Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function.
An unauthenticated remote attacker can obtain limited sensitive information and/or DoS the device due to missing authentication for critical function.
CVE-2024-35293
CRITICAL CVSS 9.1
Find Similar
An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS.
CVE-2025-41715
CRITICAL CVSS 9.8
Find Similar
The database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it.
CVE-2025-41651
CRITICAL CVSS 9.8
Find Similar
Due to missing authentication on a critical function of the devices an unauthenticated remote attacker can execute arbitrary commands, potentially enabling unauthorized upload or download of configura
A remote unauthenticated attacker may be able to bypass authentication by utilizing a specific API route to execute arbitrary OS commands.
An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials.
CVE-2025-53118
CRITICAL CVSS 9.8
Find Similar
An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session t
CVE-2022-50981
CRITICAL CVSS 9.8
Find Similar
An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced.
CVE-2024-23943
CRITICAL CVSS 9.1
Find Similar
An unauthenticated remote attacker can gain access to the cloud API due to a lack of authentication for a critical function in the affected devices. Availability is not affected.
CVE-2025-1393
CRITICAL CVSS 9.8
Find Similar
An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product.
CVE-2025-10452
CRITICAL CVSS 9.3
Find Similar
Statistical Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents with high-level privi
CVE-2025-26342
CRITICAL CVSS 9.8
Find Similar
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to create ar
CVE-2024-50375
CRITICAL CVSS 9.8
Find Similar
A CWE-306 "Missing Authentication for Critical Function" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1
CVE-2025-26341
CRITICAL CVSS 9.8
Find Similar
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset arb
An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP.
Due to improper authentication mechanism an unauthenticated remote attacker can enumerate valid usernames.
The endpoint hosts a script that allows an unauthorized remote attacker to put the system in a fail-safe state over the network due to missing authentication.
An unauthenticated remote attacker can access a URL which causes the device to reboot.
CVE-2025-26359
CRITICAL CVSS 9.8
Find Similar
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset use
Page 1+ Next →