Piotr

6 exploits Active since Jun 2021
CVE-2025-4427 NOMISEC MEDIUM SCANNER
Ivanti Endpoint Manager Mobile < 11.12.0.5 - Authentication Bypass
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
11 stars
CVSS 5.3
CVE-2025-57819 NOMISEC CRITICAL WORKING POC
Sangoma Freepbx < 15.0.66 - SQL Injection
FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.
9 stars
CVSS 9.8
CVE-2021-33624 NOMISEC MEDIUM WORKING POC
Linux kernel <5.12.13 - Memory Corruption
In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db.
3 stars
CVSS 4.7
CVE-2026-2699 NOMISEC CRITICAL SCANNER
EAR vulnerability in Progress ShareFile Storage Zones Controller (SZC)
Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.
CVSS 9.8
CVE-2025-4428 VULNCHECK_XDB HIGH SCANNER
Ivanti EPMM Authentication Bypass for Expression Language Remote Code Execution
Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.
CVSS 7.2
CVE-2021-33624 INTHEWILD MEDIUM WORKING POC
Linux kernel <5.12.13 - Memory Corruption
In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db.
CVSS 4.7