Nomisec Exploits

22,541 exploits tracked across all sources.

Sort: Activity Stars
CVE-2024-5932 NOMISEC CRITICAL
GiveWP <= 3.14.1 - Unauthenticated PHP Object Injection via give_title
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute code remotely, and to delete arbitrary files.
by autom4il
CVSS 10.0
CVE-2024-12641 NOMISEC CRITICAL
TenderDocTransfer 0.41.151-0.41.157 - Unauthenticated Reflected Cross-Site Scripting via API
TenderDocTransfer from Chunghwa Telecom has a Reflected Cross-site scripting vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use specific APIs through phishing to execute arbitrary JavaScript code in the user’s browser. Since the web server set by the application supports Node.Js features, attackers can further leverage this to run OS commands.
by Jimmy01240397
1 stars
CVSS 9.6
CVE-2023-45612 NOMISEC HIGH
JetBrains Ktor < 2.3.5 - XML External Entity Injection via Default ContentNegotiation
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE
by seraphimi
CVSS 8.6
CVE-2018-6574 NOMISEC HIGH
GO < 1.8.6 - Code Injection
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
by YoussefSalama1
CVSS 7.8
CVE-2025-48593 NOMISEC HIGH
Android - Remote Code Execution via Use-After-Free in bta_hf_client_cb_init
In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
by C0D331ng
2 stars
CVSS 8.0
CVE-2025-53964 NOMISEC CRITICAL
GoldenDict <1.5.2 - Info Disclosure
GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading and modifying files when a user adds a crafted dictionary and then searches for any term included in that dictionary.
by tigr78
CVSS 9.6
CVE-2021-27328 NOMISEC MEDIUM
Yeastar NeoGate TG400 <91.3.0.3 - Path Traversal
Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Traversal. An authenticated user can decrypt firmware and can read sensitive information, such as a password or decryption key.
by SQSamir
CVSS 6.5
CVE-2024-51378 NOMISEC CRITICAL
CyberPanel < 2.3.8 - Unauthenticated OS Command Injection via DNS/FTP getresetstatus Endpoint
getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.
by qnole000
CVSS 10.0
CVE-2025-48924 NOMISEC MEDIUM
Apache Commons Lang <3.18.0 - Uncontrolled Recursion
Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. Users are recommended to upgrade to version 3.18.0, which fixes the issue.
by njawalkar
CVSS 5.3
CVE-2010-3863 NOMISEC
Apache Shiro < 1.1.0 and JSecurity 0.9.x - Path Traversal via URI Path Bypass
Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
by sh1inroot-alt
CVE-2014-9219 NOMISEC
phpMyAdmin 4.2.x < 4.2.13.1 - Cross-Site Scripting via URL Parameter
Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
by MohmadHafiz
CVE-2025-29632 NOMISEC MEDIUM
free5gc 4.0.0 - Buffer Overflow via AMF NGAP Handler
Buffer Overflow vulnerability in Free5gc v.4.0.0 allows a remote attacker to cause a denial of service via the AMF, NGAP, security.go, handler_generated.go, handleInitialUEMessageMain, DecodePlainNasNoIntegrityCheck, GetSecurityHeaderType components
by OHnogood
CVSS 5.4
CVE-2023-50164 NOMISEC CRITICAL
Apache Struts 2.0.0-2.5.32 - Path Traversal and Remote Code Execution via File Upload
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
by jakabakos
85 stars
CVSS 9.8
CVE-2022-25175 NOMISEC HIGH
Jenkins Pipeline Multibranch < 706.vd43c65dec013 - Authenticated OS Command Injection via readTrusted Step
Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses the same checkout directories for distinct SCMs for the readTrusted step, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.
by shoucheng3
CVSS 8.8
CVE-2022-27913 NOMISEC MEDIUM
Joomla! 4.2.0-4.2.3 - Reflected Cross-Site Scripting in Various Components
An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components.
by cameron-coding-projects
1 stars
CVSS 6.1
CVE-2015-3306 NOMISEC
ProFTPD 1.3.5 - Unauthenticated Arbitrary File Read and Write via mod_copy Site Commands
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
by cybersensei-EH
1 stars
CVE-2025-55763 NOMISEC HIGH
CivetWeb 1.14-1.16 - Remote Code Execution via URI Parser Buffer Overflow
Buffer Overflow in the URI parser of CivetWeb 1.14 through 1.16 (latest) allows a remote attacker to achieve remote code execution via a crafted HTTP request. This vulnerability is triggered during request processing and may allow an attacker to corrupt heap memory, potentially leading to denial of service or arbitrary code execution.
by krispybyte
3 stars
CVSS 7.5
CVE-2018-6242 NOMISEC MEDIUM
NVIDIA Tegra BootROM RCM - Buffer Overflow via Physical USB Access
Some NVIDIA Tegra mobile processors released prior to 2016 contain a buffer overflow vulnerability in BootROM Recovery Mode (RCM). An attacker with physical access to the device's USB and the ability to force the device to reboot into RCM could exploit the vulnerability to execute unverified code.
by nikameru
1 stars
CVSS 6.8
CVE-2024-56800 NOMISEC HIGH
Firecrawl < 1.1.1 - Server-Side Request Forgery via Malicious Site Redirect
Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. Versions prior to 1.1.1 contain a server-side request forgery (SSRF) vulnerability. The scraping engine could be exploited by crafting a malicious site that redirects to a local IP address. This allowed exfiltration of local network resources through the API. The cloud service was patched on December 27th, 2024, and the maintainers have checked that no user data was exposed by this vulnerability. Scraping engines used in the open sourced version of Firecrawl were patched on December 29th, 2024, except for the playwright services which the maintainers have determined to be un-patchable. All users of open-source software (OSS) Firecrawl should upgrade to v1.1.1. As a workaround, OSS Firecrawl users should supply the playwright services with a secure proxy. A proxy can be specified through the `PROXY_SERVER` env in the environment variables. Please refer to the documentation for instructions. Ensure that the proxy server one is using is setup to block all traffic going to link-local IP addresses.
by cyhe50
CVSS 7.4
CVE-2024-3094 NOMISEC CRITICAL
xz <5.6.0 - Code Injection
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
by Security-Phoenix-demo
2 stars
CVSS 10.0
CVE-2018-9995 NOMISEC CRITICAL
TBK DVR4104 and DVR4216 - Unauthenticated Authentication Bypass via Cookie Header
TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.
by 0xDamian
95 stars
CVSS 9.8
CVE-2021-3560 NOMISEC HIGH
polkit < 0.119 - Unauthenticated Privilege Escalation via D-Bus Request
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
by SeimuPVE
CVSS 7.8
CVE-2015-1328 NOMISEC HIGH
Linux kernel <3.19.0-21.21 - Privilege Escalation
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.
by 0xf1d0
CVSS 7.8
CVE-2025-37899 NOMISEC HIGH
Linux Kernel 5.15-6.12.28, 6.1.0-6.1.159, 6.2.0-6.6.119, 6.7.0-6.12.28, 6.13.0-6.14.6 - Use-After-Free in Session Logoff
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess->user object can currently be in use by another thread, for example if another connection has sent a session setup request to bind to the session being free'd. The handler for that connection could be in the smb2_sess_setup function which makes use of sess->user.
by ccss17
CVSS 7.8
CVE-2024-9047 NOMISEC CRITICAL
WordPress File Upload <= 4.24.11 - Unauthenticated Path Traversal via wfu_file_downloader.php
The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitation requires the targeted WordPress installation to be using PHP 7.4 or earlier.
by amirqusairy99
CVSS 9.8