Synacktiv

30 exploits Active since Feb 2018
CVE-2023-35001 NOMISEC HIGH WORKING POC
Linux Kernel < 4.14.322 - Out-of-Bounds Write
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace
168 stars
CVSS 7.8
CVE-2025-54068 NOMISEC CRITICAL WORKING POC
Laravel Livewire < 3.6.4 - Code Injection
Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is unique to Livewire v3 and does not affect prior major versions. Exploitation requires a component to be mounted and configured in a particular way, but does not require authentication or user interaction. This issue has been patched in Livewire v3.6.4. All users are strongly encouraged to upgrade to this version or later as soon as possible. No known workarounds are available.
117 stars
CVSS 9.8
CVE-2024-43468 NOMISEC CRITICAL WORKING POC
Microsoft Configuration Manager 2403 - SQL Injection
Microsoft Configuration Manager Remote Code Execution Vulnerability
95 stars
CVSS 9.8
CVE-2017-12542 NOMISEC CRITICAL WORKING POC
HP Integrated Lights-out 4 Firmware < 2.53 - Authentication Bypass
A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found.
89 stars
CVSS 10.0
CVE-2024-45409 NOMISEC CRITICAL WORKING POC
Ruby-SAML <=1.16.0 - Auth Bypass
The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.
83 stars
CVSS 10.0
CVE-2021-40539 NOMISEC CRITICAL WORKING POC
ManageEngine ADSelfService Plus CVE-2021-40539
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
47 stars
CVSS 9.8
CVE-2021-27246 NOMISEC HIGH WORKING POC
TP-Link Archer A7 AC1750 1.0.15 - RCE
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 1.0.15 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of MAC addresses by the tdpServer endpoint. A crafted TCP message can write stack pointers to the stack. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-12306.
45 stars
CVSS 8.0
CVE-2021-3492 NOMISEC HIGH WORKING POC
Canonical Ubuntu Linux < 18.04 - Memory Leak
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562.
42 stars
CVSS 8.8
CVE-2021-1782 NOMISEC HIGH WORKING POC
Apple Ipados < 14.4 - Improper Locking
A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited..
39 stars
CVSS 7.0
CVE-2020-27950 NOMISEC MEDIUM WORKING POC
Apple Ipados < 14.2 - Denial of Service
A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to disclose kernel memory.
34 stars
CVSS 5.5
CVE-2019-15846 NOMISEC CRITICAL WORKING POC
Exim <4.92.2 - RCE
Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.
30 stars
CVSS 9.8
CVE-2023-32413 NOMISEC HIGH WORKING POC
Apple Ipados < 15.7.6 - Race Condition
A race condition was addressed with improved state handling. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to gain root privileges.
15 stars
CVSS 7.0
CVE-2020-9289 NOMISEC HIGH WORKING POC
Fortinet Fortianalyzer < 6.2.3 - Hard-coded Credentials
Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key.
11 stars
CVSS 7.5
CVE-2019-6693 NOMISEC MEDIUM WORKING POC
Fortinet Fortios < 5.6.10 - Hard-coded Credentials
Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords (except the administrator's password), private keys' passphrases and High Availability password (when set).
11 stars
CVSS 6.5
CVE-2025-47228 GITHUB MEDIUM python WORKING POC
Netmake ScriptCase <9.12.006 - Command Injection
In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), shell injection in the SSH connection settings allows authenticated attackers to execute system commands via crafted HTTP requests.
9 stars
CVSS 6.7
CVE-2025-47227 NOMISEC HIGH WORKING POC
Netmake ScriptCase <9.12.006 - Auth Bypass
In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), the Administrator password reset mechanism is mishandled. Making both a GET and a POST request to login.php.is sufficient. An unauthenticated attacker can then bypass authentication via administrator account takeover.
9 stars
CVSS 7.5
CVE-2018-6789 NOMISEC CRITICAL WORKING POC
Exim < 4.90.1 - Buffer Overflow
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
9 stars
CVSS 9.8
CVE-2025-47178 NOMISEC HIGH WORKING POC
Microsoft Configuration Manager 2503 < 5.00.9135.1003 - SQL Injection
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to execute code over an adjacent network.
6 stars
CVSS 8.0
CVE-2024-23666 NOMISEC HIGH WORKING POC
Fortinet FortiAnalyzer-BigData <7.4.1 - Info Disclosure
A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14 allows attacker to improper access control via crafted requests.
6 stars
CVSS 7.5
CVE-2023-42791 NOMISEC HIGH WORKING POC
Fortinet Fortimanager < 6.2.12 - Path Traversal
A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests.
6 stars
CVSS 8.8
CVE-2019-8942 NOMISEC HIGH WORKING POC
Wordpress < 4.9.9 - Unrestricted File Upload
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943.
4 stars
CVSS 8.8
CVE-2017-5123 NOMISEC HIGH WORKING POC
Linux Kernel 4.13 through 4.13.7 - Sandbox Escape via waitid
Insufficient data validation in waitid allowed an user to escape sandboxes on Linux.
4 stars
CVSS 8.8
CVE-2025-59713 GITHUB MEDIUM python WORKING POC
Snipeitapp Snipe-it < 8.1.18 - Insecure Deserialization
Snipe-IT before 8.1.18 allows unsafe deserialization.
2 stars
CVSS 6.8
CVE-2025-59712 GITHUB MEDIUM python WORKING POC
Snipeitapp Snipe-it < 8.1.18 - XSS
Snipe-IT before 8.1.18 allows XSS.
2 stars
CVSS 6.4
CVE-2025-59213 NOMISEC HIGH WORKING POC
Microsoft Configuration Manager 2403 < 5.00.9128.1035 - SQL Injection
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges over an adjacent network.
CVSS 8.8