yt2w

7 exploits Active since Aug 2025
CVE-2025-52691 NOMISEC CRITICAL WORKING POC
Smartertools Smartermail < 100.0.9413 - Unrestricted File Upload
Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.
4 stars
CVSS 10.0
CVE-2025-9961 NOMISEC HIGH WORKING POC
AX10/AX1500 <1.2.1/<1.3.11 - RCE
An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500.  The exploit can only be conducted via a Man-In-The-Middle (MITM) attack.  This issue affects AX10 V1/V1.2/V2/V2.6/V3/V3.6: before 1.2.1; AX1500 V1/V1.20/V1.26/V1.60/V1.80/V2.60/V3.6: before 1.3.11.
3 stars
CVE-2025-52691 NOMISEC CRITICAL WORKING POC
Smartertools Smartermail < 100.0.9413 - Unrestricted File Upload
Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.
3 stars
CVSS 10.0
CVE-2025-68615 NOMISEC CRITICAL WORKING POC
net-snmp <5.9.5-5.10.pre2 - Buffer Overflow
net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to crash. This issue has been patched in versions 5.9.5 and 5.10.pre2.
CVSS 9.8
CVE-2025-52692 NOMISEC HIGH WORKING POC
Linksys E9450-sg Firmware - Missing Authentication
Successful exploitation of the vulnerability could allow an attacker with local network access to send a specially crafted URL to access certain administration functions without login credentials.
CVSS 8.8
CVE-2025-57105 NOMISEC CRITICAL WORKING POC
Dlink Di-7400g+ Firmware - Command Injection
The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub_478D28 function in in mng_platform.asp, and sub_4A12DC function in wayos_ac_server.asp of the jhttpd program, with the parameter ac_mng_srv_host.
CVSS 9.8
CVE-2025-15177 NOMISEC HIGH WORKING POC
Tenda Wh450 Firmware - Memory Corruption
A vulnerability has been found in Tenda WH450 1.0.0.18. This vulnerability affects unknown code of the file /goform/SetIpBind of the component HTTP Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 7.2