vigilante-1337

5 exploits Active since Mar 2024
CVE-2025-3248 NOMISEC CRITICAL WRITEUP
Langflow AI - Unauthenticated Remote Code Execution
Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.
1 stars
CVSS 9.8
CVE-2025-26014 NOMISEC CRITICAL STUB
Olajowon Loggrove - Code Injection
A Remote Code Execution (RCE) vulnerability in Loggrove v.1.0 allows a remote attacker to execute arbitrary code via the path parameter.
CVSS 9.8
CVE-2025-32433 NOMISEC CRITICAL WRITEUP
Erlang OTP Pre-Auth RCE Scanner and Exploit
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
CVSS 10.0
CVE-2024-11635 NOMISEC CRITICAL WRITEUP
WordPress File Upload <4.24.12 - RCE
The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfu_ABSPATH' cookie parameter. This makes it possible for unauthenticated attackers to execute code on the server.
CVSS 9.8
CVE-2023-29386 NOMISEC CRITICAL WRITEUP
Julien Crego Manager <2.0 - Unrestricted Upload
Unrestricted Upload of File with Dangerous Type vulnerability in Julien Crego Manager for Icomoon.This issue affects Manager for Icomoon: from n/a through 2.0.
CVSS 9.1