Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Unauthenticated attackers can trigger device actions associated with specific "scenes" of arbitrary users.
An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity Series. An unauthe
An unauthenticated remote attacker can exploit insufficient input validation to write data beyond the bounds of a buffer, potentially leading to a denial-of-service condition for the devices.
A cleartext transmission of sensitive information vulnerability in the affected products allows an unauthorized remote attacker to gain login credentials and access the Web-UI.
An unauthenticated remote attacker can cause a Denial of Service by turning off the output of the UPS via Modbus command.
CVE-2024-36445
CRITICAL CVSS 9.8
Find Similar
Swissphone DiCal-RED 4009 devices allow a remote attacker to gain a root shell via TELNET without authentication.
An authentication bypass vulnerability in the Tongyu AX1800 Wi-Fi 6 Router with firmware 1.0.0 allows unauthenticated network-adjacent attackers to perform arbitrary configuration changes without prov
An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint event_mail
CVE-2025-40805
CRITICAL CVSS 10.0
Find Similar
Affected devices do not properly enforce user authentication on specific API endpoints. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitima
Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "rooms").
An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint.
A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and
An unauthenticated attacker with network access to the affected device's web interface can execute any system command via the "msg_events.php" script as the www-data user. The HTTP GET parameter "data
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 (R6.4.0.4006), and the 6970 Conference Unit through 6.4 SP4 (R6.4.0.4006) or version V1 R0.1.0, could
CVE-2025-26361
CRITICAL CVSS 9.1
Find Similar
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to factory rese
CVE-2026-24789
CRITICAL CVSS 9.3
Find Similar
An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication.
CVE-2025-3200
CRITICAL CVSS 9.1
Find Similar
An unauthenticated remote attacker could exploit the used, insecure TLS 1.0 and TLS 1.1 protocols to intercept and manipulate encrypted communications between the Com-Server and connected systems.
The affected products could allow an unauthenticated attacker to access system information that could enable further access to sensitive files and obtain administrative credentials.
An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (TCP).