uky007

4 exploits Active since Nov 2025
CVE-2026-20841 NOMISEC HIGH WORKING POC
Windows Notepad App - Command Injection
Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally.
2 stars
CVSS 7.8
CVE-2026-34005 NOMISEC HIGH WRITEUP
Xiongmai DVR/NVR devices 4.03.R11 - Authenticated OS Command Injection via HostName Parameter
In Sofia on Xiongmai DVR/NVR (AHB7008T-MH-V2 and NBD7024H-P) 4.03.R11 devices, root OS command injection can occur via shell metacharacters in the HostName value via an authenticated DVRIP protocol (TCP port 34567) request to the NetWork.NetCommon configuration handler, because system() is used.
1 stars
CVSS 8.8
CVE-2026-6644 GITHUB CRITICAL python WRITEUP
A command injection vulnerability was found in the PPTP VPN Clients on the ADM
A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability allows an administrative user to break out of the restricted web environment and execute arbitrary code on the underlying operating system. This occurs due to insufficient validation of user-supplied input before it is passed to a system shell. Successful exploitation allows an attacker to achieve Remote Code Execution (RCE) and fully compromise the system. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.RR42 as well as from ADM 5.0.0 through ADM 5.1.2.REO1.
CVSS 9.1
CVE-2025-62215 NOMISEC HIGH STUB
Windows Kernel - Use-After-Free via Race Condition
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVSS 7.0