Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Dorsett Controls InfoScan is vulnerable due to a leak of possible sensitive information through the response headers and the rendered JavaScript prior to user login.
Dorsett Controls Central Server update server has potential information leaks with an unprotected file that contains passwords and API keys.
A reflected Cross-Site Scripting (XSS) vulnerability exists in /webscan/sqlmap/index.html in QingScan <=v1.8.0. The vulnerability is caused by improper input sanitization of the query parameter, allow
A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the us
The InfoScan client download page can be intercepted with a proxy, to expose filenames located on the system, which could lead to additional information exposure.
Logical vulnerability in the mobile application (com.transsion.carlcare) may lead to user information leakage risks.
Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configura
A Cross-Site Scripting (XSS) vulnerability in the search function of Q4 Inc Investor Relations Platform v5.147.1.2 allows attackers to execute arbitrary Javascript via injecting a crafted payload into
Insertion of Sensitive Information Into Sent Data vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator crawlomatic-multipage-scraper-post-generator allows Retrieve Embedded Sen
A broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitatio
A stored Cross-Site Scripting (XSS) vulnerability exists in the qureydetails.php page of Institute-of-Current-Students 1.0, where the input fields for Query and Answer do not properly sanitize user in
CVE-2025-2775
HIGH CVSS 7.5 KEV
Find Similar
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality, allowing for administrator account takeover an
A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL
Easy Cart Shopping Cart 2021 contains a non-persistent cross-site scripting vulnerability in the search module's keyword parameter. Remote attackers can inject malicious script code through the search
A reflected cross-site scripting (XSS) vulnerability exists in ETQ Reliance CG (legacy) platform within the `SQLConverterServlet` component. This vulnerability requires user interaction, such as click
An information disclosure vulnerability in the component /rest/cb/executeBasicSearch of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access
Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configura
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in os_watch.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized val
A Cross-Site Scripting (XSS) vulnerability exists in the OPAC search feature of Koha Library Management System v24.05. Unsanitized input entered in the search field is reflected in the search history
Possible information exposure through log file vulnerability where sensitive fields are recorded in the debug-enabled logs when debugging is turned on in Brocade SANnav before 2.3.0 and 2.2.2a
Page 1+ Next →