hamm0nz

4 exploits Active since Mar 2022
CVE-2025-55182 NOMISEC CRITICAL SCANNER
React Server Components <19.2.0 - RCE
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
1 stars
CVSS 10.0
CVE-2020-18324 NOMISEC MEDIUM WRITEUP
Subrion CMS 4.2.1 - Cross-Site Scripting via Kickstart Template q Parameter
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template.
1 stars
CVSS 6.1
CVE-2020-18325 NOMISEC MEDIUM WORKING POC
Intelliants Subrion CMS 4.2.1 - Stored Cross-Site Scripting in Configuration Panel
Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel.
CVSS 6.1
CVE-2020-18326 NOMISEC HIGH WRITEUP
Intelliants Subrion CMS v4.2.1 - Unauthenticated Cross-Site Request Forgery via Members Administrator Function
Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user.
CVSS 8.8