Chandler Rose

5 exploits Active since Apr 2025
CVE-2025-27580 NOMISEC HIGH WORKING POC
NIH BRICS <14.0.0-67 - Privilege Escalation
NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 generates predictable tokens (that depend on username, time, and the fixed 7Dl9#dj- string) and thus allows unauthenticated users with a Common Access Card (CAC) to escalate privileges and compromise any account, including administrators.
CVSS 7.5
CVE-2025-27580 WRITEUP HIGH WRITEUP
NIH BRICS <14.0.0-67 - Privilege Escalation
NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 generates predictable tokens (that depend on username, time, and the fixed 7Dl9#dj- string) and thus allows unauthenticated users with a Common Access Card (CAC) to escalate privileges and compromise any account, including administrators.
CVSS 7.5
CVE-2025-27581 WRITEUP MEDIUM WRITEUP
NIH BRICS <14.0.0-67 - Info Disclosure
NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 allows users who lack the InET role to access the InET module via direct requests to known endpoints.
CVSS 4.3
CVE-2025-52337 WRITEUP MEDIUM WRITEUP
LogicData eCommerce Framework <5.0.9.7000 - Authenticated RCE
An authenticated arbitrary file upload vulnerability in the Content Explorer feature of LogicData eCommerce Framework v5.0.9.7000 allows attackers to execute arbitrary code via uploading a crafted file.
CVSS 6.5
CVE-2025-52338 WRITEUP MEDIUM WRITEUP
LogicData eCommerce Framework <5.0.9.7000 - Auth Bypass
An issue in the default configuration of the password reset function in LogicData eCommerce Framework v5.0.9.7000 allows attackers to bypass authentication and compromise user accounts via a bruteforce attack.
CVSS 5.3