Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
A specific administrative endpoint is accessible without proper authentication, exposing device management functions.
Incorrect access control in the REST API endpoint of HubSpot v1.29441 allows unauthenticated attackers to view users' data without proper authorization.
Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.
Due to a lack of authentication, it is possible for an unauthenticated user to request data from this endpoint, making the application vulnerable for user enumeration.
The "serverConfig" endpoint, which returns the module configuration including credentials, is accessible without authentication.
Improper access control in the notification management endpoints in Devolutions Server allows an unauthenticated attacker to modify or delete arbitrary user notification records via missing session va
An access control issue in the component /login/hostinfo.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensitive information without authentication.
Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network.
CVE-2026-34759
CRITICAL CVSS 9.2
Find Similar
OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, multiple notification API endpoints are registered without authentication middleware, while sibling endpoin
An authenticated user without user-management permissions could view other users account information.
Unauthenticated Broken Access Control in Easy Appointments <= 3.12.21 versions.
CVE-2026-22909
CRITICAL CVSS 9.1
Find Similar
Certain system functions may be accessed without proper authorization, allowing attackers to start, stop, or delete installed applications, potentially disrupting system operations.
CVE-2025-4427
HIGH CVSS 7.5 KEV
Find Similar
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
Unauthenticated users on the local network can cause the router to become unavailable by sending specially crafted requests.
An access control issue in the component /login/hostinfo2.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensitive information without authentication.
There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.
The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information.
Page 1+ Next →