Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2025-48200
CRITICAL CVSS 10.0
Find Similar
The sr_feuser_register extension through 12.4.8 for TYPO3 allows Remote Code Execution.
The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference.
The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference.
The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8
A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /add_members.php. This vulnerability affects the file upload functionality, where improper file saniti
The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference.
TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, the multifactor authentication (MFA) dial
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user
TYPO3 is an open source, PHP based web content management system. Starting in version 10.0.0 and prior to versions 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, administrator-level backend
A remote code execution (RCE) vulnerability in the upload_file function of LRQA Nettitude PoshC2 after commit 123db87 allows authenticated attackers to execute arbitrary code via a crafted POST reques
CVE-2025-34104
CRITICAL CVSS 9.4
Find Similar
An authenticated remote code execution vulnerability exists in Piwik (now Matomo) versions prior to 3.0.3 via the plugin upload mechanism. In vulnerable versions, an authenticated user with Superuser
Cross Site Scripting vulnerability in Eskooly Web Product v.3.0 and before allows a remote attacker to execute arbitrary code via the message sending and user input fields.
CVE-2026-40783
CRITICAL CVSS 9.9
Find Similar
Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions.
CVE-2025-49372
CRITICAL CVSS 10.0
Find Similar
Improper Control of Generation of Code ('Code Injection') vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Remote Code Inclusion.This issue affects HAPPY: from n/a through
CVE-2025-29902
CRITICAL CVSS 10.0
Find Similar
Remote code execution that allows unauthorized users to execute arbitrary code on the server machine.
A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1).
Page 1+ Next →