Nomisec Exploits

22,459 exploits tracked across all sources.

Sort: Activity Stars
CVE-2026-21509 NOMISEC HIGH
Microsoft 365 Apps and Office - Security Feature Bypass via Untrusted Input
Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.
by suuhm
CVSS 7.8
CVE-2017-9841 NOMISEC CRITICAL
PHPUnit < 4.8.28 and 5.x < 5.6.3 - Remote Code Execution via HTTP POST Data
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
by MR-LeonardoGomes
CVSS 9.8
CVE-2021-23337 NOMISEC HIGH
Lodash <4.17.21 - Command Injection
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
by khayashi4337
CVSS 7.2
CVE-2015-1925 NOMISEC
IBM Tivoli Storage Manager FastBack < 6.1.12 - Stack-based Buffer Overflow
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1953, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, CVE-2015-1964, and CVE-2015-1965.
by damariion
CVE-2025-68860 NOMISEC CRITICAL
Mobile builder <1.4.2 - Auth Bypass
Authentication Bypass Using an Alternate Path or Channel vulnerability in Mobile Builder Mobile builder mobile-builder allows Authentication Abuse.This issue affects Mobile builder: from n/a through <= 1.4.2.
by DedsecTeam-BlackHat
CVSS 9.8
CVE-2022-21661 NOMISEC HIGH
WordPress 3.7-3.7.36 - SQL Injection via WP_Query
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.
by 7rootsec
CVSS 8.0
CVE-2025-1716 NOMISEC CRITICAL
picklescan <0.0.21 - Code Injection
picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package (hosted, for example, on pypi.org or GitHub) via `pip.main()`. Because pip is not a restricted global, the model, when scanned with picklescan, would pass security checks and appear to be safe, when it could instead prove to be problematic.
by danigil
CVSS 9.8
CVE-2017-14980 NOMISEC CRITICAL
Flexense Syncbreeze - Memory Corruption
Buffer overflow in Sync Breeze Enterprise 10.0.28 allows remote attackers to have unspecified impact via a long username parameter to /login.
by damariion
CVSS 9.8
CVE-2018-6537 NOMISEC CRITICAL
Flexense SyncBreeze Enterprise 10.4.18 - Remote Code Execution via Control Protocol Buffer Overflow
A buffer overflow vulnerability in the control protocol of Flexense SyncBreeze Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9121.
by damariion
CVSS 9.8
CVE-2026-27579 NOMISEC HIGH
karnop realtime-collaboration-platform - Origin Validation Error in CORS Configuration
CollabPlatform is a full-stack, real-time doc collaboration platform. In all versions of CollabPlatform, the Appwrite project used by the application is misconfigured to allow arbitrary origins in CORS responses while also permitting credentialed requests. An attacker-controlled domain can issue authenticated cross-origin requests and read sensitive user account information, including email address, account identifiers, and MFA status. The issue did not have a fix at the time of publication.
by AdityaBhatt3010
1 stars
CVSS 7.4
CVE-2026-23842 NOMISEC HIGH
ChatterBot < 1.2.11 - Denial of Service via SQLAlchemy Connection Pool Exhaustion
ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the get_response() method can exhaust the underlying SQLAlchemy connection pool, resulting in persistent service unavailability and requiring a manual restart to recover. Version 1.2.11 fixes the issue.
by AdityaBhatt3010
1 stars
CVSS 7.5
CVE-2025-66678 NOMISEC CRITICAL
Nil Hardware Editor <1.25.11.26 - Memory Corruption
An issue in the HwRwDrv.sys component of Nil Hardware Editor Hardware Read & Write Utility v1.25.11.26 and earlier allows attackers to execute arbitrary read and write operations via a crafted request.
by cwjchoi01
1 stars
CVSS 9.8
CVE-2024-3721 NOMISEC MEDIUM
TBK DVR-4104/4216 <20240412 - Command Injection
A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260573 was assigned to this vulnerability.
by bytecategory
1 stars
CVSS 6.3
CVE-2021-4034 NOMISEC HIGH
Local Privilege Escalation in polkits pkexec
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
by Abbykito
CVSS 7.8
CVE-2024-25096 NOMISEC CRITICAL
Canto < 3.0.7 - Unauthenticated Remote Code Execution
Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc. Canto allows Code Injection.This issue affects Canto: from n/a through 3.0.7.
by puppetma4ster
CVSS 10.0
CVE-2025-15030 NOMISEC CRITICAL
User Profile Builder <3.15.2 - Info Disclosure
The User Profile Builder WordPress plugin before 3.15.2 does not have a proper password reset process, allowing a few unauthenticated requests to reset the password of any user by knowing their username, such as administrator ones, and therefore gain access to their account
by BastianXploited
CVSS 9.8
CVE-2025-15030 NOMISEC CRITICAL
User Profile Builder <3.15.2 - Info Disclosure
The User Profile Builder WordPress plugin before 3.15.2 does not have a proper password reset process, allowing a few unauthenticated requests to reset the password of any user by knowing their username, such as administrator ones, and therefore gain access to their account
by bastianhaxor1337
CVSS 9.8
CVE-2025-15030 NOMISEC CRITICAL
User Profile Builder <3.15.2 - Info Disclosure
The User Profile Builder WordPress plugin before 3.15.2 does not have a proper password reset process, allowing a few unauthenticated requests to reset the password of any user by knowing their username, such as administrator ones, and therefore gain access to their account
by haxorsecv1-netizen
CVSS 9.8
CVE-2025-60787 NOMISEC HIGH
MotionEye <= 0.43.1b4 - Authenticated Configuration Command Injection
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted.
by GarethMSheldon
CVSS 7.2
CVE-2011-2523 NOMISEC CRITICAL
vsftpd 2.3.4 - Backdoor Command Execution
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
by yagnikkrish
CVSS 9.8
CVE-2025-55182 NOMISEC CRITICAL
React Server Components <19.2.0 - RCE
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
by InferiorAK
CVSS 10.0
CVE-2025-50286 NOMISEC HIGH
Grav CMS 1.7.48 - Authenticated Remote Code Execution via Plugin Upload
A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary PHP code execution and reverse shell access.
by x1o3
CVSS 8.1
CVE-2024-21626 NOMISEC HIGH
runc (docker) File Descriptor Leak Privilege Escalation
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.
by Strikoder-Premium
1 stars
CVSS 8.6
CVE-2024-21626 NOMISEC HIGH
runc (docker) File Descriptor Leak Privilege Escalation
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.
by STK-Security
1 stars
CVSS 8.6
CVE-2024-21626 NOMISEC HIGH
runc (docker) File Descriptor Leak Privilege Escalation
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.
by strikoder
CVSS 8.6
By Source
All 22,459 Writeup 62,491 Exploitdb 50,076 Nomisec 22,459 Github 3,677 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,598 ruby 6,006 c 3,631 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 133 go 73 postscript 25 typescript 25