Nomisec Exploits

22,655 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-12615 NOMISEC HIGH
Apache Tomcat 7.0.0-7.0.79 - Unauthenticated Remote Code Execution via JSP Upload
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
by lizhianyuguangming
284 stars
CVSS 8.1
CVE-2011-2523 NOMISEC CRITICAL
vsftpd 2.3.4 - Backdoor Command Execution
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
by cybermads
1 stars
CVSS 9.8
CVE-2024-56145 NOMISEC CRITICAL
Craft CMS Twig Template Injection RCE via FTP Templates Path
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has `register_argc_argv` enabled. For these users an unspecified remote code execution vector is present. Users are advised to update to version 3.9.14, 4.13.2, or 5.5.2. Users unable to upgrade should disable `register_argc_argv` to mitigate the issue.
by hmhlol
CVSS 9.8
CVE-2025-2783 NOMISEC HIGH
Mojo in Google Chrome <134.0.6998.177 - RCE
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)
by Alchemist3dot14
30 stars
CVSS 8.3
CVE-2024-4367 NOMISEC HIGH
Firefox < 126 and ESR < 115.11 - Arbitrary JavaScript Execution in PDF.js via Missing Type Check
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
by VVeakee
CVSS 8.8
CVE-2025-24813 NOMISEC CRITICAL
Tomcat Partial PUT Java Deserialization
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads - attacker knowledge of the names of security sensitive files being uploaded - the security sensitive files also being uploaded via partial PUT If all of the following were true, a malicious user was able to perform remote code execution: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - application was using Tomcat's file based session persistence with the default storage location - application included a library that may be leveraged in a deserialization attack Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue.
by MuhammadWaseem29
1 stars
CVSS 9.8
CVE-2025-29927 NOMISEC CRITICAL
Next.js Middleware Bypass
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
by Balajih4kr
CVSS 9.1
CVE-2024-25600 NOMISEC CRITICAL
Unauthenticated Remote Code Execution - Bricks <= 1.9.6
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.
by so1icitx
13 stars
CVSS 10.0
CVE-2025-30065 NOMISEC CRITICAL
Apache Parquet Java < 1.15.1 - Remote Code Execution via Schema Parsing
Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade to version 1.15.1, which fixes the issue.
by ron-imperva
CVSS 9.8
CVE-2025-24813 NOMISEC CRITICAL
Tomcat Partial PUT Java Deserialization
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads - attacker knowledge of the names of security sensitive files being uploaded - the security sensitive files also being uploaded via partial PUT If all of the following were true, a malicious user was able to perform remote code execution: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - application was using Tomcat's file based session persistence with the default storage location - application included a library that may be leveraged in a deserialization attack Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue.
by AsaL1n
4 stars
CVSS 9.8
CVE-2025-30208 NOMISEC MEDIUM
Vite - Arbitrary File Read
Vite, a provider of frontend development tooling, has a vulnerability in versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. `@fs` denies access to files outside of Vite serving allow list. Adding `?raw??` or `?import&raw??` to the URL bypasses this limitation and returns the file content if it exists. This bypass exists because trailing separators such as `?` are removed in several places, but are not accounted for in query string regexes. The contents of arbitrary files can be returned to the browser. Only apps explicitly exposing the Vite dev server to the network (using `--host` or `server.host` config option) are affected. Versions 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10 fix the issue.
by lilil3333
1 stars
CVSS 5.3
CVE-2025-32118 NOMISEC CRITICAL
NiteoThemes CMP - Unrestricted Upload
Unrestricted Upload of File with Dangerous Type vulnerability in NiteoThemes CMP – Coming Soon & Maintenance cmp-coming-soon-maintenance allows Using Malicious Files.This issue affects CMP – Coming Soon & Maintenance: from n/a through <= 4.1.14.
by Nxploited
1 stars
CVSS 9.1
CVE-2011-2523 NOMISEC CRITICAL
vsftpd 2.3.4 - Backdoor Command Execution
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
by vedpakhare
1 stars
CVSS 9.8
CVE-2023-4357 NOMISEC HIGH
Google Chrome <116.0.5845.96 - Auth Bypass
Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
by xcanwin
227 stars
CVSS 8.8
CVE-2024-25600 NOMISEC CRITICAL
Unauthenticated Remote Code Execution - Bricks <= 1.9.6
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.
by meli0dasH4ck3r
CVSS 10.0
CVE-2023-40931 NOMISEC MEDIUM
Nagios XI 5.11.0-5.11.1 - Authenticated SQL Injection via Banner Message ID Parameter
A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php
by G4sp4rCS
CVSS 6.5
CVE-2025-31131 NOMISEC HIGH
Yeswiki < 4.5.2 - Unauthenticated Path Traversal
YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability is fixed in 4.5.2.
by MuhammadWaseem29
1 stars
CVSS 8.6
CVE-2021-30956 NOMISEC LOW
iPadOS < 15.2 - Unauthenticated Lock Screen Bypass to Contact Access
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 15.2 and iPadOS 15.2. An attacker with physical access to a device may be able to see private contact information.
by fordsham
CVSS 2.4
CVE-2025-29927 NOMISEC CRITICAL
Next.js Middleware Bypass
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
by sn1p3rt3s7
CVSS 9.1
CVE-2024-23897 NOMISEC CRITICAL
Jenkins cli Ampersand Replacement Arbitrary File Read
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
by tvasari
CVSS 9.8
CVE-2025-30911 NOMISEC CRITICAL
Rometheme RomethemeKit For Elementor <1.5.4 - Code Injection
Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RTMKit rometheme-for-elementor allows Command Injection.This issue affects RTMKit: from n/a through <= 1.5.4.
by Nxploited
CVSS 9.9
CVE-2018-19422 NOMISEC HIGH
Subrion CMS < 4.2.2 - Remote Code Execution via .pht or .phar File Upload
/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.
by Drew-Alleman
CVSS 7.2
CVE-2019-11395 NOMISEC CRITICAL
MailCarrier 2.51 - Remote Code Execution via Buffer Overflow in SMTP/POP3 Commands
A buffer overflow in MailCarrier 2.51 allows remote attackers to execute arbitrary code via a long string, as demonstrated by SMTP RCPT TO, POP3 USER, POP3 LIST, POP3 TOP, or POP3 RETR.
by RafaelBicas
CVSS 9.8
CVE-2025-0401 NOMISEC MEDIUM
reggie 1.0 - Path Traversal via CommonController Download Function
A vulnerability classified as critical has been found in 1902756969 reggie 1.0. Affected is the function download of the file src/main/java/com/itheima/reggie/controller/CommonController.java. The manipulation of the argument name leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
by JoasASantos
36 stars
CVSS 5.3
CVE-2025-0401 NOMISEC MEDIUM
reggie 1.0 - Path Traversal via CommonController Download Function
A vulnerability classified as critical has been found in 1902756969 reggie 1.0. Affected is the function download of the file src/main/java/com/itheima/reggie/controller/CommonController.java. The manipulation of the argument name leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
by CyberSecurityUP
36 stars
CVSS 5.3