Seth Kraft

9 exploits Active since Apr 2025
CVE-2025-53392 NOMISEC MEDIUM WRITEUP
pfSense 2.8.0 - Authenticated Absolute Path Traversal via diag_command.php dlPath Parameter
In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Supplier's perspective is that this is intended behavior for this privilege level, and that system administrators are informed through both the product documentation and UI.
14 stars
CVSS 5.0
CVE-2025-44823 NOMISEC CRITICAL WORKING POC
Nagios Log Server <2024R1.3.2 - Info Disclosure
Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/get_users call. This is GL:NLS#475.
CVSS 9.9
CVE-2025-29471 NOMISEC HIGH WORKING POC
Nagios Log Server 2024R1.3.1 - Cross-Site Scripting via Email Field
Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field.
CVSS 8.3
CVE-2026-9136 WRITEUP MEDIUM WRITEUP
Unauthorized ShadowAttribute modification in MISP via client-supplied identifier
A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the record. Because the underlying framework treats a supplied primary key as an instruction to update an existing record, an authenticated user able to submit shadow attribute proposals could provide the identifier of an existing ShadowAttribute and cause that record to be updated instead of creating a new proposal. This can result in unauthorized modification of existing shadow attributes, potentially affecting proposals associated with events the user should not be able to alter. Depending on deployment configuration and accessible API responses, the issue may also expose or move proposal data across event contexts. The vulnerability is caused by trusting a client-supplied primary key during object creation. The fix removes the id field from incoming ShadowAttribute data before processing, ensuring that the endpoint always creates a new proposal rather than updating an existing one. This has been fixed in MISP 2.5.38.
CVSS 6.5
CVE-2026-9137 WRITEUP HIGH WRITEUP
CSP Report Endpoint Log Flooding via Incorrect Size Limit
The CSP report endpoint in MISP intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients, this could allow attackers to generate excessive log volume and contribute to resource exhaustion or log flooding.
CVSS 7.5
CVE-2025-44824 WRITEUP HIGH WRITEUP
Nagios Log Server < 2024R1.3.2 - Authenticated Denial of Service via Elasticsearch Stop API
Nagios Log Server before 2024R1.3.2 allows authenticated users (with read-only API access) to stop the Elasticsearch service via a /nagioslogserver/index.php/api/system/stop?subsystem=elasticsearch call. The service stops even though "message": "Could not stop elasticsearch" is in the API response. This is GL:NLS#474.
CVSS 8.5
CVE-2025-53392 WRITEUP MEDIUM WRITEUP
pfSense 2.8.0 - Authenticated Absolute Path Traversal via diag_command.php dlPath Parameter
In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Supplier's perspective is that this is intended behavior for this privilege level, and that system administrators are informed through both the product documentation and UI.
CVSS 5.0
CVE-2025-44823 EXPLOITDB CRITICAL WORKING POC
Nagios Log Server <2024R1.3.2 - Info Disclosure
Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/get_users call. This is GL:NLS#475.
CVSS 9.9
CVE-2025-29471 EXPLOITDB HIGH WORKING POC
Nagios Log Server 2024R1.3.1 - Cross-Site Scripting via Email Field
Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field.
CVSS 8.3