Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2025-6029
CRITICAL CVSS 9.4
Find Similar
Use of fixed learning codes, one code to lock the car and the other code to unlock it, the Key Fob Transmitter in KIA-branded Aftermarket Generic Smart Keyless Entry System, primarily distributed in
CVE-2025-6030
CRITICAL CVSS 9.4
Find Similar
Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the Key Fob Transmitter in Cyclone Matrix TRF Smart Keyless Entry System, which allows a replay attack. Rese
Yadea T5 Electric Bicycles (models manufactured in/after 2024) have a weak authentication mechanism in their keyless entry system. The system utilizes the EV1527 fixed-code RF protocol without impleme
Incorrect access control in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to arbitrarily change odometer readings in the vehicle by targeting the instrument cl
The RF communication protocol in the Micca KE700 car alarm system does not encrypt its data frames. An attacker with a radio interception tool (e.g., SDR) can capture the random number and counters tr
An issue in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to control or disrupt CAN communication between the instrument cluster and CAN bus. NOTE: this is dis
CVE-2021-27289
CRITICAL CVSS 9.1
Find Similar
A replay attack vulnerability was discovered in a Zigbee smart home kit manufactured by Ksix (Zigbee Gateway Module = v1.0.3, Door Sensor = v1.0.7, Motion Sensor = v1.0.12), where the Zigbee anti-repl
CVE-2025-44619
CRITICAL CVSS 9.1
Find Similar
Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi network, allowing attackers to join the network without authentication.
An issue in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to cause a Denial of Service (DoS) via ECU reset UDS service. NOTE: this is disputed by the Supplier
ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key.
The MIB3 infotainment unit used in Skoda and Volkswagen vehicles does not incorporate any privilege separation for the proprietary inter-process communication mechanism, leaving attackers with presenc
There is a misconfiguration vulnerability inside the Infotainment ECU manufactured by BOSCH. The vulnerability happens during the startup phase of a specific systemd service, and as a result, the foll
The use of a hard-coded cryptographic key was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software contains a hard-coded AES key used to pr
The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN t
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GT Designer3 Version1 (GOT2000) all versions and Mitsubishi Electric GT Designer3 Version1 (GOT1000) all versions allows
Tinxy WiFi Lock Controller v1 RF was discovered to store users' sensitive information, including credentials and mobile phone numbers, in plaintext.
Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with Secure Boot disabled. This allows an attacker to flash modified firmware with no cryptographic protections.
OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command usi
Insecure Storage of Sensitive Information vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Retrieve Embedded Sensitive Data. This issue affects Senseway:
Page 1+ Next →