Nomisec Exploits
22,365 exploits tracked across all sources.
Mikrotik RouterOS <6.42.7,6.40.9 - Buffer Overflow
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vulnerability could theoretically allow a remote authenticated attacker execute arbitrary code on the system.
by JonathanInfinity01
CVSS 8.8
Apache HTTP Server: mod_http2 denial of service
Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests.
This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.
by adminlove520
Apache HTTP Server: mod_http2 denial of service
Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests.
This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.
by minc-nice-100
Django 3.2-3.2.16 4.0-4.0.8 4.1-4.1.5 - Denial of Service via Accept-Language Header Parsing
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.
by lkq111
CVSS 7.5
Microsoft Windows 11 Version 24H2 - Windows BitLocker Security Feature Bypass Vulnerability
Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices.
We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available.
Mitigation FAQs
Should I leverage the temporary mitigation?
Microsoft recommends that you consider implementing these mitigations if you are concerned your devices and data are at risk of being compromised or stolen. For example, if your organization’s employees take their work devices home or on business travel.
What impact to service availability/management could be caused by implementing the mitigations?
Implementing these mitigations will not impact service availability or management operations.
Do customers need to revert the changes made to mitigate the vulnerability once the security update to protect against this vulnerability is available?
No. The security update will maintain the mitigation's behavior once the security update is installed.
I am using TPM+PIN, am I at risk of this vulnerability being exploited
No, if you are using TPM+PIN the vulnerability is not exploitable.
by iDesignStudioz
Unisoc SC9863A/T310/T610/T618 - Local Privilege Escalation via Unchecked BootRom Write Address
In BootRom, there is a possible unchecked write address. This could lead to local escalation of privilege with no additional execution privileges needed.
by sloden1977-lang
CVSS 7.8
React Server Components <19.2.0 - RCE
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
by olezhaku
Apple watchOS <26.2 - Code Injection
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.
by GenericCoding
Apache OFBiz: Privilege Escalation via updateOrRemove Authorization Bypass
A privilege escalation vulnerability in Apache OFBiz allows a low-privileged authenticated user to obtain higher privileges
This issue affects Apache OFBiz: before 24.09.07.
Users are recommended to upgrade to version 24.09.07, which fixes the issue.
by lwd3c
CVSS 8.8
TP-Link Tapo C200 Firmware < 1.1.15 - Unauthenticated Remote Code Execution
TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera.
by kaleth4
CVSS 9.8
Windows Kernel - Privilege Escalation
Windows Kernel Elevation of Privilege Vulnerability
by FangFang-Yi
CVSS 7.0
Microvirt MEmu Android Emulator 9.2.7.0 - Privilege Escalation via MemuService.exe
An issue in Microvirt MEmu Android Emulator 9.2.7.0 allows a local attacker to escalate privileges via the MemuService.exe component.
by sec-zone
CVSS 7.8
Windows Ancillary Function Driver - Privilege Escalation
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
by r4uzn
CVSS 7.8
CVE-2013-4660
NOMISEC
nodeca/js-yaml < 2.0.5 - Remote Code Execution via Unsafe YAML Tag Parsing
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation.
by leehunkoo
CMS Made Simple 2.2.8 - Unauthenticated Blind SQL Injection via News Module m1_idlist Parameter
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
by rideckszz
Langflow - Path Traversal Arbitrary File Write via upload_user_file
The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences ('../').
by HORKimhab
CVSS 8.8
Microsoft Windows 10 Version 1607 - Windows BitLocker Security Feature Bypass Vulnerability
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
by HORKimhab
CVSS 6.8
PHPUnit < 4.8.28 and 5.x < 5.6.3 - Remote Code Execution via HTTP POST Data
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
by krisdewa
CVSS 9.8
PHPUnit < 4.8.28 and 5.x < 5.6.3 - Remote Code Execution via HTTP POST Data
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
by krisdewa
CVSS 9.8
Local Privilege Escalation via CVE-2023-0386
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
by achnouri
CVSS 7.8
Check Point Quantum/Spark Gateways - Unauthenticated VPN Authentication Bypass
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.
by watchtowrlabs
GameOver(lay) Privilege Escalation and Container Escape
On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks.
by amar-imamovic
CVSS 7.8
Schema & Structured Data for WP & AMP < 1.60 - Unauthenticated Arbitrary Media Upload
The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users to upload any file type accepted by WordPress's media library through endpoints that should only accept images or videos.
by Polosss
CVSS 9.1
Drupal Drupalgeddon 2 Forms API Property Injection
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
by nayem-m
CVSS 9.8
Apache HTTP Server: mod_http2 denial of service
Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests.
This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.
by qpzmalqp
CVSS 7.5
By Source