kali - Security Researcher - Exploit Intelligence Platform

CVE-2025-57819 NOMISEC CRITICAL WORKING POC

FreePBX 15.0-15.0.65 - Unauthenticated Authentication Bypass and Remote Code Execution

FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.

3 stars

CVSS 9.8

View Code

CVE-2025-57819 NOMISEC CRITICAL WORKING POC

FreePBX 15.0-15.0.65 - Unauthenticated Authentication Bypass and Remote Code Execution

FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.

3 stars

CVSS 9.8

View Code

CVE-2025-57819 NOMISEC CRITICAL WORKING POC

FreePBX 15.0-15.0.65 - Unauthenticated Authentication Bypass and Remote Code Execution

FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.

3 stars

CVSS 9.8

View Code

CVE-2018-19323 NOMISEC CRITICAL WORKING POC

GIGABYTE APP Center <v1.05.21 - Info Disclosure

The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs).

CVSS 9.8

View Code

CVE-2025-54309 NOMISEC CRITICAL WORKING POC

CrushFTP 10.0.0-10.8.4 and 11.0.0-11.3.3 - Unauthenticated Remote Admin Access via AS2 Validation Bypass

CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025.

CVSS 9.0

View Code

CVE-2025-54309 NOMISEC CRITICAL WORKING POC

CrushFTP 10.0.0-10.8.4 and 11.0.0-11.3.3 - Unauthenticated Remote Admin Access via AS2 Validation Bypass

CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025.

CVSS 9.0

View Code

CVE-2018-19323 NOMISEC CRITICAL WORKING POC

GIGABYTE APP Center <v1.05.21 - Info Disclosure

The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs).

CVSS 9.8

View Code

CVE-2025-54309 NOMISEC CRITICAL WORKING POC

CrushFTP 10.0.0-10.8.4 and 11.0.0-11.3.3 - Unauthenticated Remote Admin Access via AS2 Validation Bypass

CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025.

CVSS 9.0

View Code

CVE-2018-19323 NOMISEC CRITICAL WORKING POC

GIGABYTE APP Center <v1.05.21 - Info Disclosure

The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs).

CVSS 9.8

View Code

CVE-2026-24737 WRITEUP HIGH WRITEUP

jsPDF < 4.1.0 - Arbitrary PDF Object Injection via Acroform Module

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following methods or properties, a user can inject arbitrary PDF objects, such as JavaScript actions, which are executed when the victim opens the document. The vulnerable API members are AcroformChoiceField.addOption, AcroformChoiceField.setOptions, AcroFormCheckBox.appearanceState, and AcroFormRadioButton.appearanceState. The vulnerability has been fixed in [email protected].

CVSS 8.1

View Code