Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
An unauthenticated remote attacker can exploit input validation in cmd services of the devices, allowing them to disrupt system operations and potentially cause a denial-of-service.
An unauthenticated remote attacker can exploit insufficient input validation to write data beyond the bounds of a buffer, potentially leading to a denial-of-service condition for the devices.
CVE-2024-36455
CRITICAL CVSS 9.4
Find Similar
An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request.
A vulnerability in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with valid administrative privileges to execute arbitrary comm
Due to missing input validation during one step of the firmware update process, the product is vulnerable to remote code execution. With network access and the user level ”Service”, an attacker can ex
Multiple vulnerabilities in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with administrative privileges to perform command inj
CVE-2026-34910
CRITICAL CVSS 10.0 KEV
Find Similar
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of engineering workstation when specific driver interface is invoked locally by an authenticated user with cra
CVE-2025-64093
CRITICAL CVSS 9.8
Find Similar
Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device.
CVE-2024-35293
CRITICAL CVSS 9.1
Find Similar
An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS.
CVE-2025-41651
CRITICAL CVSS 9.8
Find Similar
Due to missing authentication on a critical function of the devices an unauthenticated remote attacker can execute arbitrary commands, potentially enabling unauthorized upload or download of configura
A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to perform
An unauthenticated remote attacker can send a specially crafted Modbus read command to the device which leads to a denial of service.
CVE-2026-47370
CRITICAL CVSS 9.9
Find Similar
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within
An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device's web server functionality by sending a specially crafted HTTP request with a malicious header, potential
CVE-2024-52320
CRITICAL CVSS 9.3
Find Similar
The affected product is vulnerable to a command injection. An unauthenticated attacker could send commands through a malicious HTTP request which could result in remote code execution.
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with
Page 1+ Next →