A list of my (old) public advisories. Several of these contain remote preauth -> root exploit bug chains, and all contain full proof of concept exploit details.
Partial Auth bypass, authenticated code execution, Stored XSS in Cisco Web Security Appliance
API authentication bypass, authenticated code execution, Privilege Escalation, unauthenicated XXE and unauthenticated SQLi
Unauthenticated remote code execution, privesc, subshell breakout in Cisco Prime vNAM
Preauth RCE via unserialize, authenticated file upload, preauth SSRF, cryptographic weakness leading to account takeover, stored XSS
Authentication byass, authed file write to shell, privilege escalation.
Authenticated SQLi, authenticated command injection
Preauth file read, post auth command injection, mass assignment, shell file upload , hardcoded admin credentials, subshell breakout.
Authenticated command injection, privilege escalation
Preauth file read, authenticated command injection, privilege escalation
Preauth SQLi, command injection, privilege escalation
Authenticated file upload to shell