Nomisec Exploits

22,542 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-40000 NOMISEC HIGH
LiteSpeed Cache < 5.7 - Unauthenticated Stored Cross-Site Scripting
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 5.7.
by rxerium
7 stars
CVSS 8.3
CVE-2024-12084 NOMISEC CRITICAL
rsync - Heap-based Buffer Overflow via Checksum Length Handling
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.
by rxerium
CVSS 9.8
CVE-2024-32444 NOMISEC CRITICAL
InspiryThemes RealHomes <4.3.6 - Privilege Escalation
Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes realhomes allows Privilege Escalation.This issue affects RealHomes: from n/a through <= 4.3.6.
by rxerium
1 stars
CVSS 9.8
CVE-2025-0994 NOMISEC HIGH
Trimble Cityworks < 15.8.9 - Authenticated Remote Code Execution via Deserialization
Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services (IIS) web server.
by rxerium
4 stars
CVSS 8.8
CVE-2025-26465 NOMISEC MEDIUM
OpenSSH 6.9-9.7 - Machine-in-the-Middle Attack via VerifyHostKeyDNS Error Handling
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.
by rxerium
7 stars
CVSS 6.8
CVE-2025-26466 NOMISEC MEDIUM
OpenSSH - Denial of Service via Ping Packet Memory Exhaustion
A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.
by rxerium
4 stars
CVSS 5.9
CVE-2024-39929 NOMISEC MEDIUM
Exim < 4.97.1 - Improper Encoding or Escaping of Output via Multiline RFC 2231 Header Filename
Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users.
by rxerium
3 stars
CVSS 5.4
CVE-2023-22515 NOMISEC CRITICAL
Atlassian Confluence Unauthenticated Remote Code Execution
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
by rxerium
1 stars
CVSS 9.8
CVE-2024-7593 NOMISEC CRITICAL
Ivanti Virtual Traffic Manager Authentication Bypass (CVE-2024-7593)
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
by rxerium
CVSS 9.8
CVE-2025-31324 NOMISEC CRITICAL
SAP NetWeaver Visual Composer Metadata Uploader - Deserialization
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.
by rxerium
5 stars
CVSS 10.0
CVE-2025-24016 NOMISEC CRITICAL
Wazuh server remote code execution caused by an unsafe deserialization vulnerability.
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are a serialized as JSON and deserialized using `as_wazuh_object` (in `framework/wazuh/core/cluster/common.py`). If an attacker manages to inject an unsanitized dictionary in DAPI request/response, they can forge an unhandled exception (`__unhandled_exc__`) to evaluate arbitrary python code. The vulnerability can be triggered by anybody with API access (compromised dashboard or Wazuh servers in the cluster) or, in certain configurations, even by a compromised agent. Version 4.9.1 contains a fix.
by rxerium
2 stars
CVSS 9.9
CVE-2024-57378 NOMISEC HIGH
Wazuh SIEM <4.8.2 - Privilege Escalation
Wazuh SIEM version 4.8.2 is affected by a broken access control vulnerability. This issue allows the unauthorized creation of internal users without assigning any existing user role, potentially leading to privilege escalation or unauthorized access to sensitive resources.
by rxerium
CVSS 7.3
CVE-2025-47812 NOMISEC CRITICAL
Wing FTP Server NULL-byte Authentication Bypass (CVE-2025-47812)
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default). This is thus a remote code execution vulnerability that guarantees a total server compromise. This is also exploitable via anonymous FTP accounts.
by rxerium
CVSS 10.0
CVE-2025-52914 NOMISEC HIGH
Mitel MiCollab 10.0-10.0.1.101 - Authenticated SQL Injection in Suite Applications Services
A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 (10.0.1.101) could allow an authenticated attacker to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary SQL database commands.
by rxerium
CVSS 8.8
CVE-2025-8875 NOMISEC HIGH
N-able N-central < 2025.3.1 - Local Code Execution via Untrusted Data Deserialization
Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.
by rxerium
21 stars
CVSS 7.8
CVE-2025-4427 NOMISEC MEDIUM
Ivanti Endpoint Manager Mobile <= 12.5.0.0 - Unauthenticated Authentication Bypass via API
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
by rxerium
CVSS 5.3
CVE-2025-57819 NOMISEC CRITICAL
FreePBX 15.0-15.0.65 - Unauthenticated Authentication Bypass and Remote Code Execution
FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.
by rxerium
1 stars
CVSS 9.8
CVE-2025-7775 NOMISEC CRITICAL
Citrix NetScaler ADC and Gateway 12.1-13.1 - Remote Code Execution and Denial of Service via Memory Overflow
Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers (OR) CR virtual server with type HDX
by rxerium
2 stars
CVSS 9.8
CVE-2025-53690 NOMISEC CRITICAL
Sitecore XM/X <9.0 - Code Injection
Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0.
by rxerium
5 stars
CVSS 9.0
CVE-2025-42944 NOMISEC CRITICAL
SAP NetWeaver - Unauthenticated Remote Code Execution via RMI-P4 Deserialization
Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high impact to the application's confidentiality, integrity, and availability.
by rxerium
CVSS 10.0
CVE-2025-10035 NOMISEC CRITICAL
Fortra GoAnywhere MFT < 7.6.3 - Deserialization of Untrusted Data via License Servlet
A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection.
by rxerium
19 stars
CVSS 10.0
CVE-2025-26399 NOMISEC CRITICAL
SolarWinds Web Help Desk < 12.8.6 - Unauthenticated Remote Code Execution via AjaxProxy Deserialization
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.
by rxerium
2 stars
CVSS 9.8
CVE-2025-41244 NOMISEC HIGH
VMware Aria Operations and VMware Tools - Local Privilege Escalation via SDMP
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
by rxerium
1 stars
CVSS 7.8
CVE-2022-0847 NOMISEC HIGH
Dirty Pipe Local Privilege Escalation via CVE-2022-0847
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
by karanlvm
1 stars
CVSS 7.8
CVE-2024-32113 NOMISEC CRITICAL
Apache OFBiz <18.12.13 - Path Traversal
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue.
by luizgaf
CVSS 9.8