mil4ne - Security Researcher - Exploit Intelligence Platform

CVE-2023-23752 GITHUB MEDIUM c++ WORKING POC

Joomla! < 4.2.8 - Improper Access Control

An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.

3 stars

CVSS 5.3

View Code

CVE-2025-55182 GITHUB CRITICAL c++ WORKING POC

React Server Components <19.2.0 - RCE

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

3 stars

CVSS 10.0

View Code

CVE-2024-23897 GITHUB CRITICAL c++ WORKING POC

Jenkins cli Ampersand Replacement Arbitrary File Read

Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.

3 stars

CVSS 9.8

View Code

CVE-2024-23897 GITHUB CRITICAL c WORKING POC

Jenkins cli Ampersand Replacement Arbitrary File Read

Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.

3 stars

CVSS 9.8

View Code

CVE-2024-23897 NOMISEC CRITICAL WORKING POC

Jenkins cli Ampersand Replacement Arbitrary File Read

Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.

3 stars

CVSS 9.8

View Code

CVE-2023-23752 NOMISEC MEDIUM WORKING POC

Joomla! < 4.2.8 - Improper Access Control

An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.

3 stars

CVSS 5.3

View Code

CVE-2025-55182 NOMISEC CRITICAL WORKING POC

React Server Components <19.2.0 - RCE

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

2 stars

CVSS 10.0

View Code

CVE-2024-23897 NOMISEC CRITICAL WORKING POC

Jenkins cli Ampersand Replacement Arbitrary File Read

Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.

CVSS 9.8

View Code

CVE-2023-23752 VULNCHECK_XDB MEDIUM WORKING POC

Joomla! < 4.2.8 - Improper Access Control

An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.

CVSS 5.3

View Code