H4K6

3 exploits Active since Feb 2023
CVE-2023-0179 NOMISEC HIGH WORKING POC
Linux Kernel 5.5.0-5.10.164 - Local Privilege Escalation via Netfilter Buffer Overflow
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.
203 stars
CVSS 7.8
CVE-2023-2982 NOMISEC CRITICAL WORKING POC
WordPress Social Login and Register <= 7.6.4 - Authentication Bypass via Insufficient Encryption
The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5.
8 stars
CVSS 9.8
CVE-2023-25136 NOMISEC MEDIUM SCANNER
OpenSSH 9.1 - Unauthenticated Double Free in KEX Algorithms Handling
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."
5 stars
CVSS 6.5