Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where an authenticated request to the management en
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the pas
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279, where hard-coded credentials for the ftpuser account
CVE-2025-46117
CRITICAL CVSS 9.1
Find Similar
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where a hidden debug script `.ap_debug.sh` invoked
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where the authenticated configuration endpoint `/ad
CVE-2025-46122
CRITICAL CVSS 9.1
Find Similar
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the authenticated diagnostics API endpoint `/admin/_cmdstat.jsp` passes attacker-controlled inp
CVE-2025-46121
CRITICAL CVSS 9.8
Find Similar
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the functions `stamgr_cfg_adpt_addStaFavourite` and `stamgr_cfg_adpt_addStaIot` pass a client h
CVE-2025-46120
CRITICAL CVSS 9.8
Find Similar
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface le
Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers.
RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key.
In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user.
CVE-2025-44954
CRITICAL CVSS 9.8
Find Similar
RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account.
RUCKUS Network Director (RND) before 4.5 allows jailed users to obtain root access vis a weak, hardcoded password.
RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route.
Ruckus Access Point products contain an arbitrary file read vulnerability in the command-line interface that allows authenticated remote attackers with administrative privileges to read arbitrary file
Ruckus Unleashed contains a remote code execution vulnerability in the web-based management interface that allows authenticated remote attackers to execute arbitrary code on the system when gateway mo
A reflected Cross site scripting (XSS) vulnerability in Ruckus Unleashed 200.13.6.1.319 via the name parameter to the the captive-portal endpoint selfguestpass/guestAccessSubmit.jsp.
A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout U
Page 1+ Next →