Nomisec Exploits

21,473 exploits tracked across all sources.

Sort: Activity Stars
CVE-2025-32463 NOMISEC CRITICAL
Sudo <1.9.17p1 - Privilege Escalation
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
by morgenm
CVSS 9.3
CVE-2025-6514 NOMISEC CRITICAL
mcp-remote - Command Injection
mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorization_endpoint response URL
by ChaseHCS
CVSS 9.6
CVE-2022-0847 NOMISEC HIGH
Dirty Pipe Local Privilege Escalation via CVE-2022-0847
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
by mrchucu1
1 stars
CVSS 7.8
CVE-2025-24201 NOMISEC CRITICAL
Apple Safari < 18.3.1 - Out-of-Bounds Write
An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.2 and iPadOS 18.3.2, iPadOS 17.7.6, macOS Sequoia 15.3.2, visionOS 2.3.2, watchOS 11.4. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).
by The-Maxu
6 stars
CVSS 10.0
CVE-2025-25257 NOMISEC CRITICAL
Fortinet FortiWeb - SQL Injection
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.7, FortiWeb 7.2.0 through 7.2.10, FortiWeb 7.0.0 through 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
by 0xbigshaq
63 stars
CVSS 9.8
CVE-2024-4577 NOMISEC CRITICAL
PHP CGI Argument Injection Remote Code Execution
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
by mananjain61
CVSS 9.8
CVE-2025-5777 NOMISEC HIGH
Citrix Netscaler Application Delivery... - Use of Uninitialized Resource
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
by bughuntar
30 stars
CVSS 7.5
CVE-2025-48384 NOMISEC HIGH
Git - Info Disclosure
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
by vinieger
1 stars
CVSS 8.0
CVE-2007-2447 NOMISEC
Samba 3.0.0-3.0.25rc3 - Command Injection
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
by MrRoma577
CVE-2025-32462 NOMISEC LOW
Sudo < 1.9.17 - Incorrect Authorization
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.
by toohau
CVSS 2.8
CVE-2023-23638 NOMISEC MEDIUM
Apache Dubbo < 2.7.21 - Insecure Deserialization
A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior versions; Apache Dubbo 3.1.x version 3.1.5 and prior versions.
by cuijiung
1 stars
CVSS 5.0
CVE-2021-44228 NOMISEC CRITICAL
Log4Shell HTTP Header Injection
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
by fabioeletto
CVSS 10.0
CVE-2025-48384 NOMISEC HIGH
Git - Info Disclosure
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
by p1026
CVSS 8.0
CVE-2024-45352 NOMISEC HIGH
Xiaomi smarthome - RCE
An code execution vulnerability exists in the Xiaomi smarthome application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code.
by Edwins907
CVSS 8.8
CVE-2024-45352 NOMISEC HIGH
Xiaomi smarthome - RCE
An code execution vulnerability exists in the Xiaomi smarthome application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code.
by Edwins907
CVSS 8.8
CVE-2022-36934 NOMISEC CRITICAL
Whatsapp < 2.22.16.12 - Integer Overflow
An integer overflow in WhatsApp could result in remote code execution in an established video call.
by tdawg506
CVSS 9.8
CVE-2022-36934 NOMISEC CRITICAL
Whatsapp < 2.22.16.12 - Integer Overflow
An integer overflow in WhatsApp could result in remote code execution in an established video call.
by Teexo
CVSS 9.8
CVE-2014-6287 NOMISEC CRITICAL
Rejetto HTTP File Server <2.3c - RCE
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.
by rahisec
CVSS 9.8
CVE-2025-45778 NOMISEC MEDIUM
Languagesloth The Language Sloth - XSS
A stored cross-site scripting (XSS) vulnerability in The Language Sloth Web Application v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Description text field.
by Smarttfoxx
2 stars
CVSS 6.1
CVE-2024-32113 NOMISEC CRITICAL
Apache OFBiz <18.12.13 - Path Traversal
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue.
by guinea-offensive-security
CVSS 9.8
CVE-2025-5777 NOMISEC HIGH
Citrix Netscaler Application Delivery... - Use of Uninitialized Resource
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
by 0xgh057r3c0n
CVSS 7.5
CVE-2025-25257 NOMISEC CRITICAL
Fortinet FortiWeb - SQL Injection
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.7, FortiWeb 7.2.0 through 7.2.10, FortiWeb 7.0.0 through 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
by watchtowrlabs
96 stars
CVSS 9.8
CVE-2017-0144 NOMISEC HIGH
Microsoft Server Message Block < 4.0e - Remote Code Execution
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
by AdityaBhatt3010
11 stars
CVSS 8.8
CVE-2025-5777 NOMISEC HIGH
Citrix Netscaler Application Delivery... - Use of Uninitialized Resource
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
by RickGeex
1 stars
CVSS 7.5
CVE-2024-3568 NOMISEC CRITICAL
huggingface/transformers - Code Injection
The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()` class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting the use of `pickle.load()` on data from potentially untrusted sources. This vulnerability allows for remote code execution (RCE) by deceiving victims into loading a seemingly harmless checkpoint during a normal training process, thereby enabling attackers to execute arbitrary code on the targeted machine.
by rooobeam
CVSS 9.6
By Source
All 21,473 Writeup 56,303 Exploitdb 50,186 Nomisec 21,473 Metasploit 3,228 Github 2,598 Vulncheck_xdb 904 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,364 python 5,960 ruby 5,960 c 3,580 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 250 shell 95 go 55 postscript 25 xml 24