Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
20 results
New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an au
Incorrect access control in the getSubUsersByProvider function of OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 allows attackers with low-level privileges to dump user records and access
CVE-2026-40946
CRITICAL CVSS 9.2
Find Similar
Oxia is a metadata store and coordination system. Prior to 0.16.2, the OIDC authentication provider unconditionally sets SkipClientIDCheck: true in the go-oidc verifier configuration, disabling the st
Authorization Bypass Through User-Controlled Key vulnerability in Beefull Energy Technologies Beefull App allows Exploitation of Trusted Identifiers. This issue affects Beefull App: before 24.07.2025
A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacted element is the function generate_auth_token of the file cps/kobo_auth.py of the component Endpoint. Such manipulation
A security flaw has been discovered in code-projects Contact Management System 1.0. This affects an unknown part of the component CRUD Endpoint. The manipulation of the argument ID results in improper
Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state p
A vulnerability was found in pkp ojs up to 3.4.0-6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login/signOut. The manipulation of the argument sour
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an unvalidated redirect (open redirect) vulnerability exists in NocoDB’s login flow due to missing validation of th
A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function order_info of the file application/index/controller/User.php of the component Member Order Detail
A weakness has been identified in Belkin F9K1015 1.00.10. Affected is an unknown function of the file /goform/formBSSetSitesurvey. Executing a manipulation of the argument wan_ipaddr can lead to comma
A flaw was found in Keycloak. An authenticated client could exploit an Insecure Direct Object Reference (IDOR) vulnerability in the Authorization Services Protection API endpoint. By knowing or obtain
CVE-2025-25306
CRITICAL CVSS 9.3
Find Similar
Misskey is an open source, federated social media platform. The patch for CVE-2024-52591 did not sufficiently validate the relation between the `id` and `url` fields of ActivityPub objects. An attacke
One Identity by Quest Safeguard for Privileged Passwords Appliance 7.5.1.20903 is vulnerable to One Time Password (OTP)/Multifactor Authentication (MFA) bypass using response manipulation. An attacker
A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected by this vulnerability is the function getMemberById of the file /mall-ums/app-api/v1/members/. The manipulation of the ar
An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Exposed ”com.android
CVE-2025-66022
CRITICAL CVSS 9.8
Find Similar
FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to version 1.7.1, an extension execution path in Faction’s extension framework permits untrusted extension code to execute
The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-cho
A vulnerability has been found in Oiwtech OIW-2431APGN-HP 2.5.3-B20131128 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formScript of the component Personal S
A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored password hashes. A privileged attacker
← Previous Page 5