Nomisec Exploits

22,560 exploits tracked across all sources.

Sort: Activity Stars
CVE-2025-53694 NOMISEC HIGH
Sitecore Experience Manager and Experience Platform 9.2-10.4 - Exposure of Sensitive Information
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP).This issue affects Sitecore Experience Manager (XM): from 9.2 through 10.4; Experience Platform (XP): from 9.2 through 10.4.
by fuckyourheroes
CVSS 7.5
CVE-2025-53694 NOMISEC HIGH
Sitecore Experience Manager and Experience Platform 9.2-10.4 - Exposure of Sensitive Information
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP).This issue affects Sitecore Experience Manager (XM): from 9.2 through 10.4; Experience Platform (XP): from 9.2 through 10.4.
by brokendreamsclub
CVSS 7.5
CVE-2025-53691 NOMISEC HIGH
Sitecore XP 9.0-9.3, 10.0-10.4 - RCE via Untrusted Deserialization
Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Remote Code Execution (RCE).This issue affects Experience Manager (XM): from 9.0 through 9.3, from 10.0 through 10.4; Experience Platform (XP): from 9.0 through 9.3, from 10.0 through 10.4.
by blueisbeautiful
CVSS 8.8
CVE-2025-53691 NOMISEC HIGH
Sitecore XP 9.0-9.3, 10.0-10.4 - RCE via Untrusted Deserialization
Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Remote Code Execution (RCE).This issue affects Experience Manager (XM): from 9.0 through 9.3, from 10.0 through 10.4; Experience Platform (XP): from 9.0 through 9.3, from 10.0 through 10.4.
by fuckyourheroes
CVSS 8.8
CVE-2025-53691 NOMISEC HIGH
Sitecore XP 9.0-9.3, 10.0-10.4 - RCE via Untrusted Deserialization
Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Remote Code Execution (RCE).This issue affects Experience Manager (XM): from 9.0 through 9.3, from 10.0 through 10.4; Experience Platform (XP): from 9.0 through 9.3, from 10.0 through 10.4.
by brokendreamsclub
CVSS 8.8
CVE-2025-53693 NOMISEC CRITICAL
Sitecore XM/X <10.5 - Cache Poisoning
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Cache Poisoning.This issue affects Sitecore Experience Manager (XM): from 9.0 through 9.3, from 10.0 through 10.4; Experience Platform (XP): from 9.0 through 9.3, from 10.0 through 10.4.
by blueisbeautiful
1 stars
CVSS 9.8
CVE-2025-53693 NOMISEC CRITICAL
Sitecore XM/X <10.5 - Cache Poisoning
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Cache Poisoning.This issue affects Sitecore Experience Manager (XM): from 9.0 through 9.3, from 10.0 through 10.4; Experience Platform (XP): from 9.0 through 9.3, from 10.0 through 10.4.
by fuckyourheroes
1 stars
CVSS 9.8
CVE-2025-53693 NOMISEC CRITICAL
Sitecore XM/X <10.5 - Cache Poisoning
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Cache Poisoning.This issue affects Sitecore Experience Manager (XM): from 9.0 through 9.3, from 10.0 through 10.4; Experience Platform (XP): from 9.0 through 9.3, from 10.0 through 10.4.
by brokendreamsclub
1 stars
CVSS 9.8
CVE-2025-34300 NOMISEC CRITICAL
Template Injection Vulnerability in Sawtooth Software
A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the  ciwweb.pl http://ciwweb.pl/  Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary commands.
by jisi-001
1 stars
CVE-2025-27591 NOMISEC MEDIUM
Below < 0.9.0 - Privilege Escalation via World-Writable Log Directory
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.
by danil-koltsov
1 stars
CVSS 6.8
CVE-2025-27480 NOMISEC HIGH
Remote Desktop Gateway Service - Use After Free
Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
by mrk336
1 stars
CVSS 8.1
CVE-2024-6536 NOMISEC MEDIUM
Zephyr Project Manager <3.3.99 - XSS
The Zephyr Project Manager WordPress plugin before 3.3.99 does not sanitise and escape some of its settings, which could allow high privilege users such as editors and admins to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
by apena-ba
1 stars
CVSS 5.4
CVE-2023-40130 NOMISEC HIGH
CallRedirectionProcessor - Privilege Escalation
In notifyTimeout of CallRedirectionProcessor, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege and background activity launch with no additional execution privileges needed. User interaction is not needed for exploitation.
by wrlu
12 stars
CVSS 7.8
CVE-2021-3456 NOMISEC HIGH
Foreman smart_proxy_salt < 2.1.5 - Authenticated Incorrect Authorization
An improper authorization handling flaw was found in Foreman. The Salt plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability.
by mrk336
1 stars
CVSS 7.1
CVE-2025-50565 NOMISEC MEDIUM
Doubo ERP 1.0 - SQL Injection
Doubo ERP 1.0 has an SQL injection vulnerability due to a lack of filtering of user input, which can be remotely initiated by an attacker.
by m0b1u3
CVSS 6.5
CVE-2025-50565 NOMISEC MEDIUM
Doubo ERP 1.0 - SQL Injection
Doubo ERP 1.0 has an SQL injection vulnerability due to a lack of filtering of user input, which can be remotely initiated by an attacker.
by OoO7ce
CVSS 6.5
CVE-2025-31324 NOMISEC CRITICAL
SAP NetWeaver Visual Composer Metadata Uploader - Deserialization
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.
by harshitvarma05
CVSS 10.0
CVE-2025-9478 NOMISEC HIGH
Google Chrome <139.0.7258.154 - Use After Free
Use after free in ANGLE in Google Chrome prior to 139.0.7258.154 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
by Kamgreen50
CVSS 8.8
CVE-2021-41773 NOMISEC CRITICAL
Apache 2.4.49/2.4.50 Traversal RCE
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
by hackedrishi
CVSS 9.8
CVE-2025-8714 NOMISEC HIGH
PostgreSQL <17.6, <16.10, <15.14, <14.19, <13.22 - Code Injection
Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.
by orderby99
2 stars
CVSS 8.8
CVE-2019-18935 NOMISEC CRITICAL
Telerik UI ASP.NET AJAX RadAsyncUpload Deserialization
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)
by clarkvoss
CVSS 9.8
CVE-2025-2776 NOMISEC CRITICAL
SysAid On-Prem <= 23.3.40 - XML External Entity
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.
by mrk336
CVSS 9.3
CVE-2024-48307 NOMISEC CRITICAL
JeecgBoot 3.7.1 - SQL Injection via /onlDragDatasetHead/getTotalData
JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData.
by jisi-001
1 stars
CVSS 9.8
CVE-2025-24893 NOMISEC CRITICAL
XWiki Platform - Remote Code Execution
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to `SolrSearch`. This impacts the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on an instance, without being logged in, go to `<host>/xwiki/bin/get/Main/SolrSearch?media=rss&text=%7D%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7Dprintln%28"Hello%20from"%20%2B%20"%20search%20text%3A"%20%2B%20%2823%20%2B%2019%29%29%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D%20`. If there is an output, and the title of the RSS feed contains `Hello from search text:42`, then the instance is vulnerable. This vulnerability has been patched in XWiki 15.10.11, 16.4.1 and 16.5.0RC1. Users are advised to upgrade. Users unable to upgrade may edit `Main.SolrSearchMacros` in `SolrSearchMacros.xml` on line 955 to match the `rawResponse` macro in `macros.vm#L2824` with a content type of `application/xml`, instead of simply outputting the content of the feed.
by mah4nzfr
CVSS 9.8
CVE-2025-9728 NOMISEC MEDIUM
Vvveb 1.0.7.2 - Cross-Site Scripting via Email/Password Argument
A security vulnerability has been detected in givanz Vvveb 1.0.7.2. This affects an unknown part of the file app/template/user/login.tpl. Such manipulation of the argument Email/Password leads to cross site scripting. The attack can be executed remotely. The name of the patch is bbd4c42c66ab818142240348173a669d1d2537fe. Applying a patch is advised to resolve this issue.
by helloandrewpaul
CVSS 4.3