Nomisec Exploits

22,473 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-1000531 NOMISEC HIGH
prime-jwt < 1.3.0 - JWT Signature Validation Bypass via 'none' Algorithm
inversoft prime-jwt version prior to commit abb0d479389a2509f939452a6767dc424bb5e6ba contains a CWE-20 vulnerability in JWTDecoder.decode that can result in an incorrect signature validation of a JWT token. This attack can be exploitable when an attacker crafts a JWT token with a valid header using 'none' as algorithm and a body to requests it be validated. This vulnerability was fixed after commit abb0d479389a2509f939452a6767dc424bb5e6ba.
by andikahilmy
CVSS 7.5
CVE-2021-35515 NOMISEC HIGH
Apache Commons Compress 1.6-1.19 - Denial of Service via Crafted 7Z Archive
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
by dawetmaster
CVSS 7.5
CVE-2021-35515 NOMISEC HIGH
Apache Commons Compress 1.6-1.19 - Denial of Service via Crafted 7Z Archive
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
by andikahilmy
CVSS 7.5
CVE-2025-64516 NOMISEC HIGH
GLPI 10.0.0-10.0.20 - Unauthenticated Document Access via Public FAQ
GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item (ticket, asset, ...). If the public FAQ is enabled, this unauthorized access can be performed by an anonymous user. This vulnerability is fixed in 10.0.21 and 11.0.3.
by ArdNoir
1 stars
CVSS 7.5
CVE-2020-36181 NOMISEC HIGH
Netapp Service Level Manager < 21.1.2 - Insecure Deserialization
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.
by dawetmaster
CVSS 8.1
CVE-2020-36181 NOMISEC HIGH
Netapp Service Level Manager < 21.1.2 - Insecure Deserialization
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.
by andikahilmy
CVSS 8.1
CVE-2015-2912 NOMISEC HIGH
OrientDB Server Community Edition <2.0.15 & <2.1.x - CSRF
The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted HTTP request.
by dawetmaster
CVSS 8.8
CVE-2015-2912 NOMISEC HIGH
OrientDB Server Community Edition <2.0.15 & <2.1.x - CSRF
The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted HTTP request.
by andikahilmy
CVSS 8.8
CVE-2020-10968 NOMISEC HIGH
FasterXML Jackson-Databind <2.9.10.4 - Code Injection
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
by dawetmaster
CVSS 8.8
CVE-2020-10968 NOMISEC HIGH
FasterXML Jackson-Databind <2.9.10.4 - Code Injection
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
by andikahilmy
CVSS 8.8
CVE-2016-7051 NOMISEC HIGH
jackson-dataformat-xml < 2.7.8 - Server-Side Request Forgery via DTD Processing
XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.
by dawetmaster
CVSS 8.6
CVE-2016-7051 NOMISEC HIGH
jackson-dataformat-xml < 2.7.8 - Server-Side Request Forgery via DTD Processing
XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.
by andikahilmy
CVSS 8.6
CVE-2020-14061 NOMISEC HIGH
jackson-databind 2.9.0-2.9.10.4 - Deserialization of Untrusted Data via Oracle AQjms Gadgets
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).
by dawetmaster
CVSS 8.1
CVE-2020-14061 NOMISEC HIGH
jackson-databind 2.9.0-2.9.10.4 - Deserialization of Untrusted Data via Oracle AQjms Gadgets
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).
by andikahilmy
CVSS 8.1
CVE-2016-1000031 NOMISEC CRITICAL
Apache Commons FileUpload <1.3.3 - RCE
Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution
by dawetmaster
CVSS 9.8
CVE-2016-1000031 NOMISEC CRITICAL
Apache Commons FileUpload <1.3.3 - RCE
Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution
by andikahilmy
CVSS 9.8
CVE-2021-36090 NOMISEC HIGH
Apache Commons Compress 1.0-1.20 - Denial of Service via Malicious ZIP Archive
When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.
by dawetmaster
CVSS 7.5
CVE-2021-36090 NOMISEC HIGH
Apache Commons Compress 1.0-1.20 - Denial of Service via Malicious ZIP Archive
When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.
by andikahilmy
CVSS 7.5
CVE-2019-14379 NOMISEC CRITICAL
jackson-databind < 2.9.9.2 - Remote Code Execution via Default Typing with Ehcache
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
by dawetmaster
CVSS 9.8
CVE-2019-14379 NOMISEC CRITICAL
jackson-databind < 2.9.9.2 - Remote Code Execution via Default Typing with Ehcache
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
by andikahilmy
CVSS 9.8
CVE-2020-25649 NOMISEC HIGH
jackson-databind 2.6.0-2.6.7.3 - XML External Entity Injection
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
by dawetmaster
CVSS 7.5
CVE-2020-25649 NOMISEC HIGH
jackson-databind 2.6.0-2.6.7.3 - XML External Entity Injection
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
by andikahilmy
CVSS 7.5
CVE-2017-12165 NOMISEC LOW
Undertow <1.4.17, <1.3.31, <2.0.0 - HTTP Request Smuggling
It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.
by dawetmaster
CVSS 2.6
CVE-2017-12165 NOMISEC LOW
Undertow <1.4.17, <1.3.31, <2.0.0 - HTTP Request Smuggling
It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.
by andikahilmy
CVSS 2.6
CVE-2019-12814 NOMISEC MEDIUM
jackson-databind 2.0.0-2.9.9 - Unauthenticated Arbitrary File Read via JDOM Polymorphic Typing
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.
by dawetmaster
CVSS 5.9
By Source
All 22,473 Writeup 62,509 Exploitdb 50,076 Nomisec 22,473 Github 3,698 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 480 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,607 ruby 6,006 c 3,632 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 135 go 73 postscript 25 typescript 25