passwa11

10 exploits Active since Apr 2023
CVE-2024-26026 NOMISEC HIGH WORKING POC
F5 Big-ip Next Central Manager < 20.2.0 - SQL Injection
An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI).  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
5 stars
CVSS 7.5
CVE-2023-20562 NOMISEC HIGH WORKING POC
AMD uProf - Privilege Escalation
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.
4 stars
CVSS 7.8
CVE-2024-27198 NOMISEC CRITICAL WORKING POC
TeamCity < 2023.11.4 - Authentication Bypass
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
3 stars
CVSS 9.8
CVE-2024-6387 NOMISEC HIGH WORKING POC
OpenSSH - DoS
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
1 stars
CVSS 8.1
CVE-2023-3519 NOMISEC CRITICAL WORKING POC
Unspecified Product <Version> - RCE
Unauthenticated remote code execution
1 stars
CVSS 9.8
CVE-2025-22912 NOMISEC CRITICAL WORKING POC
Edimax Re11s Firmware - Command Injection
RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform/formAccept.
CVSS 9.8
CVE-2023-47218 NOMISEC MEDIUM WORKING POC
Qnap Qts < 5.1.5.2645 - Command Injection
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later
CVSS 5.8
CVE-2023-4357 NOMISEC HIGH TROJAN
Google Chrome <116.0.5845.96 - Auth Bypass
Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVSS 8.8
CVE-2023-38646 NOMISEC CRITICAL WORKING POC
Metabase <0.46.6.1-1.46.6.1 - RCE
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
CVSS 9.8
CVE-2023-29017 NOMISEC CRITICAL WORKING POC
vm2 <3.9.15 - RCE
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Prior to version 3.9.15, vm2 was not properly handling host objects passed to `Error.prepareStackTrace` in case of unhandled async errors. A threat actor could bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.15 of vm2. There are no known workarounds.
CVSS 10.0