Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Client-Side Enforcement of Server-Side Security vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of required permission check.  This impacts OmniStudio: before Spring 2025
CVE-2025-43698
CRITICAL CVSS 9.1
Find Similar
Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of field level security controls for Salesforce objects. This impacts OmniStudio: before Spring 2
Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of encrypted data.  This impacts OmniStudio: before Spring 2025.
Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of Custom Settings data.  This impacts OmniStudio: before version 254.
Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (DataMapper) allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025
A Server-Side Request Forgery (SSRF) vulnerability was discovered in the videx-legacy-ssl web service of Videx’s CyberAudit-Web, affecting versions prior to 1.1.3. This vulnerability has been patched
Cross-Site Request Forgery (CSRF) vulnerability in flexostudio flexo-social-gallery flexo-social-gallery allows Cross Site Request Forgery.This issue affects flexo-social-gallery: from n/a through <=
Backstage is an open framework for building developer portals. Prior to 0.27.1, a Server-Side Request Forgery (SSRF) vulnerability exists in @backstage/plugin-auth-backend when auth.experimentalClient
A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Web Services feature of newer Lexmark devices.
Omnissa Workspace ONE UEM contains a Server-Side Request Forgery (SSRF) Vulnerability. A malicious actor with user privileges may be able to access restricted internal system information, potentially
A local server-side request forgery (SSRF) security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to trigger outbound SMB
Server-Side Request Forgery (SSRF) vulnerability in brandexponents Oshine Modules oshine-modules.This issue affects Oshine Modules: from n/a through < 3.3.8.
A vulnerability was determined in OWAP DefectDojo up to 2.55.4. Affected by this vulnerability is an unknown functionality of the component Benchmark/Engagement/Product/Survey. Executing a manipulatio
CVE-2026-31017
CRITICAL CVSS 9.1
Find Similar
A Server-Side Request Forgery (SSRF) vulnerability exists in the Print Format functionality of ERPNext v16.0.1 and Frappe Framework v16.1.1, where user-supplied HTML is insufficiently sanitized before
Server-Side Request Forgery (SSRF) vulnerability in mra13 Compact WP Audio Player compact-wp-audio-player allows Server Side Request Forgery.This issue affects Compact WP Audio Player: from n/a throug
Server-Side Request Forgery vulnerability allows Privilege Escalation via API Checker extension. This issue affects Pandora FMS: from 777 through 800
A vulnerability classified as critical has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected is the function FCGI_CheckStringIfContainsS
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects the function FCGI_CheckStringIfCon
Server-Side Request Forgery (SSRF) vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 6.0.4.
A client-side enforcement of server-side security vulnerability [CWE-602] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least re
Page 1+ Next →