Nomisec Exploits

22,612 exploits tracked across all sources.

Sort: Activity Stars
CVE-2025-4275 NOMISEC HIGH
InsydeH2O Kernel 5.2-5.7 - Secure Boot Bypass via NVRAM Variable Signature Verification Flaw
A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. An attacker may to execute arbitrary signed UEFI code and bypass Secure Boot.
by NikolajSchlej
39 stars
CVSS 7.8
CVE-2021-40964 NOMISEC MEDIUM
TinyFileManager <=2.4.6 - Path Traversal
A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (with Admin credentials or with the CSRF vulnerability) with the "fullpath" parameter containing path traversal strings (../ and ..\) in order to escape the server's intended working directory and write malicious files onto any directory on the computer.
by Z3R0space
CVSS 6.5
CVE-2021-40964 NOMISEC MEDIUM
TinyFileManager <=2.4.6 - Path Traversal
A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (with Admin credentials or with the CSRF vulnerability) with the "fullpath" parameter containing path traversal strings (../ and ..\) in order to escape the server's intended working directory and write malicious files onto any directory on the computer.
by Z3R0-0x30
CVSS 6.5
CVE-2014-6287 NOMISEC CRITICAL
Rejetto HTTP File Server <2.3c - RCE
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.
by Z3R0space
CVSS 9.8
CVE-2014-6287 NOMISEC CRITICAL
Rejetto HTTP File Server <2.3c - RCE
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.
by Z3R0-0x30
CVSS 9.8
CVE-2025-36041 NOMISEC MEDIUM
IBM MQ Operator 2.0.0-2.0.29, 3.1.0-3.1.3, 3.2.0-3.2.12 - Improper Certificate Validation in Native HA CRR
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions.
by byteReaper77
2 stars
CVSS 4.7
CVE-2007-2447 NOMISEC
Samba 3.0.0-3.0.25rc3 - Command Injection
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
by DevinLiggins14
CVE-2025-33053 NOMISEC HIGH
CVE-2025-33053 Exploit via Malicious .URL File and WebDAV
External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.
by kra1t0
1 stars
CVSS 8.8
CVE-2019-3980 NOMISEC CRITICAL
Solarwinds Dameware Mini Remote Control 12.1.0.89 - Unauthenticated Remote Code Execution via Smart Card Authentication
The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run under the Local System account.
by CyberQuestor-infosec
1 stars
CVSS 9.8
CVE-2025-6335 NOMISEC MEDIUM
dedecms < 5.7.2 - Remote Command Injection via Template Handler
A vulnerability was found in DedeCMS up to 5.7.2 and classified as critical. This issue affects some unknown processing of the file /include/dedetag.class.php of the component Template Handler. The manipulation of the argument notes leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
by jujubooom
6 stars
CVSS 4.7
CVE-2011-2523 NOMISEC CRITICAL
vsftpd 2.3.4 - Backdoor Command Execution
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
by lghost256
CVSS 9.8
CVE-2024-3094 NOMISEC CRITICAL
xz <5.6.0 - Code Injection
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
by 24Owais
1 stars
CVSS 10.0
CVE-2019-15107 NOMISEC CRITICAL
Webmin <= 1.920 - OS Command Injection via password_change.cgi Old Parameter
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
by bayazid-bit
CVSS 9.8
CVE-2025-26443 NOMISEC HIGH
Android - Local Privilege Escalation via HtmlToSpannedParser Logic Error
In parseHtml of HtmlToSpannedParser.java, there is a possible way to install apps without allowing installation from unknown sources due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
by Pazhanivelmani
CVSS 7.3
CVE-2019-11043 NOMISEC HIGH
PHP 7.1.x < 7.1.33, 7.2.x < 7.2.24, 7.3.x < 7.3.11 - Remote Code Execution via FPM Buffer Overflow
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
by bayazid-bit
CVSS 8.7
CVE-2025-3248 NOMISEC CRITICAL
Langflow AI - Unauthenticated Remote Code Execution
Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.
by zapstiko
1 stars
CVSS 9.8
CVE-2025-48466 NOMISEC HIGH
Advantech WISE-4000 LAN Modbus TCP - Unauthenticated Digital Output Manipulation
Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to send Modbus TCP packets to manipulate Digital Outputs, potentially allowing remote control of relay channel which may lead to operational or safety risks.
by shipcod3
2 stars
CVSS 8.1
CVE-2025-32710 NOMISEC HIGH
Windows Server RCE via Use-After-Free in Remote Desktop Services
Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
by Sincan2
6 stars
CVSS 8.1
CVE-2025-6019 NOMISEC HIGH
Red Hat Enterprise Linux - Local Privilege Escalation via libblockdev XFS Image Resizing
A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.
by guinea-offensive-security
65 stars
CVSS 7.0
CVE-2015-1578 NOMISEC
u5CMS < 3.9.3 - Open Redirect via pidvesa Cookie or uri Parameter
Multiple open redirect vulnerabilities in u5CMS before 3.9.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) pidvesa cookie to u5admin/pidvesa.php or (2) uri parameter to u5admin/meta2.php.
by yaldobaoth
CVE-2025-49125 NOMISEC HIGH
Apache Tomcat 9.0.0-9.0.105, 10.1.0-M1-10.1.41, 11.0.0-M1-11.0.7 - Authentication Bypass
Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat.  When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by the same security constraints as the expected path, allowing those security constraints to be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.
by gregk4sec
CVSS 7.5
CVE-2022-36537 NOMISEC HIGH
ZK Framework <9.6.1 - Info Disclosure
ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.
by Malwareman007
36 stars
CVSS 7.5
CVE-2022-21907 NOMISEC CRITICAL
Windows 10, 11, and Server - Remote Code Execution
HTTP Protocol Stack Remote Code Execution Vulnerability
by Malwareman007
17 stars
CVSS 9.8
CVE-2025-46157 NOMISEC CRITICAL
EfroTech Time Trax 1.0 - Remote Code Execution via Leave Request File Attachment
An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form
by morphine009
1 stars
CVSS 9.9
CVE-2023-6401 NOMISEC MEDIUM
NotePad++ <8.1 - Uncontrolled Search Path
A vulnerability classified as problematic was found in NotePad++ up to 8.1. Affected by this vulnerability is an unknown functionality of the file dbghelp.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The identifier VDB-246421 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
by mekitoci
CVSS 5.3