Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2025-60803
CRITICAL CVSS 9.8
Find Similar
Antabot White-Jotter up to commit 9bcadc was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the component /api/aaa;/../register.
A vulnerability, which was classified as problematic, was found in Antabot White-Jotter up to 0.2.2. Affected is an unknown function of the file /admin/content/book of the component Edit Book Handler.
A vulnerability classified as problematic was found in Antabot White-Jotter up to 0.2.2. Affected by this vulnerability is an unknown functionality of the file /admin/content/editor of the component A
A vulnerability, which was classified as problematic, has been found in Antabot White-Jotter up to 0.2.2. This issue affects some unknown processing of the file /login. The manipulation of the argumen
A vulnerability classified as problematic has been found in Antabot White-Jotter up to 0.2.2. Affected is an unknown function of the file /admin/content/editor of the component Article Content Editor.
jshERP up to commit fbda24da was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the jsh_erp function.
An unauthenticated remote code execution (RCE) vulnerability exists in applications that use the Replicator node package manager (npm) version 1.0.5 to deserialize untrusted user input and execute the
CVE-2024-48138
CRITICAL CVSS 9.8
Find Similar
A remote code execution (RCE) vulnerability in the component /PluXml/core/admin/parametres_edittpl.php of PluXml v5.8.16 and lower allows attackers to execute arbitrary code via injecting a crafted pa
CVE-2026-2329
CRITICAL CVSS 9.3
Find Similar
An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remot
CVE-2026-30352
CRITICAL CVSS 9.8
Find Similar
A remote code execution (RCE) vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows attackers to execute arbitrary code via providing a crafted command parameter.
A remote code execution (RCE) vulnerability in the upload_file function of LRQA Nettitude PoshC2 after commit 123db87 allows authenticated attackers to execute arbitrary code via a crafted POST reques
A remote code execution (RCE) vulnerability in the Postgres Drivers component of iceScrum v7.54 Pro On-prem allows attackers to execute arbitrary code via a crafted HTML page.
CVE-2024-40711
CRITICAL CVSS 9.8 KEV
Find Similar
A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).
CVE-2025-34039
CRITICAL CVSS 10.0
Find Similar
A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prior due to the exposure of the BeanShell testing servlet (bsh.servlet.BshServlet) without proper access controls. The servlet allows
CVE-2026-30741
CRITICAL CVSS 9.8
Find Similar
A remote code execution (RCE) vulnerability in OpenClaw Agent Platform v2026.2.6 allows attackers to execute arbitrary code via a Request-Side prompt injection attack.
A vulnerability was detected in PKrystian Full-Stack-Bank up to bf73a0179e3ff07c0d7dc35297cea0be0e5b1317. This vulnerability affects unknown code of the component User Handler. Performing manipulation
A Remote Code Execution (RCE) vulnerability was identified in GitHub Enterprise Server that allowed attackers to execute arbitrary code by exploiting the pre-receive hook functionality, potentially le
WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality.
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user
Page 1+ Next →