Niko

5 exploits Active since Mar 2018
CVE-2021-44852 NOMISEC HIGH WORKING POC
Biostar RACING GT Evo <2.1.1905.1700 - Code Injection
An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1.1905.1700. A low-integrity process can open the driver's device object and issue IOCTLs to read or write to arbitrary physical memory locations (or call an arbitrary address), leading to execution of arbitrary code. This is associated with 0x226040, 0x226044, and 0x226000.
1 stars
CVSS 7.8
CVE-2025-27154 WRITEUP CRITICAL WRITEUP
spotipy < 2.25.1 - Incorrect Default Permissions in Cache File
Spotipy is a lightweight Python library for the Spotify Web API. The `CacheHandler` class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has `rw-r--r--` (644) permissions by default, when it could be locked down to `rw-------` (600) permissions. This leads to overly broad exposure of the spotify auth token. If this token can be read by an attacker (another user on the machine, or a process running as another user), it can be used to perform administrative actions on the Spotify account, depending on the scope granted to the token. Version 2.25.1 tightens the cache file permissions.
CVSS 9.8
CVE-2025-66040 WRITEUP LOW WRITEUP
Spotipy < 2.25.2 - Cross-Site Scripting via OAuth Error Parameter
Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting (XSS) vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's browser during OAuth authentication. This issue has been patched in version 2.25.2.
CVSS 3.6
EIP-2026-115236 EXPLOITDB perl WORKING POC
Fast Image Resizer 098 - Local Crash (PoC)
CVE-2018-1000115 EXPLOITDB HIGH c WORKING POC
memcached 1.5.5 - Denial of Service via UDP Traffic Amplification
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default.
CVSS 7.5