Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 exposes both access and secret keys in logs without redacti
Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 in `FacebookAuthFilter.java` results in a full request URL
An authenticated parameter injection vulnerability exists in the web-based management interface of the AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated user to
CVE-2025-34039
CRITICAL CVSS 10.0
Find Similar
A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prior due to the exposure of the BeanShell testing servlet (bsh.servlet.BshServlet) without proper access controls. The servlet allows
CVE-2023-25581
CRITICAL CVSS 9.2
Find Similar
pac4j is a security framework for Java. `pac4j-core` prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled valu
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the admin router explicitly whitelists /profile/cpu and /profile/memory from the authentication layer, allowing any
A broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitatio
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUST_LOG=debug sensiti
CVE-2026-31856
CRITICAL CVSS 9.3
Find Similar
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment
CVE-2024-43040
CRITICAL CVSS 9.1
Find Similar
Renwoxing Enterprise Intelligent Management System before v3.0 was discovered to contain a SQL injection vulnerability via the parid parameter at /fx/baseinfo/SearchInfo.
CVE-2026-30966
CRITICAL CVSS 10.0
Find Similar
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.7 and 8.6.20, Parse Server's internal tables, which store Relation field ma
CVE-2025-39551
CRITICAL CVSS 9.8
Find Similar
Deserialization of Untrusted Data vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Object Injection.This issue affects FluentBoards: from n/a through <= 1.47.
A security vulnerability has been identified in HPE Data Management Framework (DMF) Suite (CXFS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access.
The Janssen Project is an open-source identity and access management (IAM) platform. Prior to version 1.8.0, the Config API returns results without scope verification. This has a large internal surfac
CVE-2025-34103
CRITICAL CVSS 9.3
Find Similar
An unauthenticated command injection vulnerability exists in WePresent WiPG-1000 firmware versions prior to 2.2.3.0, due to improper input handling in the undocumented /cgi-bin/rdfs.cgi endpoint. The
A vulnerability was discovered in the storage policy for certain sets of authentication keys in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized
CVE-2025-68926
CRITICAL CVSS 9.8
Find Similar
RustFS is a distributed object storage system built in Rust. In versions prior to 1.0.0-alpha.78, RustFS implements gRPC authentication using a hardcoded static token `"rustfs rpc"` that is publicly e
Paroiciel 11.20 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tRecIdListe parameter. Attackers
An exposure of sensitive information vulnerability in GitHub Enterprise Server would allow an attacker to enumerate the names of private repositories that utilize deploy keys. This vulnerability did n
Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter. Attackers can
Page 1+ Next →