Nomisec Exploits

22,534 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-24186 NOMISEC CRITICAL
wpDiscuz 7.0-7.0.4 - Unauthenticated Remote Code Execution via File Upload
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.
by sec-dojo-com
CVSS 10.0
CVE-2025-63419 NOMISEC MEDIUM
CrushFTP < 11.3.7_60 - Cross-Site Scripting via File Share Email Body
Cross Site Scripting (XSS) vulnerability in CrushFTP 11.3.6_48. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection.
by MMAKINGDOM
2 stars
CVSS 6.1
CVE-2024-20666 NOMISEC MEDIUM
Windows 10 1507-22H2 and Windows 11 21H2-23H2 - BitLocker Security Feature Bypass
BitLocker Security Feature Bypass Vulnerability
by tazxtazxedu
1 stars
CVSS 6.6
CVE-2025-53770 NOMISEC CRITICAL
Microsoft SharePoint Server - Code Injection
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.
by soltanali0
311 stars
CVSS 9.8
CVE-2023-26360 NOMISEC HIGH
Adobe ColdFusion <2018 Update 15, 2021 Update 5 - RCE
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
by RyanRodrigues880
CVSS 8.6
CVE-2025-59390 NOMISEC CRITICAL
Apache Druid <= 34.0.0 - Weak Cookie Signature Secret via ThreadLocalRandom
Apache Druid’s Kerberos authenticator uses a weak fallback secret when the `druid.auth.authenticator.kerberos.cookieSignatureSecret` configuration is not explicitly set. In this case, the secret is generated using `ThreadLocalRandom`, which is not a crypto-graphically secure random number generator. This may allow an attacker to predict or brute force the secret used to sign authentication cookies, potentially enabling token forgery or authentication bypass. Additionally, each process generates its own fallback secret, resulting in inconsistent secrets across nodes. This causes authentication failures in distributed or multi-broker deployments, effectively leading to a incorrectly configured clusters. Users are advised to configure a strong `druid.auth.authenticator.kerberos.cookieSignatureSecret` This issue affects Apache Druid: through 34.0.0. Users are recommended to upgrade to version 35.0.0, which fixes the issue making it mandatory to set `druid.auth.authenticator.kerberos.cookieSignatureSecret` when using the Kerberos authenticator. Services will fail to come up if the secret is not set.
by Daeda1usUK
1 stars
CVSS 9.8
CVE-2025-66022 NOMISEC CRITICAL
OWASP Faction < 1.7.1 - Unauthenticated Remote Code Execution via Malicious Extension Upload
FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to version 1.7.1, an extension execution path in Faction’s extension framework permits untrusted extension code to execute arbitrary system commands on the server when a lifecycle hook is invoked, resulting in remote code execution (RCE) on the host running Faction. Due to a missing authentication check on the /portal/AppStoreDashboard endpoint, an attacker can access the extension management UI and upload a malicious extension without any authentication, making this vulnerability exploitable by unauthenticated users. This issue has been patched in version 1.7.1.
by wasfyelbaz
CVSS 9.6
CVE-2025-65881 NOMISEC MEDIUM
Sourcecodester Zoo Management System v1.0 - XSS
Sourcecodester Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /classes/Login.php.
by MMAKINGDOM
CVSS 6.1
CVE-2024-49138 NOMISEC HIGH
Windows Common Log File System Driver - Elevation of Privilege via Heap-based Buffer Overflow
Windows Common Log File System Driver Elevation of Privilege Vulnerability
by Bridg3Ops
CVSS 7.8
CVE-2024-25600 NOMISEC CRITICAL
Unauthenticated Remote Code Execution - Bricks <= 1.9.6
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.
by ranjithxploit
CVSS 10.0
CVE-2025-39401 NOMISEC CRITICAL
Mojoomla WPAMS <44.0 - Code Injection
Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS apartment-management allows Upload a Web Shell to a Web Server.This issue affects WPAMS: from n/a through <= 44.0 (17-08-2023).
by Nxploited
4 stars
CVSS 10.0
CVE-2017-7921 NOMISEC CRITICAL
Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530 - Improper Authentication
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.
by 0xf3d0rq
1 stars
CVSS 9.8
CVE-2021-43798 NOMISEC HIGH
Grafana Plugin Path Traversal
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.
by 0xf3d0rq
CVSS 7.5
CVE-2022-42889 NOMISEC CRITICAL
Apache Commons Text 1.5-1.9 - Remote Code Execution via String Interpolation
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.
by ReachabilityOrg
CVSS 9.8
CVE-2021-43008 NOMISEC HIGH
Adminer 1.12.0-4.6.2 - Arbitrary File Read via Remote MySQL Database Connection
Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.
by Bamolitho
CVSS 7.5
CVE-2024-3661 NOMISEC HIGH
FortiClient 6.4.0-7.2.4 - Unauthenticated VPN Traffic Leak via DHCP Classless Static Route Option
DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.
by YardenFadida
CVSS 7.6
CVE-2023-42793 NOMISEC CRITICAL
JetBrains TeamCity < 2023.05.4 - Unauthenticated Remote Code Execution
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
by cxdxnt
CVSS 9.8
CVE-2025-12735 NOMISEC CRITICAL
expr-eval - Crafted Context Object Code Execution
The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluate() function and trigger arbitrary code execution.
by alecasg555
2 stars
CVSS 9.8
CVE-2025-50433 NOMISEC CRITICAL
imonnit - Account Takeover via Weak Password Recovery Mechanism
An issue was discovered in imonnit.com (2025-04-24) allowing malicious actors to gain escalated privileges via crafted password reset to take over arbitrary user accounts.
by 0xMandor
CVSS 9.8
CVE-2025-32463 NOMISEC CRITICAL
Sudo <1.9.17p1 - Privilege Escalation
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
by justjoeyking
CVSS 9.3
CVE-2025-57833 NOMISEC HIGH
Django 4.2-4.2.23, 5.1-5.1.11, 5.2-5.2.5 - SQL Injection via FilteredRelation Column Aliases
An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias().
by Gayang2902
2 stars
CVSS 7.1
CVE-2025-63419 NOMISEC MEDIUM
CrushFTP < 11.3.7_60 - Cross-Site Scripting via File Share Email Body
Cross Site Scripting (XSS) vulnerability in CrushFTP 11.3.6_48. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection.
by hossainshadat
CVSS 6.1
CVE-2025-63420 NOMISEC MEDIUM
CrushFTP 11.0.1-11.3.7_57 - Stored Cross-Site Scripting in Admin Panel Reports
CrushFTP11 before 11.3.7_57 is vulnerable to stored HTML injection in the CrushFTP Admin Panel (Reports / "Who Created Folder"), enabling persistent HTML execution in admin sessions.
by hossainshadat
CVSS 4.1
CVE-2025-57310 NOMISEC HIGH
simple_faucet_script v1.07 - Cross-Site Request Forgery via Admin Ads Endpoint
A Cross-Site Request Forgery (CSRF) vulnerability in Salmen2/Simple-Faucet-Script v1.07 via crafted POST request to admin.php?p=ads&c=1 allowing attackers to execute arbitrary code.
by hossainshadat
CVSS 8.8
CVE-2025-65320 NOMISEC HIGH
Abacre Restaurant Point of Sale < 15.0.0.1656 - Cleartext Storage of Sensitive Information in Memory
Abacre Restaurant Point of Sale (POS) up to 15.0.0.1656 are vulnerable to Cleartext Storage of Sensitive Information in Memory. The application leaves valid device-bound license keys in process memory during an activation attempt.
by Smarttfoxx
CVSS 7.5