Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successf
This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacker could exploit this vulnerability by extracting the
A flaw has been found in Beetel 777VR1 up to 01.00.09/01.00.09_55. The affected element is an unknown function of the component UART Interface. This manipulation causes improper access controls. It is
Missing authentication for critical function vulnerability in BUFFALO Wi-Fi router products may allow an attacker to forcibly reboot the product without authentication.
CVE-2025-20358
CRITICAL CVSS 9.8
Find Similar
A vulnerability in the Contact Center Express (CCX) Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative permissio
CVE-2017-20235
CRITICAL CVSS 9.3
Find Similar
ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication bypass vulnerability in the web user interface that allows unauthenticated attackers to gain access to ad
CVE-2025-54943
CRITICAL CVSS 9.3
Find Similar
A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application deployment due to the absence of proper ac
A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive infor
A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.8), SiPass integrated ACC-AP (All versions < V6.4.8). Affected devices expose several MQTT URLs without au
CVE-2026-23813
CRITICAL CVSS 9.8
Find Similar
A vulnerability has been identified in the web-based management interface of AOS-CX switches that could potentially allow an unauthenticated remote actor to circumvent existing authentication controls
CVE-2026-3587
CRITICAL CVSS 10.0
Find Similar
An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device.
An authenticated command injection vulnerability exists in the Polycom HDX Series command shell interface accessible over Telnet. The lan traceroute command in the devcmds console accepts unsanitized
An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes.
A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS.
A vulnerability was detected in unitedbyai droidclaw up to 0.5.3. The affected element is an unknown function of the file server/src/routes/pairing.ts of the component claim Endpoint. The manipulation
CVE-2026-6886
CRITICAL CVSS 9.3
Find Similar
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log into the system as any user.
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrat
Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to read or write the device values
Missing Authentication for Critical Function vulnerability in Honeywell Handheld Scanners allows Authentication Abuse.This issue affects Handheld Scanners: from C1 Base(Ingenic x1000) before GK000432B
CVE-2022-50981
CRITICAL CVSS 9.8
Find Similar
An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced.