zhuowei

10 exploits Active since Dec 2018
CVE-2022-46689 NOMISEC HIGH WORKING POC
macOS Dirty Cow Arbitrary File Write Local Privilege Escalation
A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.
411 stars
CVSS 7.0
CVE-2025-21479 NOMISEC HIGH WORKING POC
Qualcomm AQT1000 and FastConnect Firmware - Memory Corruption via Unauthorized GPU Micronode Command Execution
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
200 stars
CVSS 8.6
CVE-2025-31200 NOMISEC CRITICAL WORKING POC
Apple macOS < 15.4.1 - Memory Corruption via Malicious Audio Stream
A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1, watchOS 11.5. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS released before iOS 18.4.1.
117 stars
CVSS 9.8
CVE-2022-26766 NOMISEC MEDIUM WORKING POC
tvOS <15.5-iOS <15.5- iPadOS <15.5 - Signature Validation Bypass
A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation.
88 stars
CVSS 5.5
CVE-2025-48593 NOMISEC HIGH WORKING POC
Android - Remote Code Execution via Use-After-Free in bta_hf_client_cb_init
In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
49 stars
CVSS 8.0
CVE-2022-26763 NOMISEC HIGH WORKING POC
iPadOS < 15.5 - Out-of-Bounds Access
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious application may be able to execute arbitrary code with system privileges.
37 stars
CVSS 7.8
CVE-2025-27363 NOMISEC HIGH WORKING POC
FreeType < 2.13.0 - Out-of-bounds Write in TrueType GX Subglyph Parsing
An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.
36 stars
CVSS 8.1
CVE-2022-46689 NOMISEC HIGH WORKING POC
macOS Dirty Cow Arbitrary File Write Local Privilege Escalation
A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.
CVSS 7.0
CVE-2018-20346 WRITEUP HIGH WORKING POC
SQLite < 3.25.3 - Remote Code Execution via FTS3 Shadow Table Integer Overflow
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
CVSS 8.1
EIP-2026-103489 EXPLOITDB html WORKING POC
Google Chrome 70 - SQLite Magellan Crash (PoC)