B1tBreaker

3 exploits Active since May 2025
CVE-2025-48708 NOMISEC MEDIUM WRITEUP
Artifex Ghostscript <10.05.1 - Info Disclosure
gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.
5 stars
CVSS 4.0
CVE-2025-56795 NOMISEC CRITICAL WRITEUP
mealie < 3.0.1 - Stored Cross-Site Scripting via Recipe Note and Text Fields
Mealie 3.0.1 and earlier is vulnerable to Stored Cross-Site Scripting (XSS) in the recipe creation functionality. Unsanitized user input in the "note" and "text" fields of the "/api/recipes/{recipe_name}" endpoint is rendered in the frontend without proper escaping leading to persistent XSS.
1 stars
CVSS 9.0
CVE-2026-30332 NOMISEC HIGH WORKING POC
Balena Etcher for Windows <2.1.4 - Privilege Escalation
A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability in Balena Etcher for Windows prior to v2.1.4 allows attackers to escalate privileges and execute arbitrary code via replacing a legitimate script with a crafted payload during the flashing process.
CVSS 7.5