Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2025-12871
CRITICAL CVSS 9.3
Find Similar
The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and use them to access the system with elevated
CVE-2025-12870
CRITICAL CVSS 9.3
Find Similar
The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access
The a+HRD from aEnrich Technology has a Server-side Request Forgery, allowing unauthenticated remote attackers to exploit this vulnerability to probe internal network.
The a+HRD from aEnrich Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing
The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method.
CVE-2025-26201
CRITICAL CVSS 9.1
Find Similar
Credential disclosure vulnerability via the /staff route in GreaterWMS <= 2.1.49 allows a remote unauthenticated attackers to bypass authentication and escalate privileges.
A missing authorization vulnerability in Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to modify system settings without prior authorization.
CVE-2024-12356
CRITICAL CVSS 9.8 KEV
Find Similar
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site us
An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely.
There is an elevation of privilege vulnerability in server and client components of Absolute Secure Access prior to version 13.07. Attackers with local access and valid desktop user credentials can el
CVE-2025-1393
CRITICAL CVSS 9.8
Find Similar
An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product.
CVE-2020-37135
CRITICAL CVSS 9.3
Find Similar
AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and
A broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitatio
A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated (low-privileged) attacker to recover the plaintext passwords of other users.
A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm.
A vulnerability in the command-line interface of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to escalate privileges. Successful exploitation of this v
The SolarWinds Access Rights Manager was found to be susceptible to a pre-authentication remote code execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to run com
CVE-2024-20329
CRITICAL CVSS 9.9
Find Similar
A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerabili
A local privilege escalation vulnerability exists in Agnitum Outpost Internet Security 8.1 that allows an unprivileged user to execute arbitrary code with SYSTEM privileges. The flaw resides in the ac
A vulnerability in the web application of ctrlX OS allows a remote unauthenticated attacker to conduct various attacks against users of the vulnerable system, including web cache poisoning or Man-in-t
Page 1+ Next →