Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2026-32253
CRITICAL CVSS 9.8
Find Similar
Sunshine is a self-hosted game stream host for Moonlight. In versions prior to 2026.516.143833, the client-certificate authentication can be bypassed because of how OpenSSL verification results are ha
Sunshine is a self-hosted game stream host for Moonlight. Clients that experience a MITM attack during the pairing process may inadvertantly allow access to an unintended client rather than failing au
Sunshine is a self-hosted game stream host for Moonlight. In 0.23.1 and earlier, Sunshine's pairing protocol implementation does not validate request order and is thereby vulnerable to a MITM attack,
Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Cross-Site Request Forgery (CSRF) attacks. This vulnerability
Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Clickjacking attacks. This vulnerability allows an attacker to
Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.923.33222, the Windows service SunshineService is installed with an unquoted executable path. If Sunshine is installed i
A local privilege escalation vulnerability exists in Sunshine for Windows (version v2025.122.141614 and likely prior versions) due to an unquoted service path.
When tlsInsecure=False appears in a connection string, certificate validation is disabled. This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5
An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP
Sunshine for Windows, version v2025.122.141614, contains a DLL search-order hijacking vulnerability, allowing attackers to insert a malicious DLL in user-writeable PATH directories.
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire’s SASL EXTERNAL mechanism for client TLS authentication contains a vulnerability in how it extracts user identities f
Altium Designer version 24.9.0 does not validate self-signed server certificates for cloud connections. An attacker capable of performing a man-in-the-middle (MITM) attack could exploit this issue to
Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart.This issue affects Sunshine Photo Cart: from n/a through <= 3.2.1.
CVE-2025-48057
CRITICAL CVSS 9.3
Find Similar
Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.1
An information disclosure vulnerability exists in the lunary-ai/lunary, specifically in the `runs/{run_id}/related` endpoint. This endpoint does not verify that the user has the necessary access right
Idira Vendor PAM - Self-Hosted Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bullet
An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.
A Server-Side Request Forgery (SSRF) vulnerability exists in parisneo/lollms versions prior to 2.2.0, specifically in the `/api/files/export-content` endpoint. The `_download_image_to_temp()` function
CVE-2025-15346
CRITICAL CVSS 9.3
Find Similar
A vulnerability in the handling of verify_mode = CERT_REQUIRED in the wolfssl Python package (wolfssl-py) causes client certificate requirements to not be fully enforced.  Because the WOLFSSL_VERIFY_
Page 1+ Next →