Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in
IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attacker to trick the caching mechanism into storing and serving sensitive, user-specific responses as publicly cacheable resources.
CVE-2024-38327
CRITICAL CVSS 9.8
Find Similar
IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could assist an attacker to read and debug Java
IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM Security Verify Directory could be vulnerable to malicious file upload by not validating file type. A privileged user could upload
CVE-2025-34163
CRITICAL CVSS 10.0
Find Similar
Dongsheng Logistics Software exposes an unauthenticated endpoint at /CommMng/Print/UploadMailFile that fails to enforce proper file type validation and access control. An attacker can upload arbitrary
IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server to modify limited files or data.
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the vi
CVE-2025-67288
CRITICAL CVSS 10.0
Find Similar
An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a crafted PDF file. NOTE: this is disputed by the Supplier because the responsibil
ArcGIS Server versions 11.5 and earlier on Windows and Linux do not sufficiently validate uploaded files, enabling a remote unauthenticated attacker to upload arbitrary files to the server’s designate
ArcGIS Server versions 11.5 and earlier on Windows and Linux do not sufficiently validate uploaded files, enabling a remote unauthenticated attacker to upload arbitrary files to the server’s designate
A vulnerability has been found in shishuocms 1.1 and classified as critical. This vulnerability affects the function handleRequest of the file src/main/java/com/shishuo/cms/action/manage/ManageUpLoadA
A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This affects an unknown part of the file /rest/file/uploadLedImage of the component Endpoint. The manipulation of the a
A vulnerability was determined in newbee-mall-plus 2.0.0. This impacts the function Upload of the file src/main/java/ltd/newbee/mall/controller/common/UploadController.java of the component Product In
SOPlanning is vulnerable to Stored Cross-Site Scripting (XSS) via /process/upload_backup endpoint. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive co
CVE-2024-13981
CRITICAL CVSS 10.0
Find Similar
LiveBOS, an object-oriented business architecture middleware suite developed by Apex Software Co., Ltd., contains an arbitrary file upload vulnerability in its UploadFile.do;.js.jsp endpoint. This fla
A vulnerability, which was classified as critical, has been found in Lumsoft ERP 8. Affected by this issue is some unknown functionality of the file /Api/TinyMce/UploadAjaxAPI.ashx of the component AS
IBM Analytics Content Hub 2.0 is vulnerable to a buffer overflow due to improper return length checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the syste
A vulnerability was found in Fujian mwcms 1.0.0. It has been rated as critical. Affected by this issue is the function uploadimage of the file /uploadfile.html. The manipulation of the argument upfile
CVE-2025-42910
CRITICAL CVSS 9.0
Find Similar
Due to missing verification of file type or content, SAP Supplier Relationship Management allows an authenticated attacker to upload arbitrary files. These files could include executables which might
CVE-2024-39727
CRITICAL CVSS 9.8
Find Similar
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expos