Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity Series. An unauthe
CVE-2025-41652
CRITICAL CVSS 9.8
Find Similar
The devices are vulnerable to an authentication bypass due to flaws in the authorization mechanism. An unauthenticated remote attacker could exploit this weakness by performing brute-force attacks to
CVE-2025-40805
CRITICAL CVSS 10.0
Find Similar
Affected devices do not properly enforce user authentication on specific API endpoints. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitima
CVE-2024-53944
CRITICAL CVSS 9.8
Find Similar
An issue was discovered on Tuoshi/Dionlink LT15D 4G Wi-Fi devices through M7628NNxlSPv2xUI_v1.0.1802.10.08_P4 and LT21B devices through M7628xUSAxUIv2_v1.0.1481.15.02_P0. A unauthenticated remote atta
Unauthenticated attackers can trigger device actions associated with specific "scenes" of arbitrary users.
An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device's web server functionality by sending a specially crafted HTTP request with a malicious header, potential
A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by lur
Unauthenticated attackers can add devices of other users to their scenes (or arbitrary scenes of other arbitrary users).
A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) se
An unauthenticated remote attacker is able to use an existing session id of a logged in user and gain full access to the device if configuration via ethernet is enabled.
A security vulnerability was discovered in the local status page functionality of Cisco Meraki’s MX67 and MX68 security appliance models that may allow unauthenticated individuals to access and downlo
CVE-2025-6950
CRITICAL CVSS 9.9
Find Similar
An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security appliances and routers. The system employs a hard-coded secret key to sign JSON Web Tokens (JWT) used for
Unauthenticated attackers can send configuration settings to device and possible perform physical actions remotely (e.g., on/off).
CVE-2025-64093
CRITICAL CVSS 9.8
Find Similar
Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device.
CVE-2026-20079
CRITICAL CVSS 10.0
Find Similar
A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an a
A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device. This vulnerability exists
CVE-2026-32968
CRITICAL CVSS 9.8
Find Similar
Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the com_mb24sysapi module, resulting in full system
A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints.
An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes.
The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration an
Page 1+ Next →