Kov404

4 exploits Active since Nov 2024
CVE-2025-52385 NOMISEC CRITICAL WRITEUP
Studio 3T < 2025.1.0 - Remote Code Execution via Child Process Payload
An issue in Studio 3T v.2025.1.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the child_process module
CVSS 9.8
CVE-2025-56514 NOMISEC MEDIUM WRITEUP
Fiora 1.0.0 - Stored Cross-Site Scripting via Malicious SVG File Rendering
Cross Site Scripting (XSS) vulnerability in Fiora chat application 1.0.0 allows executes arbitrary JavaScript when malicious SVG files are rendered by other users.
CVSS 5.4
CVE-2025-56515 NOMISEC HIGH WRITEUP
Fiora 1.0.0 - Stored Cross-Site Scripting via Malicious SVG Avatar Upload
File upload vulnerability in Fiora chat application 1.0.0 through user avatar upload functionality. The application fails to validate SVG file content, allowing malicious SVG files with embedded foreignObject elements containing iframe tags and JavaScript event handlers (onmouseover) to be uploaded and stored. When rendered, these SVG files execute arbitrary JavaScript, enabling attackers to steal user sessions, cookies, and perform unauthorized actions in the context of users viewing affected profiles.
CVSS 8.8
CVE-2024-51358 NOMISEC CRITICAL WRITEUP
Heimdall 2.6.1 - Remote Code Execution via Add New Application
An issue in Linux Server Heimdall v.2.6.1 allows a remote attacker to execute arbitrary code via a crafted script to the Add new application.
CVSS 9.8