Hakai Security

4 exploits Active since Feb 2024
CVE-2025-49113 NOMISEC CRITICAL WORKING POC
Roundcube Webmail < 1.5.10 - Insecure Deserialization
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
90 stars
CVSS 9.9
CVE-2025-1974 NOMISEC CRITICAL WORKING POC
Kubernetes - RCE
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
7 stars
CVSS 9.8
CVE-2024-21338 NOMISEC HIGH WORKING POC
Windows Kernel - Privilege Escalation
Windows Kernel Elevation of Privilege Vulnerability
2 stars
CVSS 7.8
CVE-2025-49113 NOMISEC CRITICAL WORKING POC
Roundcube Webmail < 1.5.10 - Insecure Deserialization
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
CVSS 9.9