Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
An unauthenticated remote attacker can exploit input validation in cmd services of the devices, allowing them to disrupt system operations and potentially cause a denial-of-service.
Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting the product's confidentiality or change certain c
Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network.
CVE-2025-52689
CRITICAL CVSS 9.8
Find Similar
Successful exploitation of the vulnerability could allow an unauthenticated attacker to obtain a valid session ID with administrator privileges by spoofing the login request, potentially allowing the
The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication.
Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.
Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.
An unauthenticated remote attacker may use an uncontrolled resource consumption in the IEC 61131 program of the affected products by creating large amounts of network traffic that needs to be handled
Insufficient input validation vulnerability in the listed NETGEAR devices allows authenticated administrators connected to the local network to tamper with the router's integrity.
Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network.
An unauthenticated attacker on the WAN interface, with the ability to intercept Dynamic DNS (DDNS) traffic between DDNS services and the modem, could manipulate specific responses to include code that
CVE-2025-3200
CRITICAL CVSS 9.1
Find Similar
An unauthenticated remote attacker could exploit the used, insecure TLS 1.0 and TLS 1.1 protocols to intercept and manipulate encrypted communications between the Com-Server and connected systems.
Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-1393
CRITICAL CVSS 9.8
Find Similar
An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product.
Certain models of routers from Billion Electric has an Authentication Bypass vulnerability, allowing unautheticated attackers to retrive contents of arbitrary web pages.
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.