHP file with a shell
An authenticated remote code execution vulnerability exists in GetSimpleCMS version 3.2.1. The application’s upload.php endpoint allows authenticated users to upload arbitrary files without proper val
CVE-2025-41651
CRITICAL CVSS 9.8
Find Similar
Due to missing authentication on a critical function of the devices an unauthenticated remote attacker can execute arbitrary commands, potentially enabling unauthorized upload or download of configura