TheCyberGeek

8 exploits Active since Nov 2019
CVE-2025-24367 NOMISEC HIGH WORKING POC
Cacti Graph Template authenticated RCE versions prior to 1.2.29
Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.
28 stars
CVSS 8.8
CVE-2019-16405 NOMISEC HIGH WORKING POC
Centreon Web , 18.10.x , 19.04.x , 19.10.x <2.8.30 <18.10.8 <19.04.5 - Remote Code Execution
Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may be the same.
9 stars
CVSS 7.2
CVE-2020-5844 NOMISEC HIGH WORKING POC
Pandora FMS v7.0 NG - Authenticated RCE
index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affects v7.0NG.742_FIX_PERL2020.
6 stars
CVSS 7.2
CVE-2026-4480 GITHUB CRITICAL python WORKING POC
Samba: samba: remote code execution in printing subsystem via unescaped job description
A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by sending a specially crafted print job description that contains unescaped shell characters. This could lead to remote code execution on the affected system.
CVSS 9.0
CVE-2026-3888 NOMISEC HIGH WORKING POC
Local Privilege Escalation in snapd
Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS.
CVSS 7.8
CVE-2025-24367 NOMISEC HIGH WORKING POC
Cacti Graph Template authenticated RCE versions prior to 1.2.29
Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.
CVSS 8.8
CVE-2025-24367 NOMISEC HIGH WORKING POC
Cacti Graph Template authenticated RCE versions prior to 1.2.29
Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.
CVSS 8.8
CVE-2019-16405 EXPLOITDB HIGH ruby WORKING POC
Centreon Web , 18.10.x , 19.04.x , 19.10.x <2.8.30 <18.10.8 <19.04.5 - Remote Code Execution
Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may be the same.
CVSS 7.2