Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
A vulnerability in Forescout SecureConnector v11.3.07.0109 on Windows allows unauthenticated user to modify compliance scripts due to insecure temporary directory.
A remote code execution vulnerability exists in the Windows agent component of SecureConnector due to improper access controls on a named pipe. The pipe is accessible to the Everyone group and does no
CVE-2025-49083 is a vulnerability in the management console of Absolute Secure Access after version 12.00 and prior to version 13.56. Attackers with administrative access to the console can cause unsa
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized access to sensitive files when an authenticated attackers uses
A vulnerability, which was classified as problematic, has been found in Discord up to 1.0.9177 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll. The manipula
A vulnerability has been found in Oiwtech OIW-2431APGN-HP 2.5.3-B20131128 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formScript of the component Personal S
A vulnerability classified as problematic has been found in ruifang-tech Rebuild 3.8.6. This affects an unknown part of the file /project/050-9000000000000001/tasks of the component Project Tasks Sect
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiDLP Agent's Outlookproxy plugin for Windows 11.5.1 and 11.4.2 through 11.4.6 a
Insecure Permissions vulnerability in SecureSTATION v.2.5.5.3116-S50-SMA-B20160811A and before allows a physically proximate attacker to obtain sensitive information via the modification of user crede
CVE-2025-26155
CRITICAL CVSS 9.8
Find Similar
NCP Secure Enterprise Client 13.18 and NCP Secure Entry Windows Client 13.19 have an Untrusted Search Path vulnerability.
csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories.
An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users of `path.join` API
CVE-2025-24472
HIGH CVSS 8.1 KEV
Find Similar
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote
NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows services that allows local users to potentially execute arbitrary code. Attackers can exploit the unquot
Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally.
Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally.
A vulnerability in Intrexx Portal Server 12.0.2 and earlier which was classified as problematic potentially allows users with particular permissions under certain conditions to see potentially sensiti
UnForm Server versions < 10.1.15 contain an unauthenticated arbitrary file read and SMB coercion vulnerability in the Doc Flow feature’s 'arc' endpoint. The Doc Flow module uses the 'arc' handler to r
Page 1+ Next →