Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, the URL ingest pipeline accepted user-controlled remote URLs with
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer Digest authentication implementation in arduino-esp3
A vulnerability was determined in Open5GS up to 2.7.7. This vulnerability affects the function bsf_sess_add_by_ip_address of the file /nbsf-management/v1/pcfBindings of the component BSF. Executing a
CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in‌‌ URL‌ as http
CVE-2025-31116
CRITICAL CVSS 9.8
Find Similar
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The mitigation for CVE-2024-29190 in valid_hos
OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For example when the message specification requires InitiatingMessage but sent wit
In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing (CORS). Exploiting this vulnerability requires authenticating to the device and
When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content profile that has a malformed JSON schema, and the security policy is applied to a virtual server, undisclosed
In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing (CORS). Exploiting this vulnerability requires authenticating to the device and
An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerabilit
An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplied parameters within formatting functions. An attacker
EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Attachment/fromImageUrl endpoint is vulnerable to Server-Side Request Forgery (SSR
The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_access_point_name_ie function at /3gpp/3gp
ESPTouch is a connection protocol for internet of things devices. In the ESPTouchV2 protocol, while there is an option to use a custom AES key, there is no option to set the IV (Initialization Vector)
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. According to Apple's documentati
Magma v1.8.0 and OAI EPC Federation v1.20 were discovered to contain an out-of-bounds read in the amf_as_establish_req function at /tasks/amf/amf_as.cpp. This vulnerability allows attackers to cause a
Improper file descriptor handling for closed connections in OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) by repeatedly establishing SCTP co
The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_esm_message_container function at /nas/ies
Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows access to HID devices. Prior to 1.1.0, usb_class_request_get_descriptor() frees and reallocates hid_device->ctrl_xfer when an over
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. A local user with minimal privil