theexploiters

5 exploits Active since Jun 2024
CVE-2024-27115 NOMISEC CRITICAL WORKING POC
SOPlanning - Remote Code Execution
A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publicly accessible folder before verifying any requirements. This leads to the possibility of execution of code on the underlying system when the file is triggered. The vulnerability has been remediated in version 1.52.02.
5 stars
CVSS 9.8
CVE-2024-36840 NOMISEC CRITICAL WRITEUP
Boelter Blue System Management <1.3 - SQL Injection
SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to news_details.php and location_details.php; and the section parameter to services.php.
2 stars
CVSS 9.1
CVE-2024-39123 NOMISEC MEDIUM WRITEUP
Janeczku Calibre-web < 0.6.21 - XSS
In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vulnerable to Cross Site Scripting (XSS) due to improper sanitization performed by the clean_string function. The vulnerability arises from the way the clean_string function handles HTML sanitization.
2 stars
CVSS 5.4
CVE-2024-40111 NOMISEC MEDIUM WORKING POC
Automad 2.0.0-alpha.4 - XSS
A persistent (stored) cross-site scripting (XSS) vulnerability has been identified in Automad 2.0.0-alpha.4. This vulnerability enables an attacker to inject malicious JavaScript code into the template body. The injected code is stored within the flat file CMS and is executed in the browser of any user visiting the forum.
2 stars
CVSS 4.8
CVE-2024-42845 NOMISEC HIGH WORKING POC
InVesalius <3.1.99998 - Code Injection
An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file.
2 stars
CVSS 8.0