Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2026-10868
CRITICAL CVSS 9.0
Find Similar
A mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of user-supplied fields in UsersController::edit(). When processing edit requests, the applicat
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can write arbitrary files by manipulating POST parameters of the page "common/vam_Sql.php".
An issue in the DelFile() function of WMCMS v4.4 allows attackers to delete arbitrary files via a crafted POST request.
Permission control vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Permission control vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
The ws.stash.app.mac.daemon.helper tool contains a vulnerability caused by an incorrect use of macOS’s authorization model. Instead of validating the client's authorization reference, the helper invok
A vulnerability was found in itsourcecode Laravel Property Management System 1.0. It has been classified as critical. Affected is the function UpdateDocumentsRequest of the file DocumentsController.ph
Permission control vulnerability in the file preview module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
A vulnerability, which was classified as critical, was found in code-projects Library Management System 2.0. This affects an unknown part of the file /admin/student_edit_photo.php. The manipulation of
A security flaw has been discovered in Flos Freeware Notepad2 4.2.22/4.2.23/4.2.24/4.2.25. Affected is an unknown function in the library Msimg32.dll. Performing a manipulation results in uncontrolled
A vulnerability was found in H3C M2 NAS V100R006. Affected by this vulnerability is an unknown functionality of the component Webserver Configuration. The manipulation leads to execution with unnecess
Missing Authorization vulnerability in nK DocsPress docspress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DocsPress: from n/a through <= 2.5.2.
Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.
CVE-2026-33054
CRITICAL CVSS 9.8
Find Similar
Mesop is a Python-based UI framework that allows users to build web applications. Versions 1.2.2 and below contain a Path Traversal vulnerability that allows any user supplying an untrusted state_toke
Permissions bypass in M-Files Connector for Copilot before version 24.9.3 allows authenticated user to access limited amount of documents via incorrect access control list calculation
A vulnerability was detected in macrozheng mall up to 1.0.3. Affected by this issue is the function delete of the file /member/readHistory/delete. Performing manipulation of the argument ids results i
Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution
CVE-2025-55469
CRITICAL CVSS 9.8
Find Similar
Incorrect access control in youlai-boot v2.21.1 allows attackers to escalate privileges and access the Administrator backend.
Improper privilege management in ThemeManager prior to SMR Mar-2026 Release 1 allows local privileged attackers to reuse trial contents.