alexb616

2 exploits Active since Sep 2025

CVE-2026-24126 NOMISEC MEDIUM WORKING POC

Weblate <5.16.0 - Command Injection

Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to `ssh-add`. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management console.

1 stars

CVSS 6.6

View Code

CVE-2025-54236 NOMISEC CRITICAL WORKING POC

Magento SessionReaper

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.

CVSS 9.1

View Code