Chandler Rose - Security Researcher - Exploit Intelligence Platform

CVE-2025-27580 NOMISEC HIGH WORKING POC

NIH BRICS <14.0.0-67 - Privilege Escalation

NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 generates predictable tokens (that depend on username, time, and the fixed 7Dl9#dj- string) and thus allows unauthenticated users with a Common Access Card (CAC) to escalate privileges and compromise any account, including administrators.

CVSS 7.5

View Code

CVE-2025-52337 WRITEUP MEDIUM WRITEUP

LogicData eCommerce Framework <5.0.9.7000 - Authenticated RCE

An authenticated arbitrary file upload vulnerability in the Content Explorer feature of LogicData eCommerce Framework v5.0.9.7000 allows attackers to execute arbitrary code via uploading a crafted file.

CVSS 6.5

View Code

CVE-2025-52338 WRITEUP MEDIUM WRITEUP

LogicData eCommerce Framework <5.0.9.7000 - Auth Bypass

An issue in the default configuration of the password reset function in LogicData eCommerce Framework v5.0.9.7000 allows attackers to bypass authentication and compromise user accounts via a bruteforce attack.

CVSS 5.3

View Code