Nomisec Exploits

22,534 exploits tracked across all sources.

Sort: Activity Stars
CVE-2025-6389 NOMISEC CRITICAL
Sneeit Framework <= 8.3 - Unauthenticated Remote Code Execution via sneeit_articles_pagination_callback
The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.3 via the sneeit_articles_pagination_callback() function. This is due to the function accepting user input and then passing that through call_user_func(). This makes it possible for unauthenticated attackers to execute code on the server which can be leveraged to inject backdoors or, for example, create new administrative user accounts.
by moritakaaz
CVSS 9.8
CVE-2025-6389 NOMISEC CRITICAL
Sneeit Framework <= 8.3 - Unauthenticated Remote Code Execution via sneeit_articles_pagination_callback
The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.3 via the sneeit_articles_pagination_callback() function. This is due to the function accepting user input and then passing that through call_user_func(). This makes it possible for unauthenticated attackers to execute code on the server which can be leveraged to inject backdoors or, for example, create new administrative user accounts.
by ayanamifu
CVSS 9.8
CVE-2025-6389 NOMISEC CRITICAL
Sneeit Framework <= 8.3 - Unauthenticated Remote Code Execution via sneeit_articles_pagination_callback
The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.3 via the sneeit_articles_pagination_callback() function. This is due to the function accepting user input and then passing that through call_user_func(). This makes it possible for unauthenticated attackers to execute code on the server which can be leveraged to inject backdoors or, for example, create new administrative user accounts.
by shac1x
CVSS 9.8
CVE-2025-6389 NOMISEC CRITICAL
Sneeit Framework <= 8.3 - Unauthenticated Remote Code Execution via sneeit_articles_pagination_callback
The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.3 via the sneeit_articles_pagination_callback() function. This is due to the function accepting user input and then passing that through call_user_func(). This makes it possible for unauthenticated attackers to execute code on the server which can be leveraged to inject backdoors or, for example, create new administrative user accounts.
by aritlhq
CVSS 9.8
CVE-2025-6554 NOMISEC HIGH
Google Chrome < 138.0.7204.96 - Type Confusion in V8
Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
by aklnjakln
30 stars
CVSS 8.1
CVE-2024-29943 NOMISEC CRITICAL
Firefox < 124.0.1 - Memory Corruption
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1.
by seadragnol
2 stars
CVSS 9.8
CVE-2025-32434 NOMISEC CRITICAL
PyTorch < 2.6.0 - Remote Code Execution via torch.load with weights_only=True
PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.
by cyhe50
CVSS 9.8
CVE-2022-24992 NOMISEC HIGH
qr_code_generator < 5.2.7 - Path Traversal via process.php
A vulnerability in the component process.php of QR Code Generator v5.2.7 allows attackers to perform directory traversal.
by esistferry
CVSS 7.5
CVE-2025-2598 NOMISEC MEDIUM
AWS Cloud Development Kit 2.172.0-2.178.2 - Exposure of Sensitive System Information via Credential Plugin
When the AWS Cloud Development Kit (AWS CDK) Command Line Interface (AWS CDK CLI) is used with a credential plugin which returns an expiration property with the retrieved AWS credentials, the credentials are printed to the console output. To mitigate this issue, users should upgrade to version 2.178.2 or later and ensure any forked or derivative code is patched to incorporate the new fixes.
by SallyXVIII
CVSS 5.5
CVE-2025-24054 NOMISEC MEDIUM
Windows 10 1507-22H2 and Windows 11 22H2 - Unauthenticated Spoofing via NTLM File Path Control
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
by Untouchable17
2 stars
CVSS 6.5
CVE-2025-65670 NOMISEC MEDIUM
classroomio <0.1.13 - Info Disclosure
An Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before the system reverts to a normal state restricting access.
by Rivek619
CVSS 4.3
CVE-2025-65669 NOMISEC CRITICAL
classroomio 0.1.13 - Unauthenticated Course Deletion via Explore Page
An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from the Explore page without any authorization or authentication checks, bypassing the expected admin-only deletion restriction.
by Rivek619
CVSS 9.1
CVE-2025-54381 NOMISEC CRITICAL
BentoML 1.4.0-1.4.19 - Unauthenticated Server-Side Request Forgery via URL-Based File Upload
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.0 until 1.4.19, the file upload processing system contains an SSRF vulnerability that allows unauthenticated remote attackers to force the server to make arbitrary HTTP requests. The vulnerability stems from the multipart form data and JSON request handlers, which automatically download files from user-provided URLs without validating whether those URLs point to internal network addresses, cloud metadata endpoints, or other restricted resources. The documentation explicitly promotes this URL-based file upload feature, making it an intended design that exposes all deployed services to SSRF attacks by default. Version 1.4.19 contains a patch for the issue.
by IS8123
CVSS 9.9
CVE-2025-65681 NOMISEC LOW
Overhang.IO <20.0.2 - Info Disclosure
An issue was discovered in Overhang.IO (tutor-open-edx) (overhangio/tutor) 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks.
by Rivek619
CVSS 3.3
CVE-2019-8451 NOMISEC MEDIUM
Jira Server 7.6.0-8.3.9 - Server-Side Request Forgery via Gadgets MakeRequest Endpoint
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.
by b0ul1
CVSS 6.5
CVE-2025-65676 NOMISEC MEDIUM
Classroomio 0.1.13 - Authenticated Stored Cross-Site Scripting via SVG Cover Image
Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images.
by Rivek619
CVSS 5.4
CVE-2025-65675 NOMISEC MEDIUM
Classroomio 0.1.13 - Authenticated Stored Cross-Site Scripting via SVG Profile Picture
Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG profile pictures.
by Rivek619
CVSS 5.4
CVE-2025-65672 NOMISEC HIGH
classroomio <0.1.13 - Info Disclosure
Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows unauthorized share and invite access to course settings.
by Rivek619
CVSS 7.5
CVE-2024-12084 NOMISEC CRITICAL
rsync - Heap-based Buffer Overflow via Checksum Length Handling
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.
by InkeyP
1 stars
CVSS 9.8
CVE-2025-47827 NOMISEC MEDIUM
IGEL OS < 11 - Secure Boot Bypass via Improper Cryptographic Signature Verification
In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.
by Zedeldi
2 stars
CVSS 4.6
CVE-2023-36845 NOMISEC CRITICAL
Juniper Junos OS Multiple Versions - Unauthenticated Remote Code Execution via PHPRC
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code. This issue affects Juniper Networks Junos OS on EX Series and SRX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.
by kopfjager007
CVSS 9.8
CVE-2022-30190 NOMISEC HIGH
Microsoft Office Word MSDTJS
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights. Please see the MSRC Blog Entry for important information about steps you can take to protect your system from this vulnerability.
by winstxnhdw
2 stars
CVSS 7.8
CVE-2018-6389 NOMISEC HIGH
WordPress < 4.9.2 - Unauthenticated Denial of Service via Repeated JavaScript File Loading
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.
by omidsec
6 stars
CVSS 7.5
CVE-2025-65482 NOMISEC CRITICAL
opensagres XDocReport 0.9.2-2.0.3 - XML External Entity Injection via Crafted .docx File
An XML External Entity (XXE) vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file.
by AT190510-Cuong
1 stars
CVSS 9.8
CVE-2025-63735 NOMISEC MEDIUM
Ruckus Unleashed 200.13.6.1.319 - XSS
A reflected Cross site scripting (XSS) vulnerability in Ruckus Unleashed 200.13.6.1.319 via the name parameter to the the captive-portal endpoint selfguestpass/guestAccessSubmit.jsp.
by huthx
1 stars
CVSS 6.1