kaizensecurity

4 exploits Active since Nov 2021
CVE-2025-53770 NOMISEC CRITICAL SUSPICIOUS
Microsoft SharePoint Server - Code Injection
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.
43 stars
CVSS 9.8
CVE-2026-21509 NOMISEC HIGH WORKING POC
Microsoft 365 Apps and Office - Security Feature Bypass via Untrusted Input
Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.
CVSS 7.8
CVE-2023-37790 NOMISEC MEDIUM WRITEUP
Jaspersoft Clarity PPM 14.3.0.298 - Arbitrary File Upload via Profile Picture Upload
Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnerability via the Profile Picture Upload function.
CVSS 5.4
CVE-2021-41277 NOMISEC CRITICAL SCANNER
Metabase - Path Traversal and Local File Inclusion via Custom GeoJSON Map URL
Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (`admin->settings->maps->custom maps->add a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded. This issue is fixed in a new maintenance release (0.40.5 and 1.40.5), and any subsequent release after that. If you’re unable to upgrade immediately, you can mitigate this by including rules in your reverse proxy or load balancer or WAF to provide a validation filter before the application.
CVSS 10.0