Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
20 results
ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipul
Certain switch models from PLANET Technology store SNMPv3 users' passwords in plaintext within the configuration files, allowing remote attackers with administrator privileges to read the file and obt
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the legacy patient notes functions in `library/pnotes.inc.php` perfor
In ensureFileColumns of MediaProvider.java, there is a possible disclosure of files owned by another user due to improper input validation. This could lead to local information disclosure with no addi
Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list catalog items and extrac
HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized parties.
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware (used by many white-labeled DVR/NVR/IPC products) versions prior to 1.3.4 contain an authentication bypass in the NVMS-9000 control protoco
A vulnerability was found in CodeAstro Patient Record Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the component Generate New Report Page. The
Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker an
Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor (ASP) could allow an attacker with the ability to write outside the tru
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user.
An issue was discovered in the Portrait Dell Color Management application before 3.7.0 for Dell monitors. On Windows, a symbolic link vulnerability allows a local low-privileged user to escalate privi
An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated p
Hardcoded Password Vulnerability have been found in CENTUM. Affected products contain a hardcoded password for the user account (PROG) used for CENTUM Authentication Mode within the system. Under the
Hydrosystem Control System saves sensitive information into a log file. Critically, user credentials are logged allowing the attacker to obtain further authorized access into the system. Combined with
A vulnerability, which was classified as problematic, has been found in wowjoy 浙江湖州华卓信息科技有限公司 Internet Doctor Workstation System 1.0. This issue affects some unknown processing of the file /v1/prescri
OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive files by exploiting directory listing functionality. Attackers can browse direct
Unauthenticated attackers can retrieve serial number of smart meters associated to a specific user account.
The NPort 6100-G2/6200-G2 Series is affected by an execution with unnecessary privileges vulnerability (CVE-2025-1977) that allows an authenticated user with read-only access to perform unauthorized c
A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could potentially allow a privileged user to retrieve credentials fr
← Previous Page 5