dylvie

4 exploits Active since Jul 2020
CVE-2024-9570 NOMISEC HIGH WORKING POC
D-Link DIR-619L B1 2.06 - Buffer Overflow via formEasySetTimezone curTime Argument
A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this issue is the function formEasySetTimezone of the file /goform/formEasySetTimezone. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
6 stars
CVSS 8.8
CVE-2020-35575 NOMISEC CRITICAL WORKING POC
TP-Link WA901ND <3.16.9(201211) beta - Info Disclosure
A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices.
1 stars
CVSS 9.8
CVE-2020-6287 NOMISEC CRITICAL WORKING POC
SAP NetWeaver AS JAVA - Missing Authentication Check
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check.
1 stars
CVSS 10.0
CVE-2026-30824 GITHUB CRITICAL python WORKING POC
Flowise < 3.0.13 - Unauthenticated Privileged Endpoint Access via NVIDIA NIM Router Whitelist
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the NVIDIA NIM router (/api/v1/nvidia-nim/*) is whitelisted in the global authentication middleware, allowing unauthenticated access to privileged container management and token generation endpoints. This issue has been patched in version 3.0.13.
CVSS 9.8