Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). This issue uniquely
A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). On affected platforms, an administrative account logge
CVE-2025-3626
CRITICAL CVSS 9.1
Find Similar
A remote attacker with administrator account can gain full control of the device due to improper neutralization of special elements used in an OS Command ('OS Command Injection') while uploading a con
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker with Administrator-level privileges to exe
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote att
A vulnerability in the Captive Portal of an AOS-10 GW and AOS-8 Controller/Mobility Conductor could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack. Successful exploit
An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely.
An unauthenticated remote attacker can trick an admin to visit a website containing malicious java script code. The current overly permissive CORS policy allows the attacker to obtain any files from t
Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Fi
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. This vulnerability is du
An administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Unvalidated user
A malicious user with administrative privileges in the web portal would be able to manipulate the Diagnostics module to obtain remote code execution on the local device as a low privileged user.
A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS)
CVE-2025-2767
CRITICAL CVSS 9.6
Find Similar
Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Fire
Post-authenticated external control of system web interface configuration setting vulnerability in Danfoss AK-SM8xxA Series prior to 4.3.1, which could allow for a denial of service attack induced by
Page 1+ Next →