Shubham Shah

9 exploits Active since Mar 2016
CVE-2025-55182 NOMISEC CRITICAL SCANNER
React Server Components <19.2.0 - RCE
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
2,397 stars
CVSS 10.0
CVE-2016-1764 NOMISEC MEDIUM WORKING POC
Apple OS X <10.11.4 - Info Disclosure
The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL.
51 stars
CVSS 4.3
CVE-2016-1764 GITHUB MEDIUM python WORKING POC
Apple OS X <10.11.4 - Info Disclosure
The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL.
2 stars
CVSS 4.3
CVE-2024-34351 NOMISEC HIGH WORKING POC
Next.js 13.4.0-14.1.1 - Server-Side Request Forgery via Server Actions Redirect
Next.js is a React framework that can provide building blocks to create web applications. A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions. If the `Host` header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself. The required conditions are 1) Next.js is running in a self-hosted manner; 2) the Next.js application makes use of Server Actions; and 3) the Server Action performs a redirect to a relative path which starts with a `/`. This vulnerability was fixed in Next.js `14.1.1`.
CVSS 7.5
CVE-2025-55182 GITLAB CRITICAL SCANNER
React Server Components <19.2.0 - RCE
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
CVSS 10.0
CVE-2025-66478 GITLAB SCANNER
Rejected
Rejected reason: This CVE is a duplicate of CVE-2025-55182.
CVE-2026-41940 METASPLOIT CRITICAL ruby WORKING POC
cPanel and WHM Authentication Bypass via Login Flow
cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
CVSS 9.8
CVE-2022-26352 METASPLOIT CRITICAL ruby WORKING POC
dotcms 3.0-22.02 - Unauthenticated Path Traversal and Remote Code Execution via ContentResource API
An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous content creation is enabled, this allows an unauthenticated attacker to upload an executable file, such as a .jsp file, that can lead to remote code execution.
CVSS 9.8
CVE-2023-38646 METASPLOIT CRITICAL ruby WORKING POC
Metabase < 0.46.6.1 and < 1.46.6.1 - Unauthenticated Remote Code Execution
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
CVSS 9.8