ByteMe1001

5 exploits Active since Aug 2020
CVE-2020-13151 NOMISEC CRITICAL WORKING POC
Aerospike Database UDF Lua Code Execution
Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs), written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute() calls, but this is insufficient. Anyone with network access can use a crafted UDF to execute arbitrary OS commands on all nodes of the cluster at the permission level of the user running the Aerospike service.
CVSS 9.8
CVE-2026-1743 WRITEUP LOW WORKING POC
DJI Mavic Mini, Air, Spark and Mini SE <01.00.0500 - Auth Bypass
A vulnerability has been found in DJI Mavic Mini, Air, Spark and Mini SE up to 01.00.0500. Affected by this vulnerability is an unknown functionality of the component Enhanced Wi-Fi Pairing. The manipulation leads to authentication bypass by capture-replay. The attack must be carried out from within the local network. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 3.1
CVE-2026-26673 WRITEUP HIGH WORKING POC
DJI Mavic Mini/Spark/Air <0.1.00.0500 - DoS
An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.00.0500 and below allows a remote attacker to cause a denial of service via the DJI Enhanced-WiFi transmission subsystem
CVSS 7.5
CVE-2025-10250 WRITEUP MEDIUM WRITEUP
DJI Mavic Spark, Mavic Air and Mavic Mini <01.00.0500 - Info Disclo...
A weakness has been identified in DJI Mavic Spark, Mavic Air and Mavic Mini 01.00.0500. Affected is an unknown function of the component Telemetry Channel. Executing manipulation can lead to use of hard-coded cryptographic key . The attacker needs to be present on the local network. A high complexity level is associated with this attack. The exploitability is told to be difficult. The exploit has been made available to the public and could be exploited. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 5.0
CVE-2026-1743 WRITEUP LOW WORKING POC
DJI Mavic Mini, Air, Spark and Mini SE <01.00.0500 - Auth Bypass
A vulnerability has been found in DJI Mavic Mini, Air, Spark and Mini SE up to 01.00.0500. Affected by this vulnerability is an unknown functionality of the component Enhanced Wi-Fi Pairing. The manipulation leads to authentication bypass by capture-replay. The attack must be carried out from within the local network. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 3.1