Kov404

4 exploits Active since Nov 2024
CVE-2025-52385 NOMISEC CRITICAL WRITEUP
Studio 3T <2025.1.0 - RCE
An issue in Studio 3T v.2025.1.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the child_process module
CVSS 9.8
CVE-2025-56514 NOMISEC MEDIUM WRITEUP
Suisuijiang Fiora - XSS
Cross Site Scripting (XSS) vulnerability in Fiora chat application 1.0.0 allows executes arbitrary JavaScript when malicious SVG files are rendered by other users.
CVSS 5.4
CVE-2025-56515 NOMISEC HIGH WRITEUP
Suisuijiang Fiora - XSS
File upload vulnerability in Fiora chat application 1.0.0 through user avatar upload functionality. The application fails to validate SVG file content, allowing malicious SVG files with embedded foreignObject elements containing iframe tags and JavaScript event handlers (onmouseover) to be uploaded and stored. When rendered, these SVG files execute arbitrary JavaScript, enabling attackers to steal user sessions, cookies, and perform unauthorized actions in the context of users viewing affected profiles.
CVSS 8.8
CVE-2024-51358 NOMISEC CRITICAL WRITEUP
Linux Server Heimdall <2.6.1 - RCE
An issue in Linux Server Heimdall v.2.6.1 allows a remote attacker to execute arbitrary code via a crafted script to the Add new application.
CVSS 9.8