J0ey17

4 exploits Active since Apr 2022
CVE-2022-22963 NOMISEC CRITICAL WORKING POC
Spring Cloud Function < 3.1.6 - Remote Code Execution via SpEL Routing Expression
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
24 stars
CVSS 9.8
CVE-2025-46047 NOMISEC MEDIUM WORKING POC
Silverpeas 6.4.1-6.4.2 - User Enumeration via ForgotPassword Login Parameter
A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter.
2 stars
CVSS 6.5
CVE-2023-27163 NOMISEC MEDIUM WORKING POC
request-baskets < 1.2.1 - Server-Side Request Forgery via /api/baskets/{name} Endpoint
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
1 stars
CVSS 6.5
CVE-2022-44268 NOMISEC MEDIUM WORKING POC
ImageMagick 7.1.0-49 - Info Disclosure
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).
CVSS 6.5