p0et08

5 exploits Active since Apr 2024
CVE-2024-50498 NOMISEC CRITICAL WORKING POC
WP Query Console <= 1.0 - Remote Code Execution
Improper Control of Generation of Code ('Code Injection') vulnerability in Ajit Bohra WP Query Console wp-query-console allows Code Injection.This issue affects WP Query Console: from n/a through <= 1.0.
1 stars
CVSS 10.0
CVE-2025-51040 NOMISEC HIGH WRITEUP
Electrolink FM/DAB/TV - Unauthorized Access
Electrolink FM/DAB/TV Transmitter Web Management System Unauthorized access vulnerability via the /FrameSetCore.html endpoint in Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Web v01.09, v01.08, v01.07, and Display v1.4, v1.2.
CVSS 7.5
CVE-2025-57576 NOMISEC MEDIUM WRITEUP
PHPGurukul Online Shopping Portal 2.1 - Cross-Site Scripting in /admin/updateorder.php
PHPGurukul Online Shopping Portal 2.1 is vulnerable to Cross Site Scripting (XSS) in /admin/updateorder.php.
CVSS 5.4
CVE-2024-29973 NOMISEC CRITICAL WORKING POC
Zyxel NAS326 <V5.21(AAZF.17)C0 - Command Injection
** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.
CVSS 9.8
CVE-2024-27348 NOMISEC CRITICAL WORKING POC
Apache HugeGraph-Server - Remote Command Execution
RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.
CVSS 9.8