Alex Hernandez (alt3kx) - Security Researcher - Exploit Intelligence Platform

CVE-2022-22965 NOMISEC CRITICAL SCANNER

Spring Framework - Remote Code Execution via Data Binding

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

101 stars

CVSS 9.8

View Code

CVE-2021-21972 NOMISEC CRITICAL SCANNER

VMware vCenter Server and Cloud Foundation - Remote Code Execution via vSphere Client Plugin

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).

28 stars

CVSS 9.8

View Code

CVE-2026-23918 NOMISEC HIGH WORKING POC

Apache HTTP Server: http2: double free and possible RCE on early reset

Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

CVSS 8.8

View Code

CVE-2021-21972 GITLAB CRITICAL SCANNER

VMware vCenter Server and Cloud Foundation - Remote Code Execution via vSphere Client Plugin

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).

CVSS 9.8

View Code

EIP-2026-117979 EXPLOITDB c WORKING POC

Symantec Altiris Client Service 6.8.378 - Local Privilege Escalation

View Code