watchtowrlabs

37 exploits Active since Jun 2022
CVE-2022-26377 NOMISEC HIGH WORKING POC
Apache HTTP Server <2.4.53 - SSRF
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.
5 stars
CVSS 7.5
CVE-2025-40553 GITHUB CRITICAL python WORKING POC
Solarwinds Web Help Desk < 2026.1 - Insecure Deserialization
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
4 stars
CVSS 9.8
CVE-2024-48248 NOMISEC HIGH WORKING POC
Nakivo Backup & Replication Director - Absolute Path Traversal
NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router (this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials).
3 stars
CVSS 8.6
CVE-2025-36604 NOMISEC HIGH WORKING POC
Dell Unity Operating Environment < 5.5.1.0 - OS Command Injection
Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.
2 stars
CVSS 7.3
CVE-2022-34298 NOMISEC MEDIUM WORKING POC
OpenAM <14.6.6 - Privilege Escalation
The NT auth module in OpenAM before 14.6.6 allows a "replace Samba username attack."
2 stars
CVSS 5.3
CVE-2025-71260 GITHUB HIGH python WORKING POC
BMC FootPrints ITSM 20.20.02 <= 20.24.01.001 VIEWSTATE Deserialization RCE
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply crafted serialized objects to the VIEWSTATE parameter to achieve remote code execution and fully compromise the application. The following hotfixes remediate the vulnerability: 20.20.02, 20.20.03.002, 20.21.01.001, 20.21.02.002, 20.22.01, 20.22.01.001, 20.23.01, 20.23.01.002, and 20.24.01.
1 stars
CVSS 8.8
CVE-2026-41940 GITHUB CRITICAL python WORKING POC
cPanel and WHM Authentication Bypass via Login Flow
cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
CVSS 9.8
CVE-2026-2699 NOMISEC CRITICAL SCANNER
EAR vulnerability in Progress ShareFile Storage Zones Controller (SZC)
Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.
CVSS 9.8
CVE-2026-32746 NOMISEC CRITICAL SCANNER
GNU inetutils through 2.7 - Buffer Overflow
telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.
CVSS 9.8
CVE-2026-21902 NOMISEC CRITICAL WORKING POC
Juniper Junos OS Evolved - RCE
An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to execute code as root. The On-Box Anomaly detection framework should only be reachable by other internal processes over the internal routing instance, but not over an externally exposed port. With the ability to access and manipulate the service to execute code as root a remote attacker can take complete control of the device. Please note that this service is enabled by default as no specific configuration is required. This issue affects Junos OS Evolved on PTX Series: * 25.4 versions before 25.4R1-S1-EVO, 25.4R2-EVO. This issue does not affect Junos OS Evolved versions before 25.4R1-EVO. This issue does not affect Junos OS.
CVSS 9.8
CVE-2025-40552 NOMISEC CRITICAL WORKING POC
Solarwinds Web Help Desk < 2026.1 - Authentication Bypass
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.
CVSS 9.8
CVE-2025-54309 NOMISEC CRITICAL WORKING POC
CrushFTP <10.8.5-11.3.4.23 - RCE
CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025.
CVSS 9.0