NULL200OK

7 exploits Active since Sep 2025
CVE-2026-27944 NOMISEC CRITICAL WORKING POC
nginxui/nginx_ui < 2.3.3 - Unauthenticated Sensitive Data Exposure via Backup Endpoint
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to download a full system backup containing sensitive data (user credentials, session tokens, SSL private keys, Nginx configurations) and decrypt it immediately. This issue has been patched in version 2.3.3.
3 stars
CVSS 9.8
CVE-2025-41244 NOMISEC HIGH WORKING POC
VMware Aria Operations and VMware Tools - Local Privilege Escalation via SDMP
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
2 stars
CVSS 7.8
CVE-2026-41940 GITHUB CRITICAL python WORKING POC
cPanel and WHM Authentication Bypass via Login Flow
cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
1 stars
CVSS 9.8
CVE-2026-34621 NOMISEC HIGH WORKING POC
Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)
Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
1 stars
CVSS 8.6
CVE-2026-22730 NOMISEC HIGH WORKING POC
CVE-2026-22730: SQL Injection in Spring AI MariaDBFilterExpressionConverter
A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands. The vulnerability exists due to missing input sanitization.
1 stars
CVSS 8.8
CVE-2026-3228 NOMISEC MEDIUM WORKING POC
NextScripts Social Networks Auto-Poster <4.4.6 - XSS
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `[nxs_fbembed]` shortcode in all versions up to, and including, 4.4.6. This is due to insufficient input sanitization and output escaping on the `snapFB` post meta value. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
1 stars
CVSS 6.4
CVE-2026-27944 NOMISEC CRITICAL SCANNER
nginxui/nginx_ui < 2.3.3 - Unauthenticated Sensitive Data Exposure via Backup Endpoint
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to download a full system backup containing sensitive data (user credentials, session tokens, SSL private keys, Nginx configurations) and decrypt it immediately. This issue has been patched in version 2.3.3.
CVSS 9.8