VeryLazyTech

21 exploits Active since Jan 2024
CVE-2024-10914 NOMISEC HIGH WORKING POC
D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L - OS Command Injection via cgi_user_add name Parameter
A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
47 stars
CVSS 8.1
CVE-2024-23692 NOMISEC CRITICAL WORKING POC
Rejetto HTTP File Server - Template injection
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.
43 stars
CVSS 9.8
CVE-2024-4956 NOMISEC HIGH WORKING POC
Sonatype Nexus Repository <3.68.1 - Path Traversal
Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.
16 stars
CVSS 7.5
CVE-2024-4358 NOMISEC CRITICAL WORKING POC
Telerik Report Server Auth Bypass and Deserialization RCE
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.
12 stars
CVSS 9.8
CVE-2025-3248 NOMISEC CRITICAL WORKING POC
Langflow AI - Unauthenticated Remote Code Execution
Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.
10 stars
CVSS 9.8
CVE-2024-23897 NOMISEC CRITICAL WORKING POC
Jenkins cli Ampersand Replacement Arbitrary File Read
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
10 stars
CVSS 9.8
CVE-2024-24919 NOMISEC HIGH WORKING POC
Check Point Quantum Gateway - Information Disclosure
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.
9 stars
CVSS 8.6
CVE-2024-50623 NOMISEC CRITICAL WORKING POC
Cleo Harmony, VLTrader, and LexiCom < 5.8.0.21 - Unrestricted File Upload and Remote Code Execution
In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.
8 stars
CVSS 9.8
CVE-2024-9935 NOMISEC HIGH WORKING POC
PDF Generator Addon - Path Traversal
The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.0.0 via the rtw_pgaepb_dwnld_pdf() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. CVE-2025-24569 may be a duplicate of this issue.
7 stars
CVSS 7.5
CVE-2024-9047 NOMISEC CRITICAL WORKING POC
WordPress File Upload <= 4.24.11 - Unauthenticated Path Traversal via wfu_file_downloader.php
The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitation requires the targeted WordPress installation to be using PHP 7.4 or earlier.
7 stars
CVSS 9.8
CVE-2024-45241 NOMISEC HIGH WRITEUP
CentralSquare CryWolf - Path Traversal
A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management) through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information.
6 stars
CVSS 7.5
CVE-2024-21534 NOMISEC CRITICAL WORKING POC
jsonpath-plus < 10.2.0 - Remote Code Execution via Unsafe vm Usage
All versions of the package jsonpath-plus are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. **Note:** There were several attempts to fix it in versions [10.0.0-10.1.0](https://github.com/JSONPath-Plus/JSONPath/compare/v9.0.0...v10.1.0) but it could still be exploited using [different payloads](https://github.com/JSONPath-Plus/JSONPath/issues/226).
5 stars
CVSS 9.8
CVE-2025-64446 NOMISEC CRITICAL WORKING POC
Fortinet FortiWeb unauthenticated RCE
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
4 stars
CVSS 9.8
CVE-2025-2539 NOMISEC HIGH WORKING POC
File Away <= 3.9.9.0.1 - Missing Authorization to Unauthenticated Arbitrary File Read
The File Away plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers, leveraging the use of a reversible weak algorithm, to read the contents of arbitrary files on the server, which can contain sensitive information.
4 stars
CVSS 7.5
CVE-2025-29306 NOMISEC CRITICAL WORKING POC
FoxCMS v.1.2.5 - Remote Code Execution
An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component.
2 stars
CVSS 9.8
CVE-2024-10914 NOMISEC HIGH WORKING POC
D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L - OS Command Injection via cgi_user_add name Parameter
A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
CVSS 8.1
CVE-2024-23692 EXPLOITDB CRITICAL python SCANNER
Rejetto HTTP File Server - Template injection
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.
CVSS 9.8
CVE-2024-4358 EXPLOITDB CRITICAL python WORKING POC
Telerik Report Server Auth Bypass and Deserialization RCE
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.
CVSS 9.8
CVE-2024-4956 EXPLOITDB HIGH python WORKING POC
Sonatype Nexus Repository <3.68.1 - Path Traversal
Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.
CVSS 7.5
CVE-2025-29306 EXPLOITDB CRITICAL WORKING POC
FoxCMS v.1.2.5 - Remote Code Execution
An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component.
CVSS 9.8
CVE-2025-3248 EXPLOITDB CRITICAL text WORKING POC
Langflow AI - Unauthenticated Remote Code Execution
Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.
CVSS 9.8