litndat

4 exploits Active since Sep 2021
CVE-2021-33044 NOMISEC CRITICAL WORKING POC
Dahua IPC-HUM7XXX IPC-HX3XXX IPC-HX5XXX SD1A1 SD22 SD49 SD50 SD52C SD6AL TPC-BF1241 Firmware Authentication Bypass
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.
CVSS 9.8
CVE-2025-58034 GITHUB HIGH python WORKING POC
FortiWeb 7.0.0-7.0.11, 7.2.0-7.2.11, 7.4.0-7.4.10, 7.6.0-7.6.5, 8.0.0-8.0.1 - OS Command Injection
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.
CVSS 7.2
CVE-2025-55182 NOMISEC CRITICAL WORKING POC
React Server Components <19.2.0 - RCE
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
CVSS 10.0
CVE-2025-64446 NOMISEC CRITICAL WORKING POC
Fortinet FortiWeb unauthenticated RCE
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
CVSS 9.8