yuriisanin - Security Researcher - Exploit Intelligence Platform

CVE-2022-45025 NOMISEC CRITICAL WORKING POC

Markdown Preview Enhanced - OS Command Injection via PDF File Import

Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom was discovered to contain a command injection vulnerability via the PDF file import function.

90 stars

CVSS 9.8

View Code

CVE-2022-24342 NOMISEC HIGH WORKING POC

JetBrains TeamCity <2021.2.1 - CSRF

In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible.

36 stars

CVSS 8.8

View Code

CVE-2022-25262 NOMISEC CRITICAL WORKING POC

JetBrains Hub < 2022.1.14434 - SAML Request Takeover via Insufficient Verification of Data Authenticity

In JetBrains Hub before 2022.1.14434, SAML request takeover was possible.

16 stars

CVSS 9.8

View Code

CVE-2022-45771 NOMISEC HIGH WORKING POC

pwndoc v0.5.3 - Unauthenticated Arbitrary Code Execution via Crafted Audit File Upload

An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file.

6 stars

CVSS 8.8

View Code

CVE-2022-25260 NOMISEC CRITICAL WORKING POC

JetBrains Hub < 2021.1.14276 - Server-Side Request Forgery

JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF).

4 stars

CVSS 9.1

View Code