Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2024-5743
CRITICAL CVSS 9.8
Find Similar
An attacker could exploit the 'Use of Password Hash With Insufficient Computational Effort' vulnerability in EveHome Eve Play to execute arbitrary code. This issue affects Eve Play: through 1.1.42.
Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona-toolkit allows Encryption Brute Forcing.This issue affects percona-toolkit: 3.6.0.
Inadequate Encryption Strength vulnerability allow an authenticated attacker to execute arbitrary OS Commands via encrypted package upload.This issue affects Envoy: 4.x and 5.x
A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexCon
An attacker who can execute arbitrary Operating Systems commands, can bypass code signing enforcements in the kernel, and execute arbitrary native code. This vulnerability has been resolved in firmwar
An code execution vulnerability exists in the Xiaomi smarthome application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code
A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox.
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password sal
A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Affected products do not properly handle error messages and discloses sensitive password hash information when pro
CVE-2024-9441
CRITICAL CVSS 9.8
Find Similar
The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary OS commands via the login_id par
Frigate 3.36.0.9 contains a local buffer overflow vulnerability in the Command Line input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload to overflow the
A weakness has been identified in haxxorsid Stock-Management-System up to fbbbf213e9c93b87183a3891f77e3cc7095f22b0. This affects an unknown function of the file /api/employees. Executing manipulation
Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Version<= 4.7.18.0.eden:Logic Version<=6.00 - 2025_07_21 allows a remote attacker to execute arbitrary code via the /index.php compo
A vulnerability was found in Netis WF-2404 1.1.124EN. It has been rated as problematic. This issue affects some unknown processing of the file /еtc/passwd. The manipulation leads to use of weak hash.
An issue in Arris NVG443B 9.3.0h3d36 allows a physically proximate attacker to execute arbitrary code via the cshell login component.
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to execute arbitrary commands on the underlying operating system of an affected device.&
A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been declared as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulatio
CVE-2025-34039
CRITICAL CVSS 10.0
Find Similar
A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prior due to the exposure of the BeanShell testing servlet (bsh.servlet.BshServlet) without proper access controls. The servlet allows
A code execution vulnerability exists in the Xiaomi Game center application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious co
A vulnerability has been found in macrozheng mall up to 1.0.3. This impacts an unknown function of the component Registration. Such manipulation leads to weak password requirements. The attack can be
Page 1+ Next →