born0monday

6 exploits Active since Mar 2023
CVE-2022-45460 NOMISEC CRITICAL WORKING POC
Xiongmai NBD6808T-PL and MBD6304T Firmware - Unauthenticated Remote Code Execution via URI Buffer Overflow
Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow an unauthenticated and remote user to exploit a stack-based buffer overflow and crash the web server, resulting in a system reboot. An unauthenticated and remote attacker can execute arbitrary code by sending a crafted HTTP request that triggers the overflow condition via a long URI passed to a sprintf call. NOTE: this is different than CVE-2018-10088, but this may overlap CVE-2017-16725.
5 stars
CVSS 9.8
CVE-2025-8760 GITHUB CRITICAL python WORKING POC
INSTAR 2K+/4K <3.11.1.1124 - Buffer Overflow
A vulnerability was identified in INSTAR 2K+ and 4K 3.11.1 Build 1124. This affects the function base64_decode of the component fcgi_server. The manipulation of the argument Authorization leads to buffer overflow. It is possible to initiate the attack remotely.
4 stars
CVSS 9.8
CVE-2026-4391 GITHUB MEDIUM rust WORKING POC
TeamSpeak 3 Server ECC Key heap-based overflow
A security vulnerability has been detected in TeamSpeak 3 Server up to 3.13.7. This vulnerability affects unknown code of the component ECC Key Parser. Such manipulation leads to heap-based buffer overflow. The attack may be launched remotely. Upgrading to version 3.13.8 is able to resolve this issue. It is suggested to upgrade the affected component.
CVSS 5.3
CVE-2026-4392 GITHUB MEDIUM rust WORKING POC
TeamSpeak 3 Server clientek Handshake assertion
A vulnerability was detected in TeamSpeak 3 Server up to 3.13.7. This issue affects some unknown processing of the component clientek Handshake Handler. Performing a manipulation of the argument proof results in reachable assertion. Remote exploitation of the attack is possible. Upgrading to version 3.13.8 is capable of addressing this issue. Upgrading the affected component is recommended.
CVSS 5.3
CVE-2026-4390 NOMISEC MEDIUM WORKING POC
TeamSpeak 3 Server Connection State Management process_resend_queue use after free
A weakness has been identified in TeamSpeak 3 Server up to 3.13.7. This affects the function process_resend_queue of the component Connection State Management. This manipulation causes use after free. The attack may be initiated remotely. Upgrading to version 3.13.8 is able to mitigate this issue. The affected component should be upgraded.
CVSS 5.4
CVE-2025-8067 NOMISEC HIGH WORKING POC
Udisks daemon - Privilege Escalation
A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the file descriptor list and index specifying the file where the loop device should be backed. The function itself validates the index value to ensure it isn't bigger than the maximum value allowed. However, it fails to validate the lower bound, allowing the index parameter to be a negative value. Under these circumstances, an attacker can cause the UDisks daemon to crash or perform a local privilege escalation by gaining access to files owned by privileged users.
CVSS 8.5