ExploreUnknowed

3 exploits Active since Jan 2026
CVE-2025-67303 NOMISEC HIGH STUB
ComfyUI-Manager <3.38 - Info Disclosure
An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface
CVSS 7.5
CVE-2025-68472 NOMISEC HIGH WORKING POC
Mindsdb < 25.11.1 - Path Traversal
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. The PUT handler in file.py directly joins user-controlled data into a filesystem path when the request body is JSON and source_type is not "url". Only multipart uploads and URL-sourced uploads receive sanitization; JSON uploads lack any call to clear_filename or equivalent checks. This vulnerability is fixed in 25.11.1.
CVSS 8.1
CVE-2026-24306 NOMISEC CRITICAL WORKING POC
Azure Front Door - Privilege Escalation
Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network.
CVSS 9.8