airbus-cert

4 exploits Active since Mar 2022
CVE-2024-4040 NOMISEC CRITICAL SCANNER
CrushFTP < 10.7.1 - Unauthenticated Server-Side Template Injection
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
51 stars
CVSS 9.8
CVE-2022-0847 NOMISEC HIGH WORKING POC
Dirty Pipe Local Privilege Escalation via CVE-2022-0847
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
29 stars
CVSS 7.8
CVE-2025-24985 NOMISEC HIGH SCANNER
Windows Fast FAT Driver - Code Injection
Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.
2 stars
CVSS 7.8
CVE-2025-24799 NOMISEC HIGH SCANNER
GLPI 10.0.0-10.0.17 - Unauthenticated SQL Injection via Inventory Endpoint
GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 10.0.18.
CVSS 7.5