Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Missing Authorization vulnerability in Ashan Perera LifePress lifepress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LifePress: from n/a through <= 2.2.1.
there is a possible privilege escalation due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not need
In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional
There is a possible escalation of privilege due to test/debugging code left in a production build. This could lead to physical escalation of privilege with no additional execution privileges needed. U
Missing Authorization vulnerability in raratheme Travel Diaries travel-diaries allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Diaries: from n/a throu
In onStart of BiometricEnrollIntroduction.java, there is a possible way to determine the device's location due to an unsafe PendingIntent. This could lead to local escalation of privilege with no addi
In multiple locations, there is a possible bypass of user profile boundary with a forwarded intent due to improper input validation. This could lead to local escalation of privilege with no additional
AG Life Logger Android App version v1.0.2.72 and before (package name com.donki.healthy), developed by IO FIT, K.K., contains improper access control vulnerabilities. Exposed credentials in traffic ma
In display, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege.
An issue was discovered in CyberDAVA before 1.1.20. A privilege escalation vulnerability allows a low-privileged user to escalate their privilege by abusing the following API due to the lack of access
In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional exe
Improper access control in InputManager to SMR Apr-2025 Release 1 allows local attackers to access the scancode of specific input device.
In multiple locations, there is a possible privilege escalation due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. Use
Improper authorization in One UI Home prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access sensitive information.
An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a physically proximate attacker to escalate privileges via the "2fa_authorized" Local Storage key
In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional exe
The issue was addressed with improved authentication. This issue is fixed in iOS 26.4 and iPadOS 26.4, visionOS 26.4, watchOS 26.4. An attacker with physical access to a locked device may be able to v
Improper access control in Dex Mode prior to SMR Nov-2024 Release 1 allows physical attackers to temporarily access to unlocked screen.
In multiple locations, there is a possible permanent denial of service due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed
In onActivityResult of VoicemailSettingsActivity.java, there is a possible work profile contact number leak due to a confused deputy. This could lead to local escalation of privilege with no additiona