mrk336

17 exploits Active since Mar 2022
CVE-2025-26686 NOMISEC HIGH WRITEUP
Windows TCP/IP < - Memory Corruption
Sensitive data storage in improperly locked memory in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
32 stars
CVSS 7.5
CVE-2025-59287 GITHUB CRITICAL WORKING POC
Microsoft Windows Server 2012 - Insecure Deserialization
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
4 stars
CVSS 9.8
CVE-2025-54918 NOMISEC HIGH WRITEUP
Microsoft Windows 10 1507 < 10.0.10240.21128 - Authentication Bypass
Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.
4 stars
CVSS 8.8
CVE-2025-62215 NOMISEC HIGH WORKING POC
Microsoft Windows 10 1809 < 10.0.17763.8027 - Race Condition
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.
3 stars
CVSS 7.0
CVE-2025-42957 NOMISEC CRITICAL WORKING POC
SAP S/4HANA - Code Injection
SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system.
3 stars
CVSS 9.9
CVE-2025-23266 NOMISEC CRITICAL WRITEUP
Nvidia-container-toolkit < 1.17.8 - Untrusted Search Path
NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service.
2 stars
CVSS 9.0
CVE-2024-3094 NOMISEC CRITICAL WRITEUP
xz <5.6.0 - Code Injection
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
2 stars
CVSS 10.0
CVE-2025-55234 NOMISEC HIGH WRITEUP
SMB Server - Privilege Escalation
SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The SMB Server already supports mechanisms for hardening against relay attacks: SMB Server signing SMB Server Extended Protection for Authentication (EPA) Microsoft is releasing this CVE to provide customers with audit capabilities to help them to assess their environment and to identify any potential device or software incompatibility issues before deploying SMB Server hardening measures that protect against relay attacks. If you have not already enabled SMB Server hardening measures, we advise customers to take the following actions to be protected from these relay attacks: Assess your environment by utilizing the audit capabilities that we are exposing in the September 2025 security updates. See Support for Audit Events to deploy SMB Server Hardening—SMB Server Signing &amp; SMB Server EPA. Adopt appropriate SMB Server hardening measures.
1 stars
CVSS 8.8
CVE-2025-55234 NOMISEC HIGH WRITEUP
SMB Server - Privilege Escalation
SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The SMB Server already supports mechanisms for hardening against relay attacks: SMB Server signing SMB Server Extended Protection for Authentication (EPA) Microsoft is releasing this CVE to provide customers with audit capabilities to help them to assess their environment and to identify any potential device or software incompatibility issues before deploying SMB Server hardening measures that protect against relay attacks. If you have not already enabled SMB Server hardening measures, we advise customers to take the following actions to be protected from these relay attacks: Assess your environment by utilizing the audit capabilities that we are exposing in the September 2025 security updates. See Support for Audit Events to deploy SMB Server Hardening—SMB Server Signing &amp; SMB Server EPA. Adopt appropriate SMB Server hardening measures.
1 stars
CVSS 8.8
CVE-2025-59359 NOMISEC CRITICAL WRITEUP
Chaos-mesh Chaos Mesh < 2.7.3 - OS Command Injection
The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.
1 stars
CVSS 9.8
CVE-2025-54914 NOMISEC CRITICAL WORKING POC
Microsoft Azure Networking - Improper Access Control
Azure Networking Elevation of Privilege Vulnerability
1 stars
CVSS 10.0
CVE-2025-27480 NOMISEC HIGH WORKING POC
Remote Desktop Gateway Service - Use After Free
Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
1 stars
CVSS 8.1
CVE-2025-27480 NOMISEC HIGH WORKING POC
Remote Desktop Gateway Service - Use After Free
Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
1 stars
CVSS 8.1
CVE-2024-10220 NOMISEC HIGH WRITEUP
Kubernetes <1.28.11, 1.29.0-1.29.6, 1.30.0-1.30.2 - Command Injection
The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.
1 stars
CVSS 8.1
CVE-2021-3456 NOMISEC HIGH WRITEUP
Theforeman Smart Proxy Salt < 2.1.5 - Incorrect Authorization
An improper authorization handling flaw was found in Foreman. The Salt plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability.
1 stars
CVSS 7.1
CVE-2026-20805 NOMISEC MEDIUM WRITEUP
Desktop Windows Manager - Info Disclosure
Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.
CVSS 5.5
CVE-2025-2776 NOMISEC CRITICAL WRITEUP
SysAid On-Prem <= 23.3.40 - XML External Entity
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.
CVSS 9.3