Security Research Team

9 exploits Active since Jun 2001
CVE-2025-63888 NOMISEC CRITICAL WORKING POC
ThinkPHP 5.0.24 - Remote Code Execution via Template File Inclusion
The read function in file thinkphp\library\think\template\driver\File.php in ThinkPHP 5.0.24 contains a remote code execution vulnerability.
8 stars
CVSS 9.8
CVE-2025-52488 NOMISEC HIGH WORKING POC
Dnnsoftware Dotnetnuke < 10.0.1 - Information Disclosure
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted series of malicious interaction to potentially expose NTLM hashes to a third party SMB server. This issue has been patched in version 10.0.1.
2 stars
CVSS 8.6
CVE-2026-29000 GITHUB CRITICAL python WORKING POC
pac4j-jwt <4.5.9/5.7.9/6.3.3 - Auth Bypass
pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT with arbitrary subject and role claims, bypassing signature verification to authenticate as any user including administrators.
CVSS 9.1
CVE-2025-49844 NOMISEC CRITICAL WORKING POC
Redis < 6.2.20, 8.2.1-8.2.2 - Authenticated Use-After-Free via Lua Script Garbage Collector Manipulation
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.
CVSS 9.9
CVE-2025-12735 NOMISEC CRITICAL WORKING POC
expr-eval - Crafted Context Object Code Execution
The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluate() function and trigger arbitrary code execution.
CVSS 9.8
CVE-2025-12735 NOMISEC CRITICAL WORKING POC
expr-eval - Crafted Context Object Code Execution
The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluate() function and trigger arbitrary code execution.
CVSS 9.8
CVE-2010-1240 NOMISEC WORKING POC
Adobe PDF Embedded EXE Social Engineering
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message.
CVE-2025-60983 WRITEUP MEDIUM WRITEUP
Rubikon Banking Solution 4.0.3 - XSS
Reflected Cross Site Scripting vulnerability in Rubikon Banking Solution 4.0.3 in the "Search For Customers Information" endpoints.
CVSS 5.4
CVE-2001-0250 EXPLOITDB text WORKING POC
Netscape Enterprise Server <4.x - Path Traversal
The Web Publishing feature in Netscape Enterprise Server 4.x and earlier allows remote attackers to list arbitrary directories under the web server root via the INDEX command.