Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
An authenticated user without user-management permissions could identify other user accounts.
An authenticated user without user-management permissions could view other users account information.
Due to improper authentication mechanism an unauthenticated remote attacker can enumerate valid usernames.
An authenticated user without user administrative permissions could change the administrator Account Name.
An unauthenticated user could discover account credentials via a brute-force attack without rate limiting
A low-privileged user can bypass account credentials without confirming the user's current authentication state, which may lead to unauthorized privilege escalation.
An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other user`s password.
An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint.
Due to a lack of authentication, it is possible for an unauthenticated user to request data from this endpoint, making the application vulnerable for user enumeration.
CVE-2024-6695
CRITICAL CVSS 9.8
Find Similar
it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This is due to improper logic flow on the user reg
An authenticated user attempting to change their password could do so without using the current password.
Unauthenticated attackers can trigger device actions associated with specific "scenes" of arbitrary users.
The affected products could allow an unauthenticated attacker to access system information that could enable further access to sensitive files and obtain administrative credentials.
An authenticated administrator could modify the Created By username for a user account
Unauthenticated attackers can retrieve serial number of smart meters associated to a specific user account.
A vulnerability exists in NSD570 that allows any authenticated user to access all device logs disclosing login information with timestamps.
Page 1+ Next →