Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2026-7413
CRITICAL CVSS 9.8
Find Similar
A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, canno
CVE-2026-7414
CRITICAL CVSS 9.8
Find Similar
Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running this firmware and cannot be changed or re
CVE-2025-34117
CRITICAL CVSS 9.3
Find Similar
A remote code execution vulnerability exists in multiple Netcore and Netis routers models with firmware released prior to August 2014 due to the presence of an undocumented backdoor listener on UDP po
This vulnerability fundamentally arises from yzcheng90 X-SpringBoot 6.0's implementation of role-based access control (RBAC) through dual dependency on frontend menu systems and backend permission tab
An authentication bypass vulnerability in the Tongyu AX1800 Wi-Fi 6 Router with firmware 1.0.0 allows unauthenticated network-adjacent attackers to perform arbitrary configuration changes without prov
CVE-2025-48469
CRITICAL CVSS 9.6
Find Similar
Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload firmware through a public update page, potentially leading to backdoor installation or privilege escalati
improper access control in firmware for some Intel(R) FPGA products before version 24.1 may allow a privileged user to enable escalation of privilege via local access.
A vulnerability classified as critical was found in Wifi-soft UniBox Controller up to 20250506. Affected by this vulnerability is an unknown functionality of the file /authentication/logout.php. The m
A vulnerability, which was classified as critical, has been found in Wifi-soft UniBox Controller up to 20250506. Affected by this issue is some unknown functionality of the file /billing/test_accessco
CVE-2024-12356
CRITICAL CVSS 9.8 KEV
Find Similar
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site us
CVE-2024-20418
CRITICAL CVSS 10.0
Find Similar
A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated, remo
thingino-firmware versions up to the firmware-2026-03-16 release contains an unauthenticated os command injection vulnerability in the WiFi captive portal CGI script that allows remote attackers to ex
Improper input validation for some Intel(R) Wireless Bluetooth(R) products for Windows before version 23.40 may allow an unauthenticated user to potentially enable denial of service via adjacent acces
Unchecked return value in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
An Insecure Direct Object Reference (IDOR) vulnerability in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 allows unauthorized attackers to access the Admi
A vulnerability has been identified in Genexis Platinum P4410 router (Firmware P4410-V2–1.41) that allows a local network attacker to achieve Remote Code Execution (RCE) with root privileges. The issu
CVE-2025-34089
CRITICAL CVSS 9.3
Find Similar
An unauthenticated remote code execution vulnerability exists in Remote for Mac, a macOS remote control utility developed by Aexol Studio, in versions up to and including 2025.7. When the application
CVE-2026-2417
CRITICAL CVSS 9.3
Find Similar
A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and exec
An issue in almaodo GmbH appinventor.ai_google.almando_control 2.3.1 allows a remote attacker to obtain sensitive information via the firmware update process
A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. This impacts an unknown function of the component Trial Restriction Handler. This manipulation causes improper access controls. It i
Page 1+ Next →