Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
A specific administrative endpoint is accessible without proper authentication, exposing device management functions.
CVE-2026-24789
CRITICAL CVSS 9.3
Find Similar
An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication.
CVE-2026-22909
CRITICAL CVSS 9.1
Find Similar
Certain system functions may be accessed without proper authorization, allowing attackers to start, stop, or delete installed applications, potentially disrupting system operations.
A local low privileged attacker can bypass the authentication of the Device Manager user interface, allowing them to perform privileged operations and gain administrator access.
Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network to tamper with the system.
Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally.
CVE-2025-4427
HIGH CVSS 7.5 KEV
Find Similar
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
CVE-2025-41651
CRITICAL CVSS 9.8
Find Similar
Due to missing authentication on a critical function of the devices an unauthenticated remote attacker can execute arbitrary commands, potentially enabling unauthorized upload or download of configura
An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials.
Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing (CORS) rules that allow cross-site theft.
An unauthenticated remote attacker can obtain limited sensitive information and/or DoS the device due to missing authentication for critical function.
Missing authentication for critical function vulnerability in BUFFALO Wi-Fi router products may allow an attacker to forcibly reboot the product without authentication.
Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endpoints, causing severe denial of service.
CVE-2024-35293
CRITICAL CVSS 9.1
Find Similar
An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS.
PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions.
Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally.
The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication.
CVE-2025-11534
CRITICAL CVSS 9.3
Find Similar
The affected Raisecom devices allow SSH sessions to be established without completing user authentication. This could allow attackers to gain shell access without valid credentials.
Page 1+ Next →