AN5I

3 exploits Active since Nov 2025
CVE-2025-63888 NOMISEC CRITICAL WORKING POC
ThinkPHP 5.0.24 - Remote Code Execution via Template File Inclusion
The read function in file thinkphp\library\think\template\driver\File.php in ThinkPHP 5.0.24 contains a remote code execution vulnerability.
8 stars
CVSS 9.8
CVE-2025-64446 NOMISEC CRITICAL WORKING POC
Fortinet FortiWeb unauthenticated RCE
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
1 stars
CVSS 9.8
CVE-2025-12735 NOMISEC CRITICAL WORKING POC
expr-eval - Crafted Context Object Code Execution
The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluate() function and trigger arbitrary code execution.
CVSS 9.8