Riccardo Degli Esposti (partywave)

4 exploits Active since Aug 2024
CVE-2024-42845 NOMISEC HIGH WORKING POC
InVesalius <3.1.99998 - Code Injection
An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file.
2 stars
CVSS 8.0
CVE-2024-55557 NOMISEC CRITICAL WORKING POC
Weasis 4.5.1 - Use of Hard-coded Credentials in ProxyPrefView
ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encryption of proxy credentials.
1 stars
CVSS 9.8
CVE-2024-54819 WRITEUP CRITICAL WORKING POC
I, Librarian <= 5.11.1 - Server-Side Request Forgery via Improper Input Validation
I, Librarian before and including 5.11.1 is vulnerable to Server-Side Request Forgery (SSRF) due to improper input validation in classes/security/validation.php
CVSS 9.1
EIP-2026-114681 EXPLOITDB python WORKING POC
Invesalius3 - Remote Code Execution