secdongle

2 exploits Active since Dec 2025
CVE-2025-69194 NOMISEC HIGH WORKING POC
GNU Wget2 < 2.2.1 - Path Traversal via Metalink File Name Element
A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink <file name> elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially allow further compromise of the user’s environment.
1 stars
CVSS 8.8
CVE-2025-14700 NOMISEC CRITICAL WORKING POC
Crafty Controller - Authenticated Remote Code Execution via Webhook Template Injection
An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection.
CVSS 9.9