rxerium

40 exploits Active since Oct 2023
CVE-2025-61675 NOMISEC HIGH SCANNER
FreePBX endpoint SQLi to RCE
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the basestation, model, firmware, and custom extension configuration functionality areas. Authentication with a known username is required to exploit these vulnerabilities. Successful exploitation allows authenticated users to execute arbitrary SQL queries against the database, potentially enabling access to sensitive data or modification of database contents. This issue has been patched in version 16.0.92 for FreePBX 16 and version 17.0.6 for FreePBX 17.
47 stars
CVE-2025-68613 NOMISEC CRITICAL SCANNER
n8n Workflow Expression Remote Code Execution
n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. This issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0. Users are strongly advised to upgrade to a patched version, which introduces additional safeguards to restrict expression evaluation. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only; and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These workarounds do not fully eliminate the risk and should only be used as short-term measures.
28 stars
CVSS 9.9
CVE-2025-8110 NOMISEC HIGH SCANNER
Gogs < 0.13.3 - Local Code Execution via PutContents API Symbolic Link Handling
Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.
22 stars
CVSS 8.8
CVE-2025-8875 NOMISEC HIGH SCANNER
N-able N-central < 2025.3.1 - Local Code Execution via Untrusted Data Deserialization
Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.
21 stars
CVSS 7.8
CVE-2025-10035 NOMISEC CRITICAL SCANNER
Fortra GoAnywhere MFT < 7.6.3 - Deserialization of Untrusted Data via License Servlet
A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection.
19 stars
CVSS 10.0
CVE-2025-52691 NOMISEC CRITICAL SCANNER
SmarterMail < 100.0.9413 - Unauthenticated Arbitrary File Upload and Remote Code Execution
Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.
18 stars
CVSS 10.0
CVE-2025-68461 NOMISEC HIGH SCANNER
Roundcube Webmail < 1.5.12 and 1.6 < 1.6.12 - Cross-Site Scripting via SVG Animate Tag
Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document.
16 stars
CVSS 7.2
CVE-2025-26465 NOMISEC MEDIUM SCANNER
OpenSSH 6.9-9.7 - Machine-in-the-Middle Attack via VerifyHostKeyDNS Error Handling
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.
7 stars
CVSS 6.8
CVE-2023-40000 NOMISEC HIGH SCANNER
LiteSpeed Cache < 5.7 - Unauthenticated Stored Cross-Site Scripting
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 5.7.
7 stars
CVSS 8.3
CVE-2025-49113 NOMISEC CRITICAL SCANNER
Roundcube Webmail < 1.5.10 and 1.6.x < 1.6.11 - Authenticated Remote Code Execution via PHP Object Deserialization
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
5 stars
CVSS 9.9
CVE-2025-53690 NOMISEC CRITICAL SCANNER
Sitecore XM/X <9.0 - Code Injection
Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0.
5 stars
CVSS 9.0
CVE-2025-31324 NOMISEC CRITICAL SCANNER
SAP NetWeaver Visual Composer Metadata Uploader - Deserialization
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.
5 stars
CVSS 10.0
CVE-2025-26466 NOMISEC MEDIUM SCANNER
OpenSSH - Denial of Service via Ping Packet Memory Exhaustion
A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.
4 stars
CVSS 5.9
CVE-2025-0994 NOMISEC HIGH SCANNER
Trimble Cityworks < 15.8.9 - Authenticated Remote Code Execution via Deserialization
Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services (IIS) web server.
4 stars
CVSS 8.8
CVE-2025-40602 NOMISEC MEDIUM WRITEUP
SonicWall SMA6200/SMA6210/SMA7200/SMA7210/SMA8200v < 12.4.3-03245 Local Privilege Escalation
A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).
3 stars
CVSS 6.6
CVE-2024-39929 NOMISEC MEDIUM SCANNER
Exim < 4.97.1 - Improper Encoding or Escaping of Output via Multiline RFC 2231 Header Filename
Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users.
3 stars
CVSS 5.4
CVE-2025-7775 NOMISEC CRITICAL SCANNER
Citrix NetScaler ADC and Gateway 12.1-13.1 - Remote Code Execution and Denial of Service via Memory Overflow
Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers (OR) CR virtual server with type HDX
2 stars
CVSS 9.8
CVE-2025-26399 NOMISEC CRITICAL SCANNER
SolarWinds Web Help Desk < 12.8.6 - Unauthenticated Remote Code Execution via AjaxProxy Deserialization
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.
2 stars
CVSS 9.8
CVE-2025-37164 NOMISEC CRITICAL SCANNER
HPE OneView unauthenticated RCE
A remote code execution issue exists in HPE OneView.
2 stars
CVSS 10.0
CVE-2025-24016 NOMISEC CRITICAL SCANNER
Wazuh server remote code execution caused by an unsafe deserialization vulnerability.
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are a serialized as JSON and deserialized using `as_wazuh_object` (in `framework/wazuh/core/cluster/common.py`). If an attacker manages to inject an unsanitized dictionary in DAPI request/response, they can forge an unhandled exception (`__unhandled_exc__`) to evaluate arbitrary python code. The vulnerability can be triggered by anybody with API access (compromised dashboard or Wazuh servers in the cluster) or, in certain configurations, even by a compromised agent. Version 4.9.1 contains a fix.
2 stars
CVSS 9.9
CVE-2025-61675 GITHUB HIGH SCANNER
FreePBX endpoint SQLi to RCE
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the basestation, model, firmware, and custom extension configuration functionality areas. Authentication with a known username is required to exploit these vulnerabilities. Successful exploitation allows authenticated users to execute arbitrary SQL queries against the database, potentially enabling access to sensitive data or modification of database contents. This issue has been patched in version 16.0.92 for FreePBX 16 and version 17.0.6 for FreePBX 17.
1 stars
CVE-2025-61678 GITHUB HIGH SCANNER
FreePBX <16.0.92-17.0.6 - Authenticated File Upload
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains an authenticated arbitrary file upload vulnerability affecting the fwbrand parameter. The fwbrand parameter allows an attacker to change the file path. Combined, these issues can result in a webshell being uploaded. Authentication with a known username is required to exploit this vulnerability. Successful exploitation allows authenticated users to upload arbitrary files to attacker-controlled paths on the server, potentially leading to remote code execution. This issue has been patched in version 16.0.92 for FreePBX 16 and version 17.0.6 for FreePBX 17.
1 stars
CVE-2025-57819 NOMISEC CRITICAL SCANNER
FreePBX 15.0-15.0.65 - Unauthenticated Authentication Bypass and Remote Code Execution
FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.
1 stars
CVSS 9.8
CVE-2025-41244 NOMISEC HIGH SCANNER
VMware Aria Operations and VMware Tools - Local Privilege Escalation via SDMP
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
1 stars
CVSS 7.8
CVE-2024-32444 NOMISEC CRITICAL SCANNER
InspiryThemes RealHomes <4.3.6 - Privilege Escalation
Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes realhomes allows Privilege Escalation.This issue affects RealHomes: from n/a through <= 4.3.6.
1 stars
CVSS 9.8