Nomisec Exploits

22,655 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-40167 NOMISEC MEDIUM
Jetty <9.4.52-12.0.1 - Info Disclosure
Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario.
by uthrasri
CVSS 5.3
CVE-2025-29927 NOMISEC CRITICAL
Next.js Middleware Bypass
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
by fahimalshihab
CVSS 9.1
CVE-2024-53900 NOMISEC CRITICAL
mongoosejs/mongoose < 6.13.5 and >=8.0.0-rc0 <8.8.3 - Search Injection via $where in Match
Mongoose before 8.8.3 can improperly use $where in match, leading to search injection.
by Gokul-Krishnan-V-R
CVSS 9.1
CVE-2025-24799 NOMISEC HIGH
GLPI 10.0.0-10.0.17 - Unauthenticated SQL Injection via Inventory Endpoint
GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 10.0.18.
by MuhammadWaseem29
5 stars
CVSS 7.5
CVE-2023-21554 NOMISEC CRITICAL
CVE-2023-21554 - QueueJumper - MSMQ RCE Check
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
by leongxudong
5 stars
CVSS 9.8
CVE-2025-29927 NOMISEC CRITICAL
Next.js Middleware Bypass
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
by alastair66
1 stars
CVSS 9.1
CVE-2025-22223 NOMISEC MEDIUM
Spring Security 6.4.0-6.4.3 - Auth Bypass
Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authorization bypass.  You are not affected if you are not using @EnableMethodSecurity, or you do not have method security annotations on parameterized types or methods, or all method security annotations are attached to target methods
by 1ucky7
CVSS 5.3
CVE-2025-31864 NOMISEC MEDIUM
Beam me up Scotty - Back to Top Button <= 1.0.23 - Stored Cross-Site Scripting
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Out the Box Beam me up Scotty beam-me-up-scotty allows Stored XSS.This issue affects Beam me up Scotty: from n/a through <= 1.0.23.
by DoTTak
CVSS 5.9
CVE-2025-30921 NOMISEC HIGH
Tribulant Software Newsletters <4.9.9.7 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Software Newsletters newsletters-lite allows SQL Injection.This issue affects Newsletters: from n/a through <= 4.9.9.7.
by DoTTak
1 stars
CVSS 7.6
CVE-2025-1974 NOMISEC CRITICAL
Kubernetes ingress-nginx - Pod Network Remote Code Execution
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
by sandumjacob
90 stars
CVSS 9.8
CVE-2025-29927 NOMISEC CRITICAL
Next.js Middleware Bypass
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
by Gokul-Krishnan-V-R
CVSS 9.1
CVE-2025-24071 NOMISEC MEDIUM
Windows File Explorer - Exposure of Sensitive Information to an Unauthorized Actor
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
by t0x1nsec
1 stars
CVSS 6.5
CVE-2025-24071 NOMISEC MEDIUM
Windows File Explorer - Exposure of Sensitive Information to an Unauthorized Actor
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
by cesarbtakeda
1 stars
CVSS 6.5
CVE-2019-9193 NOMISEC HIGH
PostgreSQL 9.3-11.2 - Authenticated OS Command Injection via COPY TO/FROM PROGRAM
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ‘COPY TO/FROM PROGRAM’ is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ‘COPY FROM PROGRAM’.
by corsisechero
CVSS 7.2
CVE-2020-13942 NOMISEC CRITICAL
Apache Unomi 1.5.0-1.5.1 - Unauthenticated Remote Code Execution via /context.json Endpoint
It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. This was partially fixed in 1.5.1 but a new attack vector was found. In Apache Unomi version 1.5.2 scripts are now completely filtered from the input. It is highly recommended to upgrade to the latest available version of the 1.5.x release to fix this problem.
by corsisechero
CVSS 9.8
CVE-2025-24985 NOMISEC HIGH
Windows Fast FAT Driver - Code Injection
Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.
by airbus-cert
2 stars
CVSS 7.8
CVE-2021-0325 NOMISEC HIGH
Android -8.1,9,10,11 - Buffer Overflow
In ih264d_parse_pslice of ih264d_parse_pslice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-174238784
by nanopathi
1 stars
CVSS 8.8
CVE-2023-27163 NOMISEC MEDIUM
request-baskets < 1.2.1 - Server-Side Request Forgery via /api/baskets/{name} Endpoint
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
by G4sp4rCS
CVSS 6.5
CVE-2025-29927 NOMISEC CRITICAL
Next.js Middleware Bypass
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
by Naveen-005
CVSS 9.1
CVE-2025-2594 NOMISEC HIGH
WordPress Plugin <4.1.3 - Auth Bypass
The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID.
by ubaydev
CVSS 8.1
CVE-2025-30208 NOMISEC MEDIUM
Vite - Arbitrary File Read
Vite, a provider of frontend development tooling, has a vulnerability in versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. `@fs` denies access to files outside of Vite serving allow list. Adding `?raw??` or `?import&raw??` to the URL bypasses this limitation and returns the file content if it exists. This bypass exists because trailing separators such as `?` are removed in several places, but are not accounted for in query string regexes. The contents of arbitrary files can be returned to the browser. Only apps explicitly exposing the Vite dev server to the network (using `--host` or `server.host` config option) are affected. Versions 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10 fix the issue.
by sumeet-darekar
1 stars
CVSS 5.3
CVE-2025-26055 NOMISEC MEDIUM
Infinxt iEdge 100 <2.1.32 - Command Injection
An OS Command Injection vulnerability exists in the Infinxt iEdge 100 2.1.32 Troubleshoot module, specifically in the tracertVal parameter of the Tracert function.
by rohan-pt
CVSS 6.5
CVE-2025-26054 NOMISEC MEDIUM
Infinxt iEdge 100 2.1.32 - Cross-Site Scripting via LAN Description Field
Infinxt iEdge 100 2.1.32 is vulnerable to Cross Site Scripting (XSS) via the "Description" field during LAN configuration.
by rohan-pt
CVSS 5.4
CVE-2025-26056 NOMISEC MEDIUM
Infinxt iEdge 100 2.1.32 - Command Injection
A command injection vulnerability exists in the Infinxt iEdge 100 2.1.32 in the Troubleshoot module "MTR" functionality. The vulnerability is due to improper validation of user-supplied input in the mtrIp parameter. An attacker can exploit this flaw to execute arbitrary operating system commands on the underlying system with the same privileges as the web application process.
by rohan-pt
CVSS 5.4
CVE-2025-30208 NOMISEC MEDIUM
Vite - Arbitrary File Read
Vite, a provider of frontend development tooling, has a vulnerability in versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. `@fs` denies access to files outside of Vite serving allow list. Adding `?raw??` or `?import&raw??` to the URL bypasses this limitation and returns the file content if it exists. This bypass exists because trailing separators such as `?` are removed in several places, but are not accounted for in query string regexes. The contents of arbitrary files can be returned to the browser. Only apps explicitly exposing the Vite dev server to the network (using `--host` or `server.host` config option) are affected. Versions 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10 fix the issue.
by 0xshaheen
CVSS 5.3