Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to extract the proprietary "Dingtian Binary" protocol password by
All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to retrieve the current user's username without authentication.
CVE-2025-1283
CRITICAL CVSS 9.3
Find Similar
The Dingtian DT-R0 Series is vulnerable to an exploit that allows attackers to bypass login requirements by directly navigating to the main page.
This vulnerability exists in the Tinxy smart devices due to storage of credentials in plaintext within the device firmware. An attacker with physical access could exploit this by extracting the firmwa
CVE-2025-49082 is a vulnerability in the management console of Absolute Secure Access prior to version 13.56. Attackers with administrative access to the console and who have been assigned a certain s
CVE-2025-46272
CRITICAL CVSS 9.3
Find Similar
WGS-80HPT-V2 and WGS-4215-8T2S are vulnerable to a command injection attack that could allow an unauthenticated attacker to execute OS commands on the host system.
A vulnerability has been found in Dahua products.After obtaining the ordinary user's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities,
CVE-2024-41788
CRITICAL CVSS 9.4
Find Similar
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the input parameters in specific GET requests. This coul
CVE-2024-12356
CRITICAL CVSS 9.8 KEV
Find Similar
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site us
Vulnerability of improper authentication logic implementation in the file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
A vulnerability was detected in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. This affects an unknown function of the file crm/WeiXinApp/dingtalk/index_event.php. The manipulati
CVE-2025-26389
CRITICAL CVSS 10.0
Find Similar
A vulnerability has been identified in OZW672 (All versions < V8.0), OZW772 (All versions < V8.0). The web service in affected devices does not sanitize the input parameters required for the `exportDi
An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost.
CVE-2025-46581
CRITICAL CVSS 9.8
Find Similar
ZTE's ZXCDN product is affected by a Struts remote code execution (RCE) vulnerability. An unauthenticated attacker can remotely execute commands with non-root privileges.
An unauthenticated command injection vulnerability exists in the Start_EPI function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The vulnerability occurs bec
CVE-2024-53944
CRITICAL CVSS 9.8
Find Similar
An issue was discovered on Tuoshi/Dionlink LT15D 4G Wi-Fi devices through M7628NNxlSPv2xUI_v1.0.1802.10.08_P4 and LT21B devices through M7628xUSAxUIv2_v1.0.1481.15.02_P0. A unauthenticated remote atta
An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access.
Plaintext vulnerability in the Gallery search module. Impact: Successful exploitation of this vulnerability will affect availability.
Vulnerability of serialisation/deserialisation mismatch in the iAware module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Page 1+ Next →