fevar54

32 exploits Active since Mar 2024
CVE-2026-0628 NOMISEC HIGH WORKING POC
Google Chrome < 143.0.7499.192 - Insufficient Policy Enforcement in WebView Tag
Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)
CVSS 8.8
CVE-2025-4679 NOMISEC MEDIUM WORKING POC
Synology Active Backup for Microsoft 365 - Info Disclosure
A vulnerability in Synology Active Backup for Microsoft 365 allows remote authenticated attackers to obtain sensitive information via unspecified vectors.
CVSS 6.5
CVE-2025-20343 NOMISEC HIGH WRITEUP
Cisco Identity Services Engine - Denial of Service via RADIUS Request Processing
A vulnerability in the RADIUS setting Reject RADIUS requests from clients with repeated failures on Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause Cisco ISE to restart unexpectedly. This vulnerability is due to a logic error when processing a RADIUS access request for a MAC address that is already a rejected endpoint. An attacker could exploit this vulnerability by sending a specific sequence of multiple crafted RADIUS access request messages to Cisco ISE. A successful exploit could allow the attacker to cause a denial of service (DoS) condition when Cisco ISE restarts.
CVSS 8.6
CVE-2025-29943 NOMISEC MEDIUM WORKING POC
AMD EPYC 9004/9005/8004, Embedded 7003/9005 - Write-What-Where via CPU Pipeline Config
Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline potentially resulting in the corruption of the stack pointer inside an SEV-SNP guest.
CVE-2024-42461 NOMISEC CRITICAL WRITEUP
elliptic 6.5.6 - Improper Verification of Cryptographic Signature via BER-Encoded ECDSA Signatures
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.
CVSS 9.1
CVE-2024-3094 NOMISEC CRITICAL SCANNER
xz <5.6.0 - Code Injection
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
CVSS 10.0
CVE-2026-21858 VULNCHECK_XDB CRITICAL WRITEUP
n8n 1.65.0-1.120.9 - Unauthenticated Arbitrary File Read via Form-Based Workflow Execution
n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0.
CVSS 10.0