Nomisec Exploits

22,576 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-42931 NOMISEC HIGH
macOS < Ventura 13.6.3 - Privilege Escalation
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A process may gain admin privileges without proper authentication.
by tageniu
5 stars
CVSS 7.8
CVE-2023-22493 NOMISEC HIGH
RSSHub < 2023-01-10 - Server-Side Request Forgery via Affected Routes
RSSHub is an open source RSS feed generator. RSSHub is vulnerable to Server-Side Request Forgery (SSRF) attacks. This vulnerability allows an attacker to send arbitrary HTTP requests from the server to other servers or resources on the network. An attacker can exploit this vulnerability by sending a request to the affected routes with a malicious URL. An attacker could also use this vulnerability to send requests to internal or any other servers or resources on the network, potentially gain access to sensitive information that would not normally be accessible and amplifying the impact of the attack. The patch for this issue can be found in commit a66cbcf.
by buitanhung144
CVSS 8.8
CVE-2025-27581 NOMISEC MEDIUM
NIH BRICS <14.0.0-67 - Info Disclosure
NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 allows users who lack the InET role to access the InET module via direct requests to known endpoints.
by Henryisnotavailable
CVSS 4.3
CVE-2025-45346 NOMISEC HIGH
Bacula-web < 9.7.1 - SQL Injection via HTTP GET Request
SQL Injection vulnerability in Bacula-web before v.9.7.1 allows a remote attacker to execute arbitrary code via a crafted HTTP GET request.
by 0xsu3ks
CVSS 8.1
CVE-2025-29557 NOMISEC MEDIUM
ExaGrid EX10 6.3-7.0.1.P08 - Info Disclosure
ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control in the MailConfiguration API endpoint, where users with operator-level privileges can issue an HTTP request to retrieve SMTP credentials, including plaintext passwords.
by 0xsu3ks
CVSS 5.4
CVE-2024-34328 NOMISEC MEDIUM
Sielox AnyWare <2.1.2 - Open Redirect
An open redirect in Sielox AnyWare v2.1.2 allows attackers to execute a man-in-the-middle attack via a crafted URL.
by 0xsu3ks
CVSS 6.3
CVE-2025-5777 NOMISEC HIGH
Citrix NetScaler ADC/Gateway 12.1-12.1-55.328, 13.1-13.1-37.235, 13.1-13.1-58.32 - Out-of-bounds Read
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
by below0day
CVSS 7.5
CVE-2025-54769 NOMISEC HIGH
lpar2rrd < 8.04 - Authenticated Directory Traversal and Remote Code Execution via File Upload
An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modules within the application to achieve remote code execution (RCE) by an attacker.
by byteReaper77
2 stars
CVSS 8.8
CVE-2017-5638 NOMISEC CRITICAL
Apache Struts 2.3.x < 2.3.32 and 2.5.x < 2.5.10.1 - Remote Code Execution via Jakarta Multipart Parser
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
by joidiego
CVSS 9.8
CVE-2020-10220 NOMISEC CRITICAL
Rconfig 3.x Chained Remote Code Execution
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.
by CSpanias
CVSS 9.8
CVE-2016-5195 NOMISEC HIGH
Linux Kernel 2.x-4.x < 4.8.3 - Local Privilege Escalation via Dirty COW Race Condition
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
by firefart
921 stars
CVSS 7.0
CVE-2024-45352 NOMISEC HIGH
Xiaomi smarthome application 10.0.623 - Remote Code Execution
An code execution vulnerability exists in the Xiaomi smarthome application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code.
by Edwins907
CVSS 8.8
CVE-2021-43857 NOMISEC CRITICAL
Gerapy < 0.9.8 - Remote Code Execution
Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8.
by ProwlSec
CVSS 9.8
CVE-2025-40766 NOMISEC MEDIUM
SINEC Traffic Analyzer < 3.0 - Denial of Service via Uncontrolled Docker Resource Consumption
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application runs docker containers without adequate resource and security limitations. This could allow an attacker to perform a denial-of-service (DoS) attack.
by FurkanKAYAPINAR
1 stars
CVSS 5.5
CVE-2025-29824 NOMISEC HIGH
Windows Common Log File System Driver - Use-After-Free
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
by AfanPan
19 stars
CVSS 7.8
CVE-2024-39211 NOMISEC MEDIUM
Kaiten 57.128.8 - User Account Enumeration via Login Response Discrepancy
Kaiten 57.128.8 allows remote attackers to enumerate user accounts via a crafted POST request, because a login response contains a user_email field only if the user account exists.
by artemy-ccrsky
7 stars
CVSS 5.3
CVE-2025-54381 NOMISEC CRITICAL
BentoML 1.4.0-1.4.19 - Unauthenticated Server-Side Request Forgery via URL-Based File Upload
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.0 until 1.4.19, the file upload processing system contains an SSRF vulnerability that allows unauthenticated remote attackers to force the server to make arbitrary HTTP requests. The vulnerability stems from the multipart form data and JSON request handlers, which automatically download files from user-provided URLs without validating whether those URLs point to internal network addresses, cloud metadata endpoints, or other restricted resources. The documentation explicitly promotes this URL-based file upload feature, making it an intended design that exposes all deployed services to SSRF attacks by default. Version 1.4.19 contains a patch for the issue.
by rockmelodies
CVSS 9.9
CVE-2021-1675 NOMISEC HIGH
Windows Print Spooler - Remote Code Execution
Windows Print Spooler Remote Code Execution Vulnerability
by DLL00P
1 stars
CVSS 7.8
CVE-2018-16119 NOMISEC HIGH
TP-Link TL-WR1043ND Firmware Version 3 - Remote Code Execution via MediaServer Request
Stack-based buffer overflow in the httpd server of TP-Link WR1043nd (Firmware Version 3) allows remote attackers to execute arbitrary code via a malicious MediaServer request to /userRpm/MediaServerFoldersCfgRpm.htm.
by hdbreaker
16 stars
CVSS 7.2
CVE-2016-4622 NOMISEC HIGH
Safari < 9.1.2 - Remote Code Execution via Memory Corruption
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4623, and CVE-2016-4624.
by hdbreaker
22 stars
CVSS 8.8
CVE-2025-54352 NOMISEC LOW
WordPress 3.5-6.8.2 - Unauthenticated Private Post Title Exposure via Pingback XML-RPC Requests
WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE: the Supplier is not changing this behavior.
by yohannslm
1 stars
CVSS 3.7
CVE-2025-53770 NOMISEC CRITICAL
Microsoft SharePoint Server - Code Injection
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.
by Immersive-Labs-Sec
4 stars
CVSS 9.8
CVE-2025-53770 NOMISEC CRITICAL
Microsoft SharePoint Server - Code Injection
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.
by Rabbitbong
2 stars
CVSS 9.8
CVE-2025-53770 NOMISEC CRITICAL
Microsoft SharePoint Server - Code Injection
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.
by 3a7
14 stars
CVSS 9.8
CVE-2025-53770 NOMISEC CRITICAL
Microsoft SharePoint Server - Code Injection
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.
by bitsalv
CVSS 9.8