n0n4m3x41

3 exploits Active since Feb 2025
CVE-2025-1738 NOMISEC MEDIUM WORKING POC
Trivision Camera NC227WF <5.8.0 - Info Disclosure
A Password Transmitted over Query String vulnerability has been found in Trivision Camera NC227WF v5.8.0 from TrivisionSecurity, exposing this sensitive information to a third party.
CVSS 6.2
CVE-2025-1739 NOMISEC HIGH WORKING POC
Trivision Camera NC227WF v5.8.0 - Auth Bypass
An Authentication Bypass vulnerability has been found in Trivision Camera NC227WF v5.8.0 from TrivisionSecurity. This vulnerability allows an attacker to retrieve administrator's credentials in cleartext by sending a request against the server using curl with random credentials to "/en/player/activex_pal.asp" and successfully authenticating the application.
CVSS 7.1
CVE-2026-22738 NOMISEC CRITICAL WORKING POC
SpEL Injection via Unescaped Filter Key in SimpleVectorStore Leads to Remote Code Execution
In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression key are affected. This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.
CVSS 9.8