Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Missing Authorization vulnerability in OnTheGoSystems Language allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Language: from n/a through 1.2.1.
Multiple authorization bypass vulnerabilities in the Endpoint DLP component of Prisma Access Agent® allow a local attacker to bypass authentication controls and execute privileged operations.
Missing Authorization vulnerability in wokamoto StaticPress staticpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects StaticPress: from n/a through <= 0.4.
CVE-2025-34143
CRITICAL CVSS 9.3
Find Similar
An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The
ServiceNow has addressed an authorization bypass vulnerability that was identified in the Washington release of the Now Platform. This vulnerability, if exploited, potentially could enable an authenti
Incorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass access controls and perform unauthorized actions on restricted resources.
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.8.
An Incorrect Implementation of Authentication Algorithm and Exposure of Data Element to Wrong Ses-sion vulnerability in the session handling used in B&R APROL <4.4-00P5 may allow an authenticated netw
Authentication bypass by spoofing issue exists in FileMegane versions above 1.0.0.0 prior to 3.4.0.0, which may lead to user impersonation. If exploited, restricted file contents may be accessed.
CVE-2024-51555
CRITICAL CVSS 9.3
Find Similar
Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials.  Affect
CVE-2025-26347
CRITICAL CVSS 9.8
Find Similar
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to edit user per
An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope.
CVE-2024-6298
CRITICAL CVSS 9.4
Find Similar
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arbitrary code remotely
Authentication Bypass Using an Alternate Path or Channel vulnerability in Projectopia Projectopia projectopia-core allows Authentication Bypass.This issue affects Projectopia: from n/a through <= 5.1.
An authentication bypass vulnerability exists in the User profile management functionality of Socomec Easy Config System 2.6.1.0. A specially crafted database record can lead to unauthorized access. A
A flaw exists in the Windows login flow where an AuthContext token can be exploited for replay attacks and authentication bypass.
CVE-2024-51545
CRITICAL CVSS 9.3
Find Similar
Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02;
Improper handling of authentication requests lead to a user enumeration vector in the passkey authentication method.
CVE-2025-40552
CRITICAL CVSS 9.8
Find Similar
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected
CVE-2024-48840
CRITICAL CVSS 9.3
Find Similar
Unauthorized Access vulnerabilities allow Remote Code Execution.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02