Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2019-20457
CRITICAL CVSS 9.1
Find Similar
An issue was discovered on Brother MFC-J491DW C1806180757 devices. The printer's web-interface password hash can be retrieved without authentication, because the response header of any failed login at
CVE-2025-65212
CRITICAL CVSS 9.8
Find Similar
An issue was discovered in NJHYST HY511 POE core before 2.1 and plugins before 0.1. The vulnerability stems from the device's insufficient cookie verification, allowing an attacker to directly request
Missing Authorization vulnerability in Printeers Printeers Print & Ship allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Printeers Print & Ship: from n/a th
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 use the cryptographically broken MD5 hash function for session cookie generation, weakening session security. Attackers can exploit predictab
CVE-2026-25818
CRITICAL CVSS 9.1
Find Similar
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have weak entropy for authentication cookies, allowing an atta
An unauthenticated attacker can abuse the weak hash of the backup generated by the wwwdnload.cgi endpoint to gain unauthorized access to sensitive data, including password hashes and certificates.
User enumeration vulnerability in M3M Printer Server Web. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine whether a username is
CVE-2024-36439
CRITICAL CVSS 9.4
Find Similar
Swissphone DiCal-RED 4009 devices allow a remote attacker to gain access to the administrative web interface via the device password's hash value, without knowing the actual device password.
A lack of session validation in the web API component of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote unauthenticated attackers to access administrative information-retrieval funct
An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can re
Missing authentication and authorization in print_membership_card.php in CodeAstro Membership Management System 1.0 allows unauthenticated attackers to access membership card data of arbitrary users v
Missing Authorization vulnerability in Uriahs Victor Printus printus-cloud-printing-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Printus:
An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access.
CVE-2025-27663
CRITICAL CVSS 9.8
Find Similar
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Weak Password Encryption / Encoding OVE-20230524-0007.
An authorization bypass through user-controlled key vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x allows an authenticated attacker to access some unauthorized data.
An issue was discovered on Swissphone DiCal-RED 4009 devices. An attacker with access to the file /etc/deviceconfig may recover the administrative device password via password-cracking methods, becaus
CVE-2014-125126
CRITICAL CVSS 9.2
Find Similar
An unrestricted file upload vulnerability exists in Simple E-Document versions 3.0 to 3.1 that allows an unauthenticated attacker to bypass authentication by sending a specific cookie header (access=3
Missing Authorization vulnerability in miniOrange YourMembership Single Sign On allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YourMembership Single Sign On
A race condition exists in PaperCut MF when processing badge-swipe data from certain HP multifunction devices. Under specific network conditions involving dropped packets and out-of-order sequence cou
Page 1+ Next →