NicPWNs

6 exploits Active since Mar 2020
CVE-2021-22204 NOMISEC MEDIUM WORKING POC
GitLab Unauthenticated Remote ExifTool Command Injection
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
50 stars
CVSS 6.8
CVE-2022-25765 NOMISEC HIGH WORKING POC
pdfkit < 0.8.7.2 - Command Injection via URL Parameter
The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.
27 stars
CVSS 7.3
CVE-2021-3560 NOMISEC HIGH WORKING POC
polkit < 0.119 - Unauthenticated Privilege Escalation via D-Bus Request
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
11 stars
CVSS 7.8
CVE-2025-29927 NOMISEC CRITICAL WORKING POC
Next.js Middleware Bypass
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
8 stars
CVSS 9.1
CVE-2020-5844 NOMISEC HIGH WORKING POC
Pandora FMS v7.0 NG - Authenticated RCE
index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affects v7.0NG.742_FIX_PERL2020.
7 stars
CVSS 7.2
CVE-2024-43404 WRITEUP CRITICAL WRITEUP
Megabot < 1.5.0 - Remote Code Execution via /math Command Expression Parameter
MEGABOT is a fully customized Discord bot for learning and fun. The `/math` command and functionality of MEGABOT versions < 1.5.0 contains a remote code execution vulnerability due to a Python `eval()`. The vulnerability allows an attacker to inject Python code into the `expression` parameter when using `/math` in any Discord channel. This vulnerability impacts any discord guild utilizing MEGABOT. This vulnerability was fixed in release version 1.5.0.
CVSS 9.8