Nomisec Exploits

22,534 exploits tracked across all sources.

Sort: Activity Stars
CVE-2024-51378 NOMISEC CRITICAL
CyberPanel < 2.3.8 - Unauthenticated OS Command Injection via DNS/FTP getresetstatus Endpoint
getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.
by rimbadirgantara
CVSS 10.0
CVE-2025-62507 NOMISEC HIGH
Redis 8.2.0-8.2.2 - Stack-based Buffer Overflow via XACKDEL Command
Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution. This issue is fixed in version 8.2.3. To workaround this issue without patching the redis-server executable is to prevent users from executing XACKDEL operation. This can be done using ACL to restrict XACKDEL command.
by Network-Sec
2 stars
CVSS 8.8
CVE-2023-46604 NOMISEC CRITICAL
Java OpenWire - Deserialization RCE
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
by pavanaa4k
CVSS 10.0
CVE-2025-34227 NOMISEC HIGH
Nagios XI < 2026R1 - Authenticated OS Command Injection via Database Wizard Arguments
Nagios XI < 2026R1 is vulnerable to an authenticated command injection vulnerability within the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query wizards. It is possible to inject shell characters into arguments provided to the service and execute arbitrary system commands on the underlying host as the `nagios` user.
by mcorybillington
CVSS 8.8
CVE-2025-64446 NOMISEC CRITICAL
Fortinet FortiWeb unauthenticated RCE
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
by soltanali0
14 stars
CVSS 9.8
CVE-2025-49844 NOMISEC CRITICAL
Redis < 6.2.20, 8.2.1-8.2.2 - Authenticated Use-After-Free via Lua Script Garbage Collector Manipulation
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.
by zbyszkok
CVSS 9.9
CVE-2025-49844 NOMISEC CRITICAL
Redis < 6.2.20, 8.2.1-8.2.2 - Authenticated Use-After-Free via Lua Script Garbage Collector Manipulation
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.
by Network-Sec
CVSS 9.9
CVE-2025-7771 NOMISEC HIGH
ThrottleStop.sys - Privilege Escalation
ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exploited by a malicious user-mode application to patch the running Windows kernel and invoke arbitrary kernel functions with ring-0 privileges. The vulnerability enables local attackers to execute arbitrary code in kernel context, resulting in privilege escalation and potential follow-on attacks, such as disabling security software or bypassing kernel-level protections. ThrottleStop.sys version 3.0.0.0 and possibly others are affected. Apply updates per vendor instructions.
by Gabriel-Lacorte
9 stars
CVE-2019-9053 NOMISEC HIGH
CMS Made Simple 2.2.8 - Unauthenticated Blind SQL Injection via News Module m1_idlist Parameter
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
by JagdeepSinghCeh
1 stars
CVSS 8.1
CVE-2025-64328 NOMISEC HIGH
FreePBX 17.0.2.36-17.0.3 - Authenticated OS Command Injection via SSH Connection Test
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated known user via the testconnection -> check_ssh_connect() function. An attacker can leverage this vulnerability to obtain remote access to the system as an asterisk user. This issue is fixed in version 17.0.3.
by mcorybillington
CVSS 7.2
CVE-2025-12101 NOMISEC MEDIUM
NetScaler ADC/NetScaler Gateway - XSS
Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
by boneys
CVE-2024-0670 NOMISEC HIGH
Checkmk <2.2.0p23-2.0.0 - Privilege Escalation
Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges
by zhulin837
CVSS 8.8
CVE-2025-33073 NOMISEC HIGH
Windows SMB - Authenticated Privilege Escalation via Improper Access Control
Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
by irjfifndn-prog
CVSS 8.8
CVE-2025-59287 NOMISEC CRITICAL
Windows Server 2012, 2016, 2019, 2022, 2025 - Unauthenticated RCE via Deserialization
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
by Twodimensionalitylevelcrossing817
1 stars
CVSS 9.8
CVE-2025-64446 NOMISEC CRITICAL
Fortinet FortiWeb unauthenticated RCE
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
by sxyrxyy
10 stars
CVSS 9.8
CVE-2025-64446 NOMISEC CRITICAL
Fortinet FortiWeb unauthenticated RCE
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
by fevar54
6 stars
CVSS 9.8
CVE-2025-9316 NOMISEC MEDIUM
N-central <2025.4 - Info Disclosure
N-central < 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4.
by horizon3ai
2 stars
CVE-2025-41088 NOMISEC MEDIUM
Xibo CMS < 4.2.2 - Stored Cross-Site Scripting via Template Text Field
Stored Cross-Site Scripting (XSS) in Xibo Signage's Xibo CMS v4.1.2, due to a lack of proper validation of user input. To exploit the vulnerability, the attacker must create a template in the 'Templates' section, then add a text element in the 'Global Elements' section, and finally modify the 'Text' field in the section with the malicious payload.
by Marinafabregat
5 stars
CVE-2025-33073 NOMISEC HIGH
Windows SMB - Authenticated Privilege Escalation via Improper Access Control
Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
by uziii2208
65 stars
CVSS 8.8
CVE-2022-22965 NOMISEC CRITICAL
Spring Framework - Remote Code Execution via Data Binding
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
by xenosf
CVSS 9.8
CVE-2025-64513 NOMISEC CRITICAL
Milvus < 2.4.24, 2.5.0-2.5.20, 2.6.0-2.6.4 - Unauthenticated Authentication Bypass in Proxy Component
Milvus is an open-source vector database built for generative AI applications. An unauthenticated attacker can exploit a vulnerability in versions prior to 2.4.24, 2.5.21, and 2.6.5 to bypass all authentication mechanisms in the Milvus Proxy component, gaining full administrative access to the Milvus cluster. This grants the attacker the ability to read, modify, or delete data, and to perform privileged administrative operations such as database or collection management. This issue has been fixed in Milvus 2.4.24, 2.5.21, and 2.6.5. If immediate upgrade is not possible, a temporary mitigation can be applied by removing the sourceID header from all incoming requests at the gateway, API gateway, or load balancer level before they reach the Milvus Proxy. This prevents attackers from exploiting the authentication bypass behavior.
by shinyseam
CVE-2025-48932 NOMISEC
Invision Community 4.7.20 - (calendar/view.php) SQL Injection
by XploitGh0st
1 stars
CVE-2025-62215 NOMISEC HIGH
Windows Kernel - Use-After-Free via Race Condition
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.
by dexterm300
26 stars
CVSS 7.0
CVE-2025-63602 NOMISEC HIGH
Awesome Miner <11.2.4 - Local Privilege Escalation
A vulnerability was discovered in Awesome Miner thru 11.2.4 that allows arbitrary read and write to kernel memory and MSRs (such as LSTAR) as an unprivileged user. This is due to the implementation of an insecure version of WinRing0 (1.2.0.5, renamed to IntelliBreeze.Maintenance.Service.sys) that lacks a properly secured DACL, allowing unprivileged users to interact with the driver and, as a result, the kernel. This can result in local privilege escalation, information disclosure, denial of service, and other unspecified impacts.
by D7EAD
3 stars
CVSS 7.3
CVE-2025-7771 NOMISEC HIGH
ThrottleStop.sys - Privilege Escalation
ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exploited by a malicious user-mode application to patch the running Windows kernel and invoke arbitrary kernel functions with ring-0 privileges. The vulnerability enables local attackers to execute arbitrary code in kernel context, resulting in privilege escalation and potential follow-on attacks, such as disabling security software or bypassing kernel-level protections. ThrottleStop.sys version 3.0.0.0 and possibly others are affected. Apply updates per vendor instructions.
by AmrHuss
10 stars