Nomisec Exploits

22,542 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-22515 NOMISEC CRITICAL
Atlassian Confluence Unauthenticated Remote Code Execution
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
by Arkha-Corvus
1 stars
CVSS 9.8
CVE-2025-49113 NOMISEC CRITICAL
Roundcube Webmail < 1.5.10 and 1.6.x < 1.6.11 - Authenticated Remote Code Execution via PHP Object Deserialization
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
by rxerium
5 stars
CVSS 9.9
CVE-2019-11043 NOMISEC HIGH
PHP 7.1.x < 7.1.33, 7.2.x < 7.2.24, 7.3.x < 7.3.11 - Remote Code Execution via FPM Buffer Overflow
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
by CodeHex083
3 stars
CVSS 8.7
CVE-2022-46907 NOMISEC MEDIUM
Apache JSPWiki < 2.12.0 - Cross-Site Scripting via Crafted Plugin Request
A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later.
by shoucheng3
CVSS 6.1
CVE-2018-7600 NOMISEC CRITICAL
Drupal Drupalgeddon 2 Forms API Property Injection
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
by muhammedkayag
1 stars
CVSS 9.8
CVE-2024-38063 NOMISEC CRITICAL
Windows TCP/IP - Remote Code Execution
Windows TCP/IP Remote Code Execution Vulnerability
by akozsentre
CVSS 9.8
CVE-2025-60852 NOMISEC MEDIUM
Instant Developer Foundation <25.0.9600 - Code Injection
A CSV Injection vulnerability existed in Instant Developer Foundation versions prior to 25.0.9600. Applications built with affected versions of the framework did not properly sanitize user-controlled input before including it in CSV exports. This issue could lead to code execution on the system where the exported CSV file is opened.
by valeriocassoni
CVSS 6.5
CVE-2025-60424 NOMISEC HIGH
Nagios Fusion <2024R2 - Auth Bypass
A lack of rate limiting in the OTP verification component of Nagios Fusion v2024R1.2 and v2024R2 allows attackers to bypass authentication via a bruteforce attack.
by aakashtyal
CVSS 7.6
CVE-2025-60425 NOMISEC HIGH
Nagios Fusion <2024R2 - Session Hijacking
Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existing session tokens when the two-factor authentication mechanism is enabled, allowing attackers to perform a session hijacking attack.
by aakashtyal
CVSS 8.6
CVE-2023-2745 NOMISEC MEDIUM
WordPress < 6.2 - Unauthenticated Directory Traversal via wp_lang Parameter
WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack.
by fofovicfof-ai
CVSS 5.4
CVE-2023-45612 NOMISEC HIGH
JetBrains Ktor < 2.3.5 - XML External Entity Injection via Default ContentNegotiation
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE
by clemfavre
CVSS 8.6
CVE-2022-0001 NOMISEC MEDIUM
Intel Atom and Celeron Processors - Information Disclosure via Branch Predictor Selector Sharing
Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
by Sabecomoeh
CVSS 6.5
CVE-2024-3094 NOMISEC CRITICAL
xz <5.6.0 - Code Injection
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
by ThomRgn
CVSS 10.0
CVE-2010-2861 NOMISEC CRITICAL
Adobe ColdFusion <9.0.1 - Path Traversal
Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.
by greysneakthief
CVSS 9.8
CVE-2021-3493 NOMISEC HIGH
2021 Ubuntu Overlayfs LPE
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.
by cyberx-1
CVSS 8.8
CVE-2025-51591 NOMISEC LOW
JGM Pandoc 3.6.4 - Server-Side Request Forgery via Crafted iframe
A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable SSRF vulnerabilities. Using the ‘--sandbox’ option or ‘pandoc-server’ can mitigate such vulnerabilities. Using pandoc with an external ‘--pdf-engine’ can also enable SSRF vulnerabilities, such as CVE-2022-35583 in wkhtmltopdf.
by Malayke
CVSS 3.7
CVE-2023-41992 NOMISEC HIGH
iPadOS < 16.7 - Local Privilege Escalation
The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, macOS Ventura 13.6. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
by WHW0x455
57 stars
CVSS 7.8
CVE-2019-19781 NOMISEC CRITICAL
Citrix ADC (NetScaler) Directory Traversal Scanner
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
by autocode07
CVSS 9.8
CVE-2023-32571 NOMISEC CRITICAL
System.Linq.Dynamic.Core 1.0.7.10-1.2.25 - Remote Code Execution via Untrusted Input Parsing
Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed.
by SecTex
CVSS 9.8
CVE-2017-7679 NOMISEC CRITICAL
Apache httpd <2.2.33, <2.4.26 - Buffer Overflow
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.
by Al-Lord0x
1 stars
CVSS 9.8
CVE-2025-24203 NOMISEC MEDIUM
iPadOS < 17.7.6 - Arbitrary File System Modification
The issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to modify protected parts of the file system.
by GeoSn0w
40 stars
CVSS 5.0
CVE-2020-35590 NOMISEC CRITICAL
limit-login-attempts-reloaded < 2.17.4 - Rate Limit Bypass via X-Forwarded-For Header Spoofing
LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows a bypass of (per IP address) rate limits because the X-Forwarded-For header can be forged. When the plugin is configured to accept an arbitrary header for the client source IP address, a malicious user is not limited to perform a brute force attack, because the client IP header accepts any arbitrary string. When randomizing the header input, the login count does not ever reach the maximum allowed retries.
by N4nj0
8 stars
CVSS 9.8
CVE-2025-20282 NOMISEC CRITICAL
Cisco Identity Services Engine and ISE-PIC - Unauthenticated Arbitrary File Upload and Remote Code Execution
A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system as root. This vulnerability is due a lack of file validation checks that would prevent uploaded files from being placed in privileged directories on an affected system. An attacker could exploit this vulnerability by uploading a crafted file to the affected device. A successful exploit could allow the attacker to store malicious files on the affected system and then execute arbitrary code or obtain root privileges on the system.
by skadevare
1 stars
CVSS 10.0
CVE-2023-37460 NOMISEC HIGH
plexus-archiver < 4.8.0 - Arbitrary File Creation and Remote Code Execution via Symbolic Link Handling
Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution. When extracting an archive with an entry that already exists in the destination directory as a symbolic link whose target does not exist - the `resolveFile()` function will return the symlink's source instead of its target, which will pass the verification that ensures the file will not be extracted outside of the destination directory. Later `Files.newOutputStream()`, that follows symlinks by default, will actually write the entry's content to the symlink's target. Whoever uses plexus archiver to extract an untrusted archive is vulnerable to an arbitrary file creation and possibly remote code execution. Version 4.8.0 contains a patch for this issue.
by shoucheng3
CVSS 8.1
CVE-2025-62518 NOMISEC HIGH
astral-tokio-tar < 0.5.6 - Archive Entry Smuggling via PAX Header Size Mismatch
astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives with PAX-extended headers containing size overrides, the parser incorrectly advances stream position based on ustar header size (often zero) instead of the PAX-specified size, causing it to interpret file content as legitimate tar headers. This issue has been patched in version 0.5.6. There are no workarounds.
by edera-dev
18 stars
CVSS 8.1