ninjazan420

4 exploits Active since Dec 2025
CVE-2026-1529 NOMISEC HIGH WORKING POC
Keycloak 26.5.0-26.5.2 - Unauthenticated Organization Access via JWT Invitation Token Tampering
A flaw was found in Keycloak. An attacker can exploit this vulnerability by modifying the organization ID and target email within a legitimate invitation token's JSON Web Token (JWT) payload. This lack of cryptographic signature verification allows the attacker to successfully self-register into an unauthorized organization, leading to unauthorized access.
3 stars
CVSS 8.1
CVE-2026-1729 NOMISEC CRITICAL WORKING POC
AdForest theme <6.0.12 - Auth Bypass
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the 'sb_login_user_with_otp_fun' function. This makes it possible for unauthenticated attackers to log in as arbitrary users, including administrators.
1 stars
CVSS 9.8
CVE-2025-52691 NOMISEC CRITICAL WORKING POC
SmarterMail < 100.0.9413 - Unauthenticated Arbitrary File Upload and Remote Code Execution
Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.
1 stars
CVSS 10.0
CVE-2025-60021 NOMISEC CRITICAL WRITEUP
Apache bRPC < 1.15.0 - Remote Command Injection via Heap Profiler extra_options Parameter
Remote command injection vulnerability in heap profiler builtin service in Apache bRPC ((all versions < 1.15.0)) on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service (/pprof/heap) does not validate the user-provided extra_options parameter and executes it as a command-line argument. Attackers can execute remote commands using the extra_options parameter.. Affected scenarios: Use the built-in bRPC heap profiler service to perform jemalloc memory profiling. How to Fix: we provide two methods, you can choose one of them: 1. Upgrade bRPC to version 1.15.0. 2. Apply this patch ( https://github.com/apache/brpc/pull/3101 ) manually.
CVSS 9.8