pescada-dev

4 exploits Active since Aug 2025
CVE-2025-8088 NOMISEC HIGH SCANNER
WinRAR < 7.13 - Path Traversal and Arbitrary Code Execution via Malicious Archive
A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.
1 stars
CVSS 8.8
CVE-2025-61505 NOMISEC MEDIUM WRITEUP
e107 < 2.3.3 - Remote Code Execution via Insecure Deserialization in install.php
e107 CMS thru 2.3.3 are vulnerable to insecure deserialization in the `install.php` script. The script processes user-controlled input in the `previous_steps` POST parameter using `unserialize(base64_decode())` without validation, allowing attackers to craft malicious serialized data. This could lead to remote code execution, arbitrary file operations, or denial of service, depending on available PHP object gadgets in the codebase.
1 stars
CVSS 6.5
CVE-2025-61506 NOMISEC CRITICAL WORKING POC
MediaCrush < 1.0.1 - Unauthenticated Arbitrary File Upload via /upload Endpoint
An issue was discovered in MediaCrush thru 1.0.1 allowing remote unauthenticated attackers to upload arbitrary files of any size to the /upload endpoint.
1 stars
CVSS 9.8
CVE-2025-22381 NOMISEC HIGH WRITEUP
Aggie 2.6.1 - Unauthenticated Password Reset via Host Header Injection
Aggie 2.6.1 has a Host Header injection vulnerability in the forgot password functionality, allowing an attacker to reset a user's password.
1 stars
CVSS 8.2