Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2025-56333
CRITICAL CVSS 9.8
Find Similar
An issue in Fossorial fosrl/pangolin v.1.6.2 and before allows a remote attacker to escalate privileges via the 2FA component
An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to the use of wget with --no-check-certificate in scripts like SyncCloudAccount.sh and SyncPermit.sh. T
CVE-2024-7261
CRITICAL CVSS 9.8
Find Similar
The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4) and ea
A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN Gateways Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successfu
Vulnerability of input parameters not being verified in the HDC module Impact: Successful exploitation of this vulnerability may affect availability.
Vulnerability of input parameters not being verified in the HDC module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-67035
CRITICAL CVSS 9.8
Find Similar
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An at
CVE-2026-29120
CRITICAL CVSS 9.2
Find Similar
The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation (IDC) SFX Series(SFX2100) SuperFlex Satellite Receiver insecurely stores the hardcoded root password
It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the underlying code validates the certificat
An unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (RS485).
CVE-2025-46272
CRITICAL CVSS 9.3
Find Similar
WGS-80HPT-V2 and WGS-4215-8T2S are vulnerable to a command injection attack that could allow an unauthenticated attacker to execute OS commands on the host system.
A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) se
A UI Discrepancy for Security Feature vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based, unauthenticated attacker to access the device. On VM Host Rout
An issue discovered in casdoor v1.636.0 allows attackers to obtain sensitive information via the ssh.InsecureIgnoreHostKey() method.
CVE-2026-24126
CRITICAL CVSS 9.1
Find Similar
Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to `ssh
An issue was discovered in DTEX DEC-M (DTEX Forwarder) 6.1.1. The com.dtexsystems.helper service, responsible for handling privileged operations within the macOS DTEX Event Forwarder agent, fails to i
A flaw was found in Red Hat Satellite (Foreman component). This vulnerability allows an authenticated user with edit_settings permissions to achieve arbitrary command execution on the underlying opera
A vulnerability exists in F5OS-A software that allows a highly privileged authenticated attacker to access sensitive FIPS hardware security module (HSM) information on F5 rSeries systems.  Note: Softw
On MOBOTIX P3 cameras before MX-V4.7.2.18 and Mx6 cameras before MX-V5.2.0.61, the tcpdump feature does not properly validate input, which allows authenticated users to execute code.
CVE-2026-49973
CRITICAL CVSS 9.2
Find Similar
Hermes WebUI before version 0.51.358 contains an improper access control vulnerability that allows unauthenticated remote attackers to hijack initial setup by submitting the _set_password parameter to