PegasusMetaSec

4 exploits Active since Jul 2025
CVE-2026-2754 NOMISEC HIGH STUB
Navtor NavBox 4.12.0.3 and 4.16.2.4 - Unauthenticated Sensitive Data Exposure via HTTP API Endpoints
Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute HTTP GET requests to TCP port 8080 to retrieve internal network parameters including ECDIS & OT Information, device identifiers, and service status logs.
1 stars
CVSS 7.5
CVE-2026-2754 NOMISEC HIGH STUB
Navtor NavBox 4.12.0.3 and 4.16.2.4 - Unauthenticated Sensitive Data Exposure via HTTP API Endpoints
Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute HTTP GET requests to TCP port 8080 to retrieve internal network parameters including ECDIS & OT Information, device identifiers, and service status logs.
1 stars
CVSS 7.5
CVE-2026-4484 NOMISEC HIGH STUB
Masteriyo LMS <= 2.1.6 - Missing Authorization to Authenticated (Student+) Privilege Escalation to Administrator
The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the 'InstructorsController::prepare_object_for_database' function. This makes it possible for authenticated attackers, with Student-level access and above, to elevate their privileges to that of an administrator.
1 stars
CVSS 8.8
CVE-2025-23970 NOMISEC CRITICAL WORKING POC
aonetheme Service Finder Booking <6.0 - Privilege Escalation
Incorrect Privilege Assignment vulnerability in aonetheme Service Finder Booking sf-booking allows Privilege Escalation.This issue affects Service Finder Booking: from n/a through <= 6.1.
1 stars
CVSS 9.8