Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Cross Site Scripting vulnerability in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to execute arbitrary code via the legal_settings parameter.
CVE-2025-25962
CRITICAL CVSS 9.8
Find Similar
An issue in Coresmartcontracts Uniswap v.3.0 and fixed in v.4.0 allows a remote attacker to escalate privileges via the _modifyPosition function
CVE-2025-57118
CRITICAL CVSS 9.8
Find Similar
An issue in PHPGurukul Online-Library-Management-System v3.0 allows an attacker to escalate privileges via the index.php
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method
CVE-2025-28399
CRITICAL CVSS 9.8
Find Similar
An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class.
The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.5 via the `easyel_handle_register()` f
Multiple cross-site scripting (XSS) vulnerabilities in EasyVirt DC NetScope <= 8.6.4 allow remote attackers to inject arbitrary JavaScript or HTML code via the (1) smtp_server, (2) smtp_account, (3) s
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the menuId parameter
CVE-2025-28402
CRITICAL CVSS 9.8
Find Similar
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter
CVE-2025-28406
CRITICAL CVSS 9.8
Find Similar
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobLogId parameter
A vulnerability, which was classified as problematic, was found in q2apro q2apro-on-site-notifications up to 1.4.6. This affects the function process_request of the file q2apro-onsitenotifications-pag
CVE-2025-65473
CRITICAL CVSS 9.1
Find Similar
An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with Administrator privileges to execute arbitrary code via injecting a cra
CVE-2025-11457
CRITICAL CVSS 9.8
Find Similar
The EasyCommerce – AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin plugin for WordPress is vulnerable to Privilege Escalation in versions 0.9.0-beta2 to 1.8.2. This is due to the /easycommerce
CVE-2024-57052
CRITICAL CVSS 9.8
Find Similar
An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via the sessionID parameter in the index.php file.
Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally.
CVE-2024-27710
CRITICAL CVSS 9.8
Find Similar
An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the authentication mechanism.
A CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation when the server is accessed by a privileged account via a console and through exploitation of a
A security flaw has been discovered in EasyCMS up to 1.6. The impacted element is an unknown function of the file /RbacuserAction.class.php of the component Request Parameter Handler. The manipulation
CVE-2026-31049
CRITICAL CVSS 9.8
Find Similar
An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code and escalate privileges via the CSV registration field
Page 1+ Next →