Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
This vulnerability exists in RupeeWeb trading platform due to insufficient authorization controls on certain API endpoints handling addition and deletion operations. Successful exploitation of this vu
This vulnerability exists in RupeeWeb trading platform due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sendi
This vulnerability exists in RupeeWeb trading platform due to improper implementation of OTP validation mechanism in certain API endpoints. A remote attacker with valid credentials could exploit this
CVE-2024-45586
CRITICAL CVSS 9.2
Find Similar
This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms (version 2.0.0.1_P160). An authenticated remote
CVE-2024-45588
CRITICAL CVSS 9.1
Find Similar
This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Preference module of the application. An authenticated remote attacke
CVE-2024-45587
CRITICAL CVSS 9.1
Find Similar
This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Transaction module of vulnerable application. An authenticated remote
CVE-2025-42605
CRITICAL CVSS 9.3
Find Similar
This vulnerability exists in Meon Bidding Solutions due to improper authorization controls on certain API endpoints for the initiation, modification, or cancellation operations. An authenticated remot
A vulnerability, which was classified as problematic, was found in pankajindevops scale up to 20241113. This affects an unknown part of the component API Endpoint. The manipulation leads to improper a
A vulnerability, which was classified as problematic, has been found in 70mai M300 up to 20250611. This issue affects some unknown processing of the component HTTP Server. The manipulation leads to in
A vulnerability, which was classified as problematic, was found in Control iD RH iD 25.2.25.0. This affects an unknown part of the file /v2/customerdb/person.svc/change_password of the component API H
This vulnerability exists in e-Sushrut due to exposure of OTPs in plaintext within API responses. A remote attacker could exploit this vulnerability by intercepting API responses containing valid OTPs
This vulnerability exists in the CAP back office application due to a weak password-reset mechanism implemented at API endpoints. An authenticated remote attacker with a valid login ID could exploit t
A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been declared as critical. This vulnerability affects unknown code of the file /module/Api/pessoa of the component API Endpoint. Th
This vulnerability exists in the CAP back office application due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipul
This vulnerability exists in Shilpi Client Dashboard due to lack of authorization for modification and cancellation requests through certain API endpoints. An authenticated remote attacker could explo
This vulnerability exists in the CAP back office application due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sendi
A vulnerability was found in jack0240 魏 bskms 蓝天幼儿园管理系统 up to dffe6640b5b54d8e29da6f060e0493fea74b3fad. It has been rated as critical. Affected by this issue is some unknown functionality of the file
A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file /etc/boa.conf of the component Web Interface. Such manipulation leads to least p
A security vulnerability has been detected in projectsend up to r1945. The affected element is an unknown function of the component AJAX Endpoints. The manipulation leads to missing authorization. The
An URL redirection vulnerability was identified in GitHub Enterprise Server that allowed attacker-controlled redirects to leak sensitive authorization tokens. The repository_pages API insecurely follo
Page 1+ Next →