polict

6 exploits Active since Mar 2019
CVE-2019-9202 NOMISEC HIGH WORKING POC
Nagios IM <2.2.7 - Authenticated RCE
Nagios IM (component of Nagios XI) before 2.2.7 allows authenticated users to execute arbitrary code via API key issues.
4 stars
CVSS 8.8
CVE-2025-48073 WRITEUP MEDIUM WORKING POC
OpenEXR 3.3.2 - Denial of Service via NULL Pointer Dereference in Deep Scanline Image Processing
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, when reading a deep scanline image with a large sample count in reduceMemory mode, it is possible to crash a target application with a NULL pointer dereference in a write operation. This is fixed in version 3.3.3.
CVSS 6.2
CVE-2025-48074 WRITEUP MEDIUM WORKING POC
OpenEXR 3.3.2 - Allocation of Resources Without Limits via Unvalidated DataWindow Size
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance degradation when processing malicious files. This is fixed in version 3.3.3.
CVSS 5.5
CVE-2025-53009 WRITEUP HIGH WORKING POC
MaterialX <= 1.39.2 - Stack-based Buffer Overflow in MTLX File Parsing
MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In versions 1.39.2 and below, when parsing an MTLX file with multiple nested nodegraph implementations, the MaterialX XML parsing logic can potentially crash due to stack exhaustion. An attacker could intentionally crash a target program that uses OpenEXR by sending a malicious MTLX file. This is fixed in version 1.39.3.
CVSS 7.5
CVE-2025-53010 WRITEUP HIGH WORKING POC
MaterialX 1.39.2 - Denial of Service via Null Pointer Dereference in MTLX Shader Node Parsing
MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, when parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously crafted files. An attacker could intentionally crash a target program that uses OpenEXR by sending a malicious MTLX file. This is fixed in version 1.39.3.
CVSS 7.5
CVE-2025-53011 WRITEUP HIGH WORKING POC
MaterialX 1.39.2 - Denial of Service via Malicious MTLX File Parsing
MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, when parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously crafted files. An attacker could intentionally crash a target program that uses MaterialX by sending a malicious MTLX file. This is fixed in version 1.39.3.
CVSS 7.5