Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
HCL Digital Experience components Ring API and dxclient may be vulnerable to man-in-the-middle (MitM) attacks prior to 9.5 CF226. An attacker could intercept and potentially alter communication betwe
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions). The affected application uses a monitoring interface that is not operating in a strictly passive mode
The API communication component fails to validate the SSL/TLS certificate when sending HTTPS requests to the server. An improper certificates validation vulnerability allows an unauthenticated remote
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product lacks HSTS (HTTP Strict Transport Security) configuration. When an attacker performs a Man in th
A flaw was found in the OpenShift Router. When a Route has `insecureEdgeTerminationPolicy` set to Allow, the HTTP frontend does not remove `X-SSL-Client-*` headers from incoming requests. This allows
Man-in-the-middle attack vulnerability in the Clone module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Improper authorization vulnerability exists in RICOH Streamline NX 3.5.1 to 24R3. If a man-in-the-middle attack is conducted on the communication between the affected product and its user, and some cr
A reflected cross-site scripting (XSS) vulnerability in the CGI program "dynamic_script.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.5
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is an unknown f
HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection.  An attacker can manipulate the Host header and cause the application to behave in unexpected w
A vulnerability in the Multimedia Email component of Mitel MiContact Center Business through 10.2.0.10 and Mitel CX through 1.1.0.1 could allow an unauthenticated attacker to conduct a Cross-Site Scri
A vulnerability was found in Datacom DM4100 1.3.6.1.4.1.3709. This affects an unknown part of the component Ethernet Configuration Page. Performing a manipulation of the argument Name results in cross
Dell PowerFlex Manager, versions prior to 4.5.1.1, contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to m
HCL Aftermarket DPC is affected by Cross Domain Script Include vulnerability where an attacker using external scripts can tamper with the DOM, altering the content or behavior of the application. Mali
A vulnerability was determined in YunaiV yudao-cloud up to 2025.11. This affects the function BpmHttpCallbackTrigger/BpmSyncHttpRequestTrigger of the component Business Process Management. Executing m
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects some unknown processing of the fil
HCL Aftermarket DPC is affected by HTTP Response Splitting vulnerability where in depending on how the web application handles the split response, an attacker may be able to execute arbitrary commands
An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The /cgi-bin/luci/admin/opsw/Dual_freq_un_apple endpoint is vulnerable to command injecti
An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to access the Diffie-Hellman (DH) parameters and access sensitive data or execute a man-in-the-middle attack.
A vulnerability has been found in Datacom DM4100 1.3.6.1.4.1.3709. Affected by this issue is some unknown functionality of the component VLAN Page. Such manipulation of the argument VLAN Name leads to
Page 1+ Next →