machevalia

3 exploits Active since Aug 2021
CVE-2021-31630 NOMISEC HIGH WORKING POC
OpenPLC Webserver v3 - Remote Code Execution via Hardware Layer Code Box
Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application.
3 stars
CVSS 8.8
CVE-2025-14733 NOMISEC CRITICAL SCANNER
WatchGuard Fireware <=12.11.5/2025.1.3 - Unauthenticated RCE via IKEv2 VPN
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.5 and 2025.1 up to and including 2025.1.3.
CVSS 9.8
CVE-2024-0692 NOMISEC HIGH WORKING POC
SolarWinds Security Event Manager - RCE
The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution.
CVSS 8.8