watchtowrlabs

41 exploits Active since Jun 2022
CVE-2022-26377 NOMISEC HIGH WORKING POC
Apache HTTP Server 2.4.0-2.4.53 - HTTP Request Smuggling via mod_proxy_ajp
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.
5 stars
CVSS 7.5
CVE-2025-40553 GITHUB CRITICAL python WORKING POC
SolarWinds Web Help Desk < 2026.1 - Unauthenticated Remote Code Execution via Untrusted Data Deserialization
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
4 stars
CVSS 9.8
CVE-2024-48248 NOMISEC HIGH WORKING POC
NAKIVO Backup & Replication < 11.0.0.88174 - Absolute Path Traversal via getImageByPath
NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router (this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials).
3 stars
CVSS 8.6
CVE-2026-10523 GITHUB CRITICAL python WORKING POC
Ivanti Sentry - Authentication Bypass Using an Alternate Path or Channel
An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access
2 stars
CVSS 9.9
CVE-2025-36604 NOMISEC HIGH WORKING POC
Dell Unity Operating Environment < 5.5.1.0 - Unauthenticated OS Command Injection
Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.
2 stars
CVSS 7.3
CVE-2022-34298 NOMISEC MEDIUM WORKING POC
OpenAM <14.6.6 - Privilege Escalation
The NT auth module in OpenAM before 14.6.6 allows a "replace Samba username attack."
2 stars
CVSS 5.3
CVE-2026-20253 GITHUB CRITICAL python SCANNER
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. Splunk Enterprise versions 9.4 and earlier are not affected. If you cannot immediately upgrade to a fixed version, you can mitigate this vulnerability by disabling the PostgreSQL sidecar service.
1 stars
CVSS 9.8
CVE-2026-50751 NOMISEC CRITICAL WORKING POC
Check Point Quantum/Spark Gateways - Unauthenticated VPN Authentication Bypass
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.
1 stars
CVSS 9.3
CVE-2025-71260 GITHUB HIGH python WORKING POC
BMC FootPrints ITSM 20.20.02-20.24.01.001 - VIEWSTATE Deserialization Code Execution
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply crafted serialized objects to the VIEWSTATE parameter to achieve remote code execution and fully compromise the application. The following hotfixes remediate the vulnerability: 20.20.02, 20.20.03.002, 20.21.01.001, 20.21.02.002, 20.22.01, 20.22.01.001, 20.23.01, 20.23.01.002, and 20.24.01.
1 stars
CVSS 8.8
CVE-2026-10520 NOMISEC CRITICAL WORKING POC
Ivanti Sentry - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution
CVSS 10.0
CVE-2026-41940 GITHUB CRITICAL python WORKING POC
cPanel and WHM Authentication Bypass via Login Flow
cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
CVSS 9.8
CVE-2026-2699 NOMISEC CRITICAL SCANNER
EAR vulnerability in Progress ShareFile Storage Zones Controller (SZC)
Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.
CVSS 9.8
CVE-2026-32746 NOMISEC CRITICAL SCANNER
GNU inetutils through 2.7 - Buffer Overflow
telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.
CVSS 9.8
CVE-2026-21902 NOMISEC CRITICAL WORKING POC
Juniper Junos OS Evolved 25.4-25.4R1-S1-EVO, 25.4R2-EVO - Remote Code Execution via Anomaly Detection
An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to execute code as root. The On-Box Anomaly detection framework should only be reachable by other internal processes over the internal routing instance, but not over an externally exposed port. With the ability to access and manipulate the service to execute code as root a remote attacker can take complete control of the device. Please note that this service is enabled by default as no specific configuration is required. This issue affects Junos OS Evolved on PTX Series: * 25.4 versions before 25.4R1-S1-EVO, 25.4R2-EVO. This issue does not affect Junos OS Evolved versions before 25.4R1-EVO. This issue does not affect Junos OS.
CVSS 9.8
CVE-2025-40552 NOMISEC CRITICAL WORKING POC
SolarWinds Web Help Desk < 2026.1 - Authentication Bypass
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.
CVSS 9.8
CVE-2025-54309 NOMISEC CRITICAL WORKING POC
CrushFTP 10.0.0-10.8.4 and 11.0.0-11.3.3 - Unauthenticated Remote Admin Access via AS2 Validation Bypass
CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025.
CVSS 9.0