AdityaBhatt3010

16 exploits Active since Mar 2017
CVE-2025-49706 NOMISEC MEDIUM WRITEUP
Microsoft Sharepoint Enterprise Server - Authentication Bypass
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
15 stars
CVSS 6.5
CVE-2025-54794 NOMISEC CRITICAL WRITEUP
Anthropic Claude Code < 0.2.111 - Path Traversal
Claude Code is an agentic coding tool. In versions below 0.2.111, a path validation flaw using prefix matching instead of canonical path comparison, makes it possible to bypass directory restrictions and access files outside the CWD. Successful exploitation depends on the presence of (or ability to create) a directory with the same prefix as the CWD and the ability to add untrusted content into a Claude Code context window. This is fixed in version 0.2.111.
12 stars
CVSS 9.1
CVE-2023-30258 NOMISEC CRITICAL WRITEUP
Magnussolution Magnusbilling < 7.3.0 - Command Injection
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.
12 stars
CVSS 9.8
CVE-2017-0144 NOMISEC HIGH WRITEUP
Microsoft Server Message Block < 4.0e - Remote Code Execution
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
11 stars
CVSS 8.8
CVE-2025-49706 GITHUB MEDIUM WRITEUP
Microsoft Sharepoint Enterprise Server - Authentication Bypass
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
9 stars
CVSS 6.5
CVE-2025-10585 NOMISEC CRITICAL WRITEUP
Google Chrome < 140.0.7339.185 - Type Confusion
Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
9 stars
CVSS 9.8
CVE-2025-61882 GITHUB CRITICAL python WRITEUP
Oracle E-Business Suite CVE-2025-61882 RCE
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
8 stars
CVSS 9.8
CVE-2025-8088 NOMISEC HIGH WRITEUP
Rarlab Winrar < 7.13 - Path Traversal
A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.
8 stars
CVSS 8.8
CVE-2025-53770 NOMISEC CRITICAL WRITEUP
Microsoft SharePoint Server - Code Injection
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.
8 stars
CVSS 9.8
CVE-2025-32463 NOMISEC CRITICAL WRITEUP
Sudo <1.9.17p1 - Privilege Escalation
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
8 stars
CVSS 9.3
CVE-2025-54253 GITHUB CRITICAL WRITEUP
Adobe Experience Manager Forms < 6.5.23.0 - Incorrect Authorization
Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.
7 stars
CVSS 10.0
CVE-2025-59287 GITHUB CRITICAL sql WRITEUP
Microsoft Windows Server 2012 - Insecure Deserialization
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
7 stars
CVSS 9.8
CVE-2025-55182 NOMISEC CRITICAL WORKING POC
React Server Components <19.2.0 - RCE
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
5 stars
CVSS 10.0
CVE-2025-55182 NOMISEC CRITICAL WORKING POC
React Server Components <19.2.0 - RCE
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
3 stars
CVSS 10.0
CVE-2026-23842 NOMISEC HIGH WORKING POC
ChatterBot <1.2.10 - DoS
ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the get_response() method can exhaust the underlying SQLAlchemy connection pool, resulting in persistent service unavailability and requiring a manual restart to recover. Version 1.2.11 fixes the issue.
1 stars
CVSS 7.5
CVE-2026-27579 NOMISEC HIGH WORKING POC
CollabPlatform - Info Disclosure
CollabPlatform is a full-stack, real-time doc collaboration platform. In all versions of CollabPlatform, the Appwrite project used by the application is misconfigured to allow arbitrary origins in CORS responses while also permitting credentialed requests. An attacker-controlled domain can issue authenticated cross-origin requests and read sensitive user account information, including email address, account identifiers, and MFA status. The issue did not have a fix at the time of publication.
1 stars
CVSS 7.4