D1se0

4 exploits Active since Jan 2024
CVE-2024-21413 NOMISEC CRITICAL WORKING POC
Microsoft 365 Apps and Office 2016-2019 - Remote Code Execution via Moniker Link
Microsoft Outlook Remote Code Execution Vulnerability
4 stars
CVSS 9.8
CVE-2024-10924 NOMISEC CRITICAL WORKING POC
WordPress Really Simple SSL Plugin Authentication Bypass to RCE
The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default).
3 stars
CVSS 9.8
CVE-2024-23897 NOMISEC CRITICAL SUSPICIOUS
Jenkins cli Ampersand Replacement Arbitrary File Read
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
3 stars
CVSS 9.8
CVE-2024-51428 NOMISEC HIGH WORKING POC
Espressif ESP-IDF 5.3.0 - Denial of Service via Crafted Data Channel Packet
An issue in Espressif Esp idf v5.3.0 allows attackers to cause a Denial of Service (DoS) via a crafted data channel packet.
1 stars
CVSS 7.5