Network-Sec

4 exploits Active since Feb 2025
CVE-2025-21420 NOMISEC HIGH WORKING POC
Windows Disk Cleanup Tool - Elevation of Privilege via Improper Link Resolution
Windows Disk Cleanup Tool Elevation of Privilege Vulnerability
98 stars
CVSS 7.8
CVE-2025-62507 NOMISEC HIGH WORKING POC
Redis 8.2.0-8.2.2 - Stack-based Buffer Overflow via XACKDEL Command
Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution. This issue is fixed in version 8.2.3. To workaround this issue without patching the redis-server executable is to prevent users from executing XACKDEL operation. This can be done using ACL to restrict XACKDEL command.
2 stars
CVSS 8.8
CVE-2025-49844 NOMISEC CRITICAL WORKING POC
Redis < 6.2.20, 8.2.1-8.2.2 - Authenticated Use-After-Free via Lua Script Garbage Collector Manipulation
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.
CVSS 9.9
CVE-2025-55226 NOMISEC MEDIUM SCANNER
Graphics Kernel - Local Code Execution
Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to execute code locally.
CVSS 6.7