Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Sunshine is a self-hosted game stream host for Moonlight. Clients that experience a MITM attack during the pairing process may inadvertantly allow access to an unintended client rather than failing au
Sunshine is a self-hosted game stream host for Moonlight. In 0.23.1 and earlier, Sunshine's pairing protocol implementation does not validate request order and is thereby vulnerable to a MITM attack,
CVE-2026-32253
CRITICAL CVSS 9.8
Find Similar
Sunshine is a self-hosted game stream host for Moonlight. In versions prior to 2026.516.143833, the client-certificate authentication can be bypassed because of how OpenSSL verification results are ha
Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Clickjacking attacks. This vulnerability allows an attacker to
Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Cross-Site Request Forgery (CSRF) attacks. This vulnerability
Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.923.33222, the Windows service SunshineService is installed with an unquoted executable path. If Sunshine is installed i
Sunshine for Windows, version v2025.122.141614, contains a DLL search-order hijacking vulnerability, allowing attackers to insert a malicious DLL in user-writeable PATH directories.
A vulnerability classified as problematic has been found in moonlightL hexo-boot 4.3.0. This affects an unknown part of the file /admin/home/index.html of the component Blog Backend. The manipulation
A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible t
A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets,
CVE-2026-44450
CRITICAL CVSS 9.9
Find Similar
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary names but forwards the args array to the c
An unrestricted upload of file with dangerous type vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to write malicious code in a specific file, which m
An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP
CVE-2026-4370
CRITICAL CVSS 10.0
Find Similar
A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to perform proper TLS client and server authen
CVE-2026-22903
CRITICAL CVSS 9.8
Find Similar
An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to c
Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet.
A vulnerability in the LUA interperter of the Remote Access SSL VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could
A security flaw has been discovered in sunhailin12315 product-review 商品评价系统 up to 91ead6890b4065bb45b7602d0d73348e75cb4639. This affects an unknown part of the component Write a Review. Performing man
A vulnerability in the PHP backend of gemsloyalty.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snipp
A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0 and classified as problematic. This issue affects some unknown processing of the file /product. The manipulation of the argument product_name l
Page 1+ Next →