Chocapikk

106 exploits Active since Apr 2017
CVE-2024-3400 NOMISEC CRITICAL WORKING POC
Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
14 stars
CVSS 10.0
CVE-2023-50917 NOMISEC CRITICAL WORKING POC
MajorDoMo < 2023-11-15 - Remote Code Execution via thumb.php Shell Metacharacters
MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager.
14 stars
CVSS 9.8
CVE-2024-7954 NOMISEC CRITICAL WORKING POC
SPIP porte_plume - Unauthenticated PHP Code Execution
The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.
13 stars
CVSS 9.8
CVE-2024-8672 NOMISEC CRITICAL WRITEUP
Widget Options WordPress Plugin <= 4.0.7 - Authenticated Remote Code Execution
The Widget Options – The #1 WordPress Widget & Block Control Plugin plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.0.7 via the display logic functionality that extends several page builders. This is due to the plugin allowing users to supply input that will be passed through eval() without any filtering or capability checks. This makes it possible for authenticated attackers, with contributor-level access and above, to execute code on the server. Special note: We suggested the vendor implement an allowlist of functions and limit the ability to execute commands to just administrators, however, they did not take our advice. We are considering this patched, however, we believe it could still be further hardened and there may be residual risk with how the issue is currently patched.
13 stars
CVSS 9.9
CVE-2023-46805 NOMISEC HIGH SCANNER
Ivanti Connect Secure Unauthenticated Remote Code Execution
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
12 stars
CVSS 8.2
CVE-2023-30943 NOMISEC MEDIUM SCANNER
Moodle 4.1.0-4.1.2 - Unauthenticated Arbitrary Folder Creation via TinyMCE Loader
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system.
12 stars
CVSS 6.5
CVE-2023-51467 NOMISEC CRITICAL SCANNER
Apache OFBiz XML-RPC Java Deserialization
The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code
11 stars
CVSS 9.8
CVE-2025-32432 NOMISEC CRITICAL SCANNER
CraftCMS - Remote Code Execution
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity attack vector. This issue has been patched in versions 3.9.15, 4.14.15, and 5.6.17, and is an additional fix for CVE-2023-41892.
10 stars
CVSS 10.0
CVE-2024-20767 NOMISEC HIGH WORKING POC
CVE-2024-20767 - Adobe Coldfusion Arbitrary File Read
ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify restricted files. Exploitation of this issue does not require user interaction. Exploitation of this issue requires the admin panel be exposed to the internet.
9 stars
CVSS 7.4
CVE-2023-5360 NOMISEC CRITICAL WORKING POC
WordPress Royal Elementor Addons RCE
The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.
9 stars
CVSS 9.8
CVE-2023-22527 NOMISEC CRITICAL WORKING POC
Atlassian Confluence SSTI Injection
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.
9 stars
CVSS 9.8
CVE-2019-15107 NOMISEC CRITICAL WORKING POC
Webmin <= 1.920 - OS Command Injection via password_change.cgi Old Parameter
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
9 stars
CVSS 9.8
CVE-2024-5084 NOMISEC CRITICAL WORKING POC
Hash Form - Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload via file_upload_action Function
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'file_upload_action' function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
8 stars
CVSS 9.8
CVE-2025-68926 NOMISEC CRITICAL WORKING POC
RustFS <1.0.0-alpha.78 - Auth Bypass
RustFS is a distributed object storage system built in Rust. In versions prior to 1.0.0-alpha.78, RustFS implements gRPC authentication using a hardcoded static token `"rustfs rpc"` that is publicly exposed in the source code repository, hardcoded on both client and server sides, non-configurable with no mechanism for token rotation, and universally valid across all RustFS deployments. Any attacker with network access to the gRPC port can authenticate using this publicly known token and execute privileged operations including data destruction, policy manipulation, and cluster configuration changes. Version 1.0.0-alpha.78 contains a fix for the issue.
7 stars
CVSS 9.8
CVE-2025-5777 NOMISEC HIGH SCANNER
Citrix NetScaler ADC/Gateway 12.1-12.1-55.328, 13.1-13.1-37.235, 13.1-13.1-58.32 - Out-of-bounds Read
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
7 stars
CVSS 7.5
CVE-2024-22899 NOMISEC HIGH WORKING POC
Vinchin Backup & Recovery <7.2 - Authenticated RCE
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function.
7 stars
CVSS 8.8
CVE-2023-28432 NOMISEC HIGH WORKING POC
Minio <RELEASE.2023-03-20T20-16-18Z - Info Disclosure
Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.
7 stars
CVSS 7.5
CVE-2017-9841 NOMISEC CRITICAL WORKING POC
PHPUnit < 4.8.28 and 5.x < 5.6.3 - Remote Code Execution via HTTP POST Data
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
7 stars
CVSS 9.8
CVE-2017-8225 NOMISEC CRITICAL WORKING POC
Wireless IP Camera (P2P) Firmware - Unauthenticated Credential Exposure via Empty Login Parameters
On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked. An attacker can bypass authentication by providing an empty loginuse parameter and an empty loginpas parameter in the URI.
7 stars
CVSS 9.8
CVE-2023-27372 NOMISEC CRITICAL WORKING POC
SPIP < 4.2.1 - Remote Code Execution via Form Value Deserialization
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
6 stars
CVSS 9.8
CVE-2022-40684 NOMISEC CRITICAL WORKING POC
Fortinet Fortiproxy < 7.0.7 - Authentication Bypass
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
6 stars
CVSS 9.8
CVE-2025-67494 NOMISEC CRITICAL WORKING POC
ZITADEL < 4.7.1 - Unauthenticated Server-Side Request Forgery via x-zitadel-forward-host Header
ZITADEL is an open-source identity infrastructure tool. Versions 4.7.0 and below are vulnerable to an unauthenticated, full-read SSRF vulnerability. The ZITADEL Login UI (V2) treats the x-zitadel-forward-host header as a trusted fallback for all deployments, including self-hosted instances. This allows an unauthenticated attacker to force the server to make HTTP requests to arbitrary domains, such as internal addresses, and read the responses, enabling data exfiltration and bypassing network-segmentation controls. This issue is fixed in version 4.7.1.
5 stars
CVSS 9.3
CVE-2026-24061 NOMISEC CRITICAL WORKING POC
GNU Inetutils Telnet Authentication Bypass Exploit CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.
5 stars
CVSS 9.8
CVE-2023-3519 NOMISEC CRITICAL WORKING POC
Citrix NetScaler ADC and Gateway - Unauthenticated Remote Code Execution
Unauthenticated remote code execution
5 stars
CVSS 9.8
CVE-2025-34299 NOMISEC CRITICAL WORKING POC
Monsta FTP < 2.11 - Unauthenticated Arbitrary File Upload
Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious (S)FTP server.
4 stars
CVSS 9.8