EQST (Experts, Qualified Security Team)

11 exploits Active since Jun 2024
CVE-2024-5932 NOMISEC CRITICAL WORKING POC
GiveWP <= 3.14.1 - Unauthenticated PHP Object Injection via give_title
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute code remotely, and to delete arbitrary files.
76 stars
CVSS 10.0
CVE-2024-46538 NOMISEC MEDIUM WORKING POC
pfSense 2.5.2 - Stored Cross-Site Scripting via $pconfig Variable in interfaces_groups_edit.php
A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php.
50 stars
CVSS 4.8
CVE-2025-1302 NOMISEC CRITICAL WORKING POC
jsonpath-plus < 10.3.0 - Remote Code Execution via Unsafe Eval Mode
Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. **Note:** This is caused by an incomplete fix for [CVE-2024-21534](https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884).
19 stars
CVSS 9.8
CVE-2024-53677 NOMISEC CRITICAL WORKING POC
Apache Struts 2.0.0-6.3.9 - Path Traversal and Remote Code Execution via File Upload
File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue affects Apache Struts: from 2.0.0 before 6.4.0. Users are recommended to upgrade to version 6.4.0 at least and migrate to the new file upload mechanism https://struts.apache.org/core-developers/file-upload . If you are not using an old file upload logic based on FileuploadInterceptor your application is safe. You can find more details in  https://cwiki.apache.org/confluence/display/WW/S2-067
15 stars
CVSS 9.8
CVE-2024-8353 NOMISEC CRITICAL WORKING POC
GiveWP Unauthenticated Donation Process Exploit
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'give_title' and 'card_address'. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files and achieve remote code execution. This is essentially the same vulnerability as CVE-2024-5932, however, it was discovered the the presence of stripslashes_deep on user_info allows the is_serialized check to be bypassed. This issue was mostly patched in 3.16.1, but further hardening was added in 3.16.2.
12 stars
CVSS 9.8
CVE-2024-47066 NOMISEC CRITICAL WORKING POC
lobehub/lobe_chat < 1.19.13 - Server-Side Request Forgery via Redirect Bypass
Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.19.13, server-side request forgery protection implemented in `src/app/api/proxy/route.ts` does not consider redirect and could be bypassed when attacker provides an external malicious URL which redirects to internal resources like a private network or loopback address. Version 1.19.13 contains an improved fix for the issue.
3 stars
CVSS 9.0
CVE-2024-34102 NOMISEC CRITICAL WORKING POC
Adobe Commerce and Magento - XML External Entity Injection to Code Execution
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
3 stars
CVSS 9.8
CVE-2024-7856 NOMISEC HIGH WORKING POC
MP3 Audio Player by Sonaar <= 5.7.0.1 - Arbitrary File Deletion via removeTempFiles
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to unauthorized arbitrary file deletion due to a missing capability check on the removeTempFiles() function and insufficient path validation on the 'file' parameter in all versions up to, and including, 5.7.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary files which can make remote code execution possible when wp-config.php is deleted.
1 stars
CVSS 8.1
CVE-2025-3248 NOMISEC CRITICAL WORKING POC
Langflow AI - Unauthenticated Remote Code Execution
Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.
CVSS 9.8
CVE-2025-3248 NOMISEC CRITICAL WORKING POC
Langflow AI - Unauthenticated Remote Code Execution
Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.
CVSS 9.8
CVE-2024-5932 NOMISEC CRITICAL WORKING POC
GiveWP <= 3.14.1 - Unauthenticated PHP Object Injection via give_title
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute code remotely, and to delete arbitrary files.
CVSS 10.0