Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2026-4320
CRITICAL CVSS 9.3
Find Similar
Authorization Bypass vulnerability in Creartia's ICMS software could allow an attacker to gain unauthorized access to protected features by manipulating the HTTP redirect headers of the login process,
CVE-2025-26201
CRITICAL CVSS 9.1
Find Similar
Credential disclosure vulnerability via the /staff route in GreaterWMS <= 2.1.49 allows a remote unauthenticated attackers to bypass authentication and escalate privileges.
An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/update' endpoint, could allow an authenticated user with user modification privileges to escalate their p
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative ac
A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been classified as problematic. This affects an unknown part of the file /module/Api/Diario of the component API Endpoint. The mani
CVE-2024-14034
CRITICAL CVSS 9.3
Find Similar
Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative a
A vulnerability in Pantera CRM versions 401.152 and 402.072 allows unauthorized attackers to bypass IP-based access controls by manipulating the X-Forwarded-For header.
iCMS v8.0.0 contains a Cross-Site Scripting (XSS) vulnerability in the User Management component, specifically within the index.html file. This allows remote attackers to execute arbitrary web script
Authorization Bypass Through User-Controlled Key vulnerability in Propovoice Propovoice CRM.This issue affects Propovoice CRM: from n/a through 1.7.6.4.
A vulnerability classified as critical was found in Casdoor up to 1.811.0. This vulnerability affects the function HandleScim of the file controllers/scim.go of the component SCIM User Creation Endpoi
A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3. This affects an unknown part of the file /users/id of the component User ID Handler. The manipulation leads to au
CodexBar before 0.33.0 contains a credential forwarding vulnerability that allows network-adjacent attackers to intercept sensitive credentials by issuing cross-origin or HTTP-downgrade redirects to t
A local privilege escalation vulnerability exists in Agnitum Outpost Internet Security 8.1 that allows an unprivileged user to execute arbitrary code with SYSTEM privileges. The flaw resides in the ac
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain access to sensitive
A vulnerability in the web-based management interface of Cisco Catalyst Center Virtual Appliance could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vul
CVE-2024-5619
CRITICAL CVSS 9.6
Find Similar
Authorization Bypass Through User-Controlled Key vulnerability in PruvaSoft Informatics Apinizer Management Console allows Exploiting Incorrectly Configured Access Control Security Levels. This issue
WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation engine that allows authenticated attackers to access and modify contacts belonging to other tenants by sup
An URL redirection vulnerability was identified in GitHub Enterprise Server that allowed attacker-controlled redirects to leak sensitive authorization tokens. The repository_pages API insecurely follo
CVE-2025-20358
CRITICAL CVSS 9.8
Find Similar
A vulnerability in the Contact Center Express (CCX) Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative permissio
A vulnerability was found in code-projects Online Hospital Management System 1.0. The impacted element is an unknown function of the component Registration Handler. The manipulation of the argument Us
Page 1+ Next →