partywavesec

5 exploits Active since Aug 2024
CVE-2024-42845 NOMISEC HIGH WORKING POC
InVesalius <3.1.99998 - Code Injection
An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file.
3 stars
CVSS 8.0
CVE-2024-54819 NOMISEC CRITICAL WORKING POC
I, Librarian <5.11.1 - SSRF
I, Librarian before and including 5.11.1 is vulnerable to Server-Side Request Forgery (SSRF) due to improper input validation in classes/security/validation.php
1 stars
CVSS 9.1
CVE-2024-55557 NOMISEC CRITICAL WORKING POC
Weasis 4.5.1 - Info Disclosure
ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encryption of proxy credentials.
1 stars
CVSS 9.8
CVE-2024-42346 NOMISEC HIGH SUSPICIOUS
Galaxy < 24.1.1 - XSS
Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All supported branches of Galaxy (and more back to release_20.05) were amended with the supplied patches. Users are advised to upgrade. There are no known workarounds for this vulnerability.
1 stars
CVSS 7.6
CVE-2025-55816 NOMISEC MEDIUM WRITEUP
HotelDruid <3.0.7 - XSS
HotelDruid v3.0.7 and before is vulnerable to Cross Site Scripting (XSS) in the /modifica_app.php file.
CVSS 6.1