Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups.
PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions.
PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions o
The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including thos
Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector.
A potential missing authentication vulnerability was reported in some Lenovo Tablets that could allow an unauthorized user with physical access to modify Control Center settings if the device is locke
Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 suffers from insufficient server-side authorization. Authenticated attackers can call several endpoints and perform create/update
Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network.
CVE-2026-56423
CRITICAL CVSS 9.4
Find Similar
MISP Core contained broken access-control checks in the bulk deletion flows for Event Reports and Sharing Groups. The affected deleteSelection handlers authorized deletion using broad role-level permi
CVE-2024-12371
CRITICAL CVSS 9.3
Find Similar
A device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. This vulnerability allows configuration of a new Policyholder user without any authentication via API. Policyholde
An incorrect permission assignment for a critical resource vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker with low-privileged creden
A local low privileged attacker can bypass the authentication of the Device Manager user interface, allowing them to perform privileged operations and gain administrator access.
CVE-2026-0092
CRITICAL CVSS 10.0
Find Similar
In Package Manager, there is a possible device lock controller bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
Improper access control in the EDECCSSA user leaf function for some Intel(R) Processors with Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access.
A user with API access and "manage users" permission in any venueless world is able to trigger deletion of user accounts in other worlds.
CVE-2025-47966
CRITICAL CVSS 9.8
Find Similar
Exposure of sensitive information to an unauthorized actor in Power Automate allows an unauthorized attacker to elevate privileges over a network.
A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints fail to per
A security issue was identified in Pavilion due to improper authorization enforcement in API endpoints. This vulnerability can allow an unauthorized actor to execute privileged operations, including u
Page 1+ Next →