Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
there is a possible man-in-the-middle attack due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not
CVE-2025-22408
CRITICAL CVSS 9.8
Find Similar
In rfc_check_send_cmd of rfc_utils.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges neede
In multiple locations, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privil
In multiple locations, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User
In multiple locations, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User
Inappropriate implementation in Intents in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Use after free in WebView in Google Chrome on Android prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity:
Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape v
A vulnerability classified as problematic has been found in Inetum IODAS 7.2-LTS.4.1-JDK7/7.2-RC3.2-JDK7. Affected is an unknown function of the file /astre/iodasweb/app.jsp. The manipulation of the a
Inappropriate implementation in Canvas in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Med
CVE-2025-48543
HIGH CVSS 8.8 KEV
Find Similar
In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free. This could lead to local escalation of privilege with no additional exe
In multiple locations, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User inter
Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation o
Inappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform domain spoofing via a crafted
Inappropriate implementation in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High
Inappropriate implementation in Android Autofill in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security s
A vulnerability, which was classified as problematic, was found in Zylon PrivateGPT up to 0.6.2. This affects an unknown part of the file settings.yaml. The manipulation of the argument allow_origins
In getContextForResourcesEnsuringCorrectCachedApkPaths of RemoteViews.java, there is a possible way to load arbitrary java code in a privileged context due to a confused deputy. This could lead to loc
there is a possible arbitrary read due to an insecure default value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploit