Stuub

12 exploits Active since Mar 2024
CVE-2024-32640 NOMISEC CRITICAL WORKING POC
MASA CMS <7.4.5-7.2.7 - SQL Injection
MASA CMS is an Enterprise Content Management platform based on open source technology. Versions prior to 7.4.5, 7.3.12, and 7.2.7 contain a SQL injection vulnerability in the `processAsyncObject` method that can result in remote code execution. Versions 7.4.5, 7.3.12, and 7.2.7 contain a fix for the issue.
77 stars
CVSS 9.8
CVE-2024-4040 NOMISEC CRITICAL WORKING POC
CrushFTP < 10.7.1 - Unauthenticated Server-Side Template Injection
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
60 stars
CVSS 9.8
CVE-2024-27199 GITHUB HIGH python WORKING POC
TeamCity < 2023.11.4 - Authentication Bypass
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
34 stars
CVSS 7.3
CVE-2024-28955 GITHUB MEDIUM python WORKING POC
Sharp and Toshiba Tec MFPs - Unprotected Sensitive Data Exposure via World-Readable Coredump Files
Affected devices create coredump files when crashed, storing them with world-readable permission. Any local user of the device can examine the coredump files, and research the memory contents. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
34 stars
CVSS 5.9
CVE-2024-28995 NOMISEC HIGH WORKING POC
SolarWinds Serv-U - Directory Traversal
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.
34 stars
CVSS 8.6
CVE-2024-27198 NOMISEC CRITICAL WORKING POC
TeamCity < 2023.11.4 - Authentication Bypass
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
34 stars
CVSS 9.8
CVE-2024-29895 NOMISEC CRITICAL WORKING POC
Cacti 1.3.x DEV - Command Injection
Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when `register_argc_argv` option of PHP is `On`. In `cmd_realtime.php` line 119, the `$poller_id` used as part of the command execution is sourced from `$_SERVER['argv']`, which can be controlled by URL when `register_argc_argv` option of PHP is `On`. And this option is `On` by default in many environments such as the main PHP Docker image for PHP. Commit 53e8014d1f082034e0646edc6286cde3800c683d contains a patch for the issue, but this commit was reverted in commit 99633903cad0de5ace636249de16f77e57a3c8fc.
23 stars
CVSS 10.0
CVE-2024-31848 NOMISEC CRITICAL WORKING POC
CData API Server < 23.4.8844 - Path Traversal
A path traversal vulnerability exists in the Java version of CData API Server < 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.
18 stars
CVSS 9.8
CVE-2026-5760 NOMISEC CRITICAL WORKING POC
SGLang - Remote Code Execution via Malicious Tokenizer Chat Template
SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment().
6 stars
CVSS 9.8
CVE-2025-3969 NOMISEC MEDIUM WORKING POC
Codeprojects News Publishing Site Dashboard 1.0 - Unrestricted Upload
A vulnerability was found in codeprojects News Publishing Site Dashboard 1.0. It has been rated as critical. This issue affects some unknown processing of the file /edit-category.php of the component Edit Category Page. The manipulation of the argument category_image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2 stars
CVSS 6.3
CVE-2026-7299 GITHUB MEDIUM python WORKING POC
Appsmith < 2.1 - XSS
Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other workspace members when they interact with the same datasource.
CVSS 6.3
CVE-2024-27199 WRITEUP HIGH WORKING POC
TeamCity < 2023.11.4 - Authentication Bypass
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
CVSS 7.3