Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2024-6695
CRITICAL CVSS 9.8
Find Similar
it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This is due to improper logic flow on the user reg
An authenticated user without user-management permissions could view other users account information.
An Authentication Bypass vulnerability in Blue Access' Cobalt X1 thru 02.000.187 allows an unauthorized attacker to log into the application as an administrator without valid credentials.
There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.
An authenticated user without user administrative permissions could change the administrator Account Name.
CVE-2023-53914
CRITICAL CVSS 9.3
Find Similar
UliCMS 2023.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through mass assignment in the UserController. Attackers can send a crafted PO
CVE-2025-52689
CRITICAL CVSS 9.8
Find Similar
Successful exploitation of the vulnerability could allow an unauthenticated attacker to obtain a valid session ID with administrator privileges by spoofing the login request, potentially allowing the
There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.
CVE-2022-25369
CRITICAL CVSS 9.8
Find Similar
An issue was discovered in Dynamicweb before 9.12.8. An attacker can add a new administrator user without authentication. This flaw exists due to a logic issue when determining if the setup phases of
Unauthenticated attackers can trigger device actions associated with specific "scenes" of arbitrary users.
Incorrect access control in the preHandle function of my-site v1.0.2.RELEASE allows attackers to access sensitive components without authentication.
Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to obtain information from other users via GET ‘/ajax/TInnova_v2/Integrantes_Recurso_v2_1/llamadaA
An authenticated user without user-management permissions could identify other user accounts.
CVE-2024-53496
CRITICAL CVSS 9.8
Find Similar
Incorrect access control in the doFilter function of my-site v1.0.2.RELEASE allows attackers to access sensitive components without authentication.
CVE-2025-65276
CRITICAL CVSS 9.8
Find Similar
An unauthenticated administrative access vulnerability exists in the open-source HashTech project (https://github.com/henzljw/hashtech) 1.0 thru commit 5919decaff2681dc250e934814fc3a35f6093ee5 (2021-0
Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This a
CVE-2021-47932
CRITICAL CVSS 9.3
Find Similar
WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation vulnerability that allows attackers to create administrator accounts by submitting crafted requests to the AJAX handler.
CVE-2025-10352
CRITICAL CVSS 9.3
Find Similar
Vulnerability in the melis-core module of Melis Technology's Melis Platform, which, if exploited, allows an unauthenticated attacker to create an administrator account via a request to '/melis/MelisCo
CVE-2019-25763
CRITICAL CVSS 9.3
Find Similar
WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functio
Page 1+ Next →