Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Authentication Bypass by Spoofing vulnerability in ilyasine Maintenance & Coming Soon Redirect Animation maintenance-coming-soon-redirect-animation allows Identity Spoofing.This issue affects Maintena
Authentication Bypass by Spoofing vulnerability in Peter Hardy-vanDoorn Maintenance Redirect jf3-maintenance-mode.This issue affects Maintenance Redirect: from n/a through <= 2.0.1.
Authentication Bypass by Spoofing vulnerability in Asgaros Asgaros Forum asgaros-forum allows Identity Spoofing.This issue affects Asgaros Forum: from n/a through <= 3.0.0.
Authentication Bypass Using an Alternate Path or Channel vulnerability in Projectopia Projectopia projectopia-core allows Authentication Bypass.This issue affects Projectopia: from n/a through <= 5.1.
Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Receiving specially crafted Security Request could lead to removal of original bond and re-bond with impostor. This issue affects Apa
CVE-2025-67446
CRITICAL CVSS 9.8
Find Similar
Improper Authentication (Authentication Bypass) exists in Neterbit NW-431F Router 20241014-IR03 and before. The router uses a weak/predictable cookie value for authentication. By modifying the cookie
Server-Side Request Forgery (SSRF) vulnerability in Adam Pery Animate animate allows Server Side Request Forgery.This issue affects Animate: from n/a through <= 0.5.
Cross-Site Request Forgery (CSRF) vulnerability in Regios MyAnime Widget myanime-widget allows Privilege Escalation.This issue affects MyAnime Widget: from n/a through <= 1.0.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - PageTriage allows Authentication Bypass.This issue affects Mediawiki - PageTriage: from
ServiceNow has addressed an authorization bypass vulnerability that was identified in the Washington release of the Now Platform. This vulnerability, if exploited, potentially could enable an authenti
CVE-2025-8350
CRITICAL CVSS 9.8
Find Similar
Execution After Redirect (EAR), Missing Authentication for Critical Function vulnerability in Inrove Software and Internet Services BiEticaret CMS allows Authentication Bypass, HTTP Response Splitting
Authentication Bypass by Spoofing vulnerability in Saad Iqbal All In One Login change-wp-admin-login allows Identity Spoofing.This issue affects All In One Login: from n/a through <= 2.0.8.
An URL redirection vulnerability was identified in GitHub Enterprise Server that allowed attacker-controlled redirects to leak sensitive authorization tokens. The repository_pages API insecurely follo
Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page. This vulnerability was fixed in Firefox for iOS 136.
The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. N
Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3,
A vulnerability was found in a466350665 Smart-SSO up to 2.1.1. Affected by this issue is some unknown functionality of the file smart-sso-server/src/main/resources/templates/login.html of the componen
Authentication Bypass by Spoofing vulnerability in opa plugin. An attacker could relay spoofed identity headers to upstream capitalising on non-default configuration in opa plugin. This could allow
CVE-2025-23504
CRITICAL CVSS 9.8
Find Similar
Authentication Bypass Using an Alternate Path or Channel vulnerability in RiceTheme Felan Framework felan-framework allows Authentication Abuse.This issue affects Felan Framework: from n/a through <=
Cross-Site Request Forgery (CSRF) vulnerability in CodeVibrant Maintenance Notice maintenance-notice allows Cross Site Request Forgery.This issue affects Maintenance Notice: from n/a through <= 1.0.6.
Page 1+ Next →