mrk336

19 exploits Active since Mar 2022
CVE-2025-26686 NOMISEC HIGH WRITEUP
Windows TCP/IP < - Memory Corruption
Sensitive data storage in improperly locked memory in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
32 stars
CVSS 7.5
CVE-2025-59287 GITHUB CRITICAL WORKING POC
Windows Server 2012, 2016, 2019, 2022, 2025 - Unauthenticated RCE via Deserialization
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
4 stars
CVSS 9.8
CVE-2025-54918 NOMISEC HIGH WRITEUP
Windows 10 1507-22H2, Windows 11 22H2-24H2, Windows Server 2008 - Privilege Escalation via NTLM Authentication
Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.
4 stars
CVSS 8.8
CVE-2025-62215 NOMISEC HIGH WORKING POC
Windows Kernel - Use-After-Free via Race Condition
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.
3 stars
CVSS 7.0
CVE-2025-42957 NOMISEC CRITICAL WORKING POC
SAP S/4HANA - Authenticated ABAP Code Injection via RFC Function Module
SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system.
3 stars
CVSS 9.9
CVE-2025-23266 NOMISEC CRITICAL WRITEUP
NVIDIA Container Toolkit < 1.17.8 - Untrusted Search Path via Container Initialization Hooks
NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service.
2 stars
CVSS 9.0
CVE-2024-3094 NOMISEC CRITICAL WRITEUP
xz <5.6.0 - Code Injection
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
2 stars
CVSS 10.0
CVE-2026-41096 NOMISEC CRITICAL WRITEUP
Microsoft Windows 11 version 22H3 - Windows DNS Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.
1 stars
CVSS 9.8
CVE-2025-54914 NOMISEC CRITICAL WORKING POC
Azure Networking - Improper Access Control
Azure Networking Elevation of Privilege Vulnerability
1 stars
CVSS 10.0
CVE-2025-55234 NOMISEC HIGH WRITEUP
Windows 10 1507-22H2, Windows 11 22H2-24H2, Windows Server 2008 - SMB Server Relay Attack via Improper Authentication
SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The SMB Server already supports mechanisms for hardening against relay attacks: SMB Server signing SMB Server Extended Protection for Authentication (EPA) Microsoft is releasing this CVE to provide customers with audit capabilities to help them to assess their environment and to identify any potential device or software incompatibility issues before deploying SMB Server hardening measures that protect against relay attacks. If you have not already enabled SMB Server hardening measures, we advise customers to take the following actions to be protected from these relay attacks: Assess your environment by utilizing the audit capabilities that we are exposing in the September 2025 security updates. See Support for Audit Events to deploy SMB Server Hardening—SMB Server Signing &amp; SMB Server EPA. Adopt appropriate SMB Server hardening measures.
1 stars
CVSS 8.8
CVE-2025-55234 NOMISEC HIGH WRITEUP
Windows 10 1507-22H2, Windows 11 22H2-24H2, Windows Server 2008 - SMB Server Relay Attack via Improper Authentication
SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The SMB Server already supports mechanisms for hardening against relay attacks: SMB Server signing SMB Server Extended Protection for Authentication (EPA) Microsoft is releasing this CVE to provide customers with audit capabilities to help them to assess their environment and to identify any potential device or software incompatibility issues before deploying SMB Server hardening measures that protect against relay attacks. If you have not already enabled SMB Server hardening measures, we advise customers to take the following actions to be protected from these relay attacks: Assess your environment by utilizing the audit capabilities that we are exposing in the September 2025 security updates. See Support for Audit Events to deploy SMB Server Hardening—SMB Server Signing &amp; SMB Server EPA. Adopt appropriate SMB Server hardening measures.
1 stars
CVSS 8.8
CVE-2025-59359 NOMISEC CRITICAL WRITEUP
chaos-mesh < 2.7.3 - Unauthenticated Remote Code Execution via cleanTcs Mutation
The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.
1 stars
CVSS 9.8
CVE-2025-27480 NOMISEC HIGH WORKING POC
Remote Desktop Gateway Service - Use After Free
Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
1 stars
CVSS 8.1
CVE-2025-27480 NOMISEC HIGH WORKING POC
Remote Desktop Gateway Service - Use After Free
Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
1 stars
CVSS 8.1
CVE-2024-10220 NOMISEC HIGH WRITEUP
Kubernetes <1.28.11, 1.29.0-1.29.6, 1.30.0-1.30.2 - Command Injection
The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.
1 stars
CVSS 8.1
CVE-2021-3456 NOMISEC HIGH WRITEUP
Foreman smart_proxy_salt < 2.1.5 - Authenticated Incorrect Authorization
An improper authorization handling flaw was found in Foreman. The Salt plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability.
1 stars
CVSS 7.1
CVE-2026-1238 GITHUB HIGH WRITEUP
SlimStat Analytics <= 5.3.5 - Unauthenticated Stored Cross-Site Scripting via 'fh'
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fh' (fingerprint) parameter in all versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS 7.2
CVE-2026-20805 NOMISEC MEDIUM WRITEUP
Desktop Windows Manager - Info Disclosure
Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.
CVSS 5.5
CVE-2025-2776 NOMISEC CRITICAL WRITEUP
SysAid On-Prem <= 23.3.40 - XML External Entity
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.
CVSS 9.3