bartfroklage

3 exploits Active since Jun 2024
CVE-2024-37383 NOMISEC MEDIUM WORKING POC
Roundcube Webmail < 1.5.7 - XSS
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.
5 stars
CVSS 6.1
CVE-2025-24752 NOMISEC HIGH SCANNER
Wpdeveloper Essential Addons For Elementor < 6.0.15 - XSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Reflected XSS.This issue affects Essential Addons for Elementor: from n/a through <= 6.0.14.
1 stars
CVSS 7.1
CVE-2026-41679 NOMISEC CRITICAL WORKING POC
Paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass
Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in `authenticated` mode with default configuration. No user interaction, no credentials, just the target's address. The chain consists of six API calls. The attack is fully automated, requires no user interaction, and works against the default deployment configuration. Version 2026.416.0 patches the issue.
CVSS 10.0