Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Insufficient protection against brute-force and runtime manipulation in the local authentication component in Two App Studio Journey 5.5.6 on iOS allows local attackers to bypass biometric and PIN-bas
Unencrypted storage in the database in Two App Studio Journey v5.5.9 for iOS allows local attackers to extract sensitive data via direct access to the app’s filesystem.
A flaw exists in the Windows login flow where an AuthContext token can be exploited for replay attacks and authentication bypass.
CVE-2025-52395
CRITICAL CVSS 9.8
Find Similar
An issue in Roadcute API v.1 allows a remote attacker to execute arbitrary code via the application exposing a password reset API endpoint that fails to validate the identity of the requester properly
An issue in Baidu (China) Co Ltd Baidu Input Method (iOS version) v12.6.13 allows attackers to access user information via supplying a crafted link.
CVE-2024-12603
CRITICAL CVSS 9.8
Find Similar
A logic vulnerability in the the mobile application (com.transsion.applock) can lead to bypassing the application password.
Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local attackers to remove passcodes by injecting pre-encrypted database entries using a constant encryption ke
An issue in Hangzhou Bobo Technology Co Ltd UU Game Booster iOS 10.6.13 allows attackers to access sensitive user information via supplying a crafted link.
An issue in Shenzhen Intellirocks Tech Co. Ltd Govee Home iOS 6.5.01 allows attackers to access sensitive user information via supplying a crafted payload.
A local code execution security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to extract files using path traversal seque
A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading
Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code.
Incorrect access control in Ullu (Android version v2.9.929 and IOS version v2.8.0) allows attackers to bypass parental pin feature via unspecified vectors.
In multiple locations, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User in
An authentication bypass vulnerability could allow an attacker to access API functions without authentication.
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks.
CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of engineering workstation when specific driver interface is invoked locally by an authenticated user with cra
A weakness has been identified in iHongRen pptp-vpn 1.0/1.0.1 on macOS. This issue affects the function shouldAcceptNewConnection of the file HelpTool/HelperTool.m of the component XPC Service. This m
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a local attacker to perform an Authentication Bypass attack due to improperly i
IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 is vulnerable to authentication bypass by using the Local Authentication Framework library which is not needed as biometric authentication is n
Page 1+ Next →