Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
This vulnerability exists in the Shilpi Net Back Office due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a pa
An URL redirection vulnerability was identified in GitHub Enterprise Server that allowed attacker-controlled redirects to leak sensitive authorization tokens. The repository_pages API insecurely follo
A vulnerability in the web application allows unauthorized users to access and manipulate sensitive data across different tenants by exploiting insecure direct object references. This could lead to un
Incorrect access control in the component ApiPayController.java of platform v1.0.0 allows attackers to access sensitive information via unspecified vectors.
CWE-639: Authorization Bypass Through User-Controlled Key vulnerability exists that could allow an authorized attacker to modify values outside those defined by their privileges (Elevation of Privileg
A vulnerability was detected in pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486. The affected element is the function loadLanguage of the file classes/class.databas
A vulnerability in Intrexx Portal Server 12.0.2 and earlier which was classified as problematic potentially allows users with particular permissions under certain conditions to see potentially sensiti
A vulnerability was determined in roncoo roncoo-pay up to 9428382af21cd5568319eae7429b7e1d0332ff40. Affected is an unknown function of the file /user/info/lookupList. Executing manipulation can lead t
A vulnerability was detected in rymcu forest up to 0.0.5. This affects the function updateUserInfo of the file - src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the component Us
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause manipulation of SOAP API calls and XML external entities injection resulting in unauthoriz
A potential JSON injection attack vector exists in PingFederate REST API data stores using the POST method and a JSON request body.
Account Takeover in Corezoid 6.6.0 in the OAuth2 implementation via an open redirect in the redirect_uri parameter allows attackers to intercept authorization codes and gain unauthorized access to vic
An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope.
A vulnerability, which was classified as problematic, was found in veal98 小牛肉 Echo 开源社区系统 4.2. Affected is the function preHandle of the file src/main/java/com/greate/community/controller/interceptor/
A flaw was found in Keycloak. A broken access control vulnerability in the Account Resources user lookup endpoint allows a remote authenticated user, who owns at least one User-Managed Access (UMA) re
A vulnerability, which was classified as problematic, has been found in 70mai M300 up to 20250611. This issue affects some unknown processing of the component HTTP Server. The manipulation leads to in
An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication.
FastAPI Api Key provides a backend-agnostic library that provides an API key system. Version 1.1.0 has a timing side-channel vulnerability in verify_key(). The method applied a random delay only on ve
CVE-2026-50886
CRITICAL CVSS 9.1
Find Similar
Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request.