Sudistark

3 exploits Active since Dec 2021
CVE-2021-43908 NOMISEC MEDIUM WORKING POC
Visual Studio Code - SSRF
Visual Studio Code Spoofing Vulnerability
9 stars
CVSS 4.3
CVE-2023-22527 NOMISEC CRITICAL NO CODE
Atlassian Confluence SSTI Injection
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.
3 stars
CVSS 9.8
CVE-2024-34350 NOMISEC HIGH
Next.js <13.5.1 - Use After Free
Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses. This led to a response queue poisoning vulnerability in the affected Next.js versions. For a request to be exploitable, the affected route also had to be making use of the [rewrites](https://nextjs.org/docs/app/api-reference/next-config-js/rewrites) feature in Next.js. The vulnerability is resolved in Next.js `13.5.1` and newer.
CVSS 7.5