Nomisec Exploits

22,667 exploits tracked across all sources.

Sort: Activity Stars
CVE-2025-0282 NOMISEC CRITICAL
Ivanti Connect Secure <22.7R2.5 - RCE
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
by punitdarji
3 stars
CVSS 9.0
CVE-2025-21293 NOMISEC HIGH
Windows 10 1507-24H2 and Windows Server 2012-2016 - Active Directory Domain Services Elevation of Privilege
Active Directory Domain Services Elevation of Privilege Vulnerability
by ahmedumarehman
1 stars
CVSS 8.8
CVE-2021-1675 NOMISEC HIGH
Windows Print Spooler - Remote Code Execution
Windows Print Spooler Remote Code Execution Vulnerability
by Sp4ceDogy
CVSS 7.8
CVE-2017-1182 NOMISEC HIGH
IBM Tivoli Monitoring Portal <6 - Command Injection
IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. IBM X-Force ID: 123493.
by Morfeen01
CVSS 7.5
CVE-2023-27350 NOMISEC CRITICAL
PaperCut MF and NG 8.0-20.1.7 - Unauthenticated Remote Code Execution via SetupCompleted
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.
by monke443
4 stars
CVSS 9.8
CVE-2025-27840 NOMISEC MEDIUM
Espressif ESP32 Firmware - Hidden Functionality via Undocumented HCI Commands
Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory).
by em0gi
10 stars
CVSS 6.8
CVE-2024-37032 NOMISEC HIGH
ollama < 0.1.34 - Path Traversal via Model Path Digest Validation Bypass
Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring.
by pankass
8 stars
CVSS 8.8
CVE-2007-2447 NOMISEC
Samba 3.0.0-3.0.25rc3 - Command Injection
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
by elphon
CVE-2024-45519 NOMISEC CRITICAL
Zimbra Collaboration <8.8.15-9.0.0-10.0.9-10.1.1 - Command Injection
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.
by sec13b
CVSS 10.0
CVE-2024-5806 NOMISEC CRITICAL
Progress MOVEit SFTP Authentication Bypass for Arbitrary File Read
Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.
by sec13b
CVSS 9.1
CVE-2017-5487 NOMISEC MEDIUM
WordPress < 4.7.1 - Unauthorized User Information Exposure via REST API
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
by tpdlshdmlrkfmcla
CVSS 5.3
CVE-2024-7014 NOMISEC HIGH
Telegram < 10.14.5 - Malicious App Disguised as Video via EvilVideo Vulnerability
EvilVideo vulnerability allows sending malicious apps disguised as videos in Telegram for Android application affecting versions 10.14.4 and older.
by hexspectrum1
3 stars
CVSS 8.1
CVE-2025-25621 NOMISEC MEDIUM
Unifiedtransform 2.0 - Incorrect Access Control via Teacher Attendance Endpoint
Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows teachers to take attendance of fellow teachers. This affected endpoint is /courses/teacher/index?teacher_id=2&semester_id=1.
by armaansidana2003
CVSS 4.3
CVE-2025-25620 NOMISEC MEDIUM
Unifiedtransform 2.0 - Cross-Site Scripting in Create Assignment Function
Unifiedtransform 2.0 is vulnerable to Cross Site Scripting (XSS) in the Create assignment function.
by armaansidana2003
CVSS 5.4
CVE-2025-25618 NOMISEC LOW
Unifiedtransform 2.0 - Privilege Escalation via Incorrect Access Control
Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation allowing the change of Section Name and Room Number by Teachers.
by armaansidana2003
CVSS 3.3
CVE-2025-25617 NOMISEC MEDIUM
Unifiedtransform 2.X - Privilege Escalation
Incorrect Access Control in Unifiedtransform 2.X leads to Privilege Escalation allowing teachers to create syllabus.
by armaansidana2003
CVSS 4.3
CVE-2025-25616 NOMISEC MEDIUM
Unifiedtransform 2.0 - Improper Access Control via Exam Rule Edit Endpoint
Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?exam_rule_id=1.
by armaansidana2003
CVSS 4.3
CVE-2025-25615 NOMISEC LOW
Unifiedtransform 2.0 - Improper Access Control
Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance list for all class sections.
by armaansidana2003
CVSS 2.7
CVE-2025-25614 NOMISEC HIGH
Unifiedtransform 2.0 - Privilege Escalation via Incorrect Access Control
Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers.
by armaansidana2003
CVSS 8.8
CVE-2025-26326 NOMISEC HIGH
NVDA Remote 2.6.4 and Tele NVDA Remote 2025.3.3 - Improper Authentication via Weak Password Handling
A vulnerability was identified in the NVDA Remote (version 2.6.4) and Tele NVDA Remote (version 2025.3.3) remote connection add-ons, which allows an attacker to obtain total control of the remote system by guessing a weak password. The problem occurs because these add-ons accept any password entered by the user and do not have an additional authentication or computer verification mechanism. Tests indicate that more than 1,000 systems use easy-to-guess passwords, many with less than 4 to 6 characters, including common sequences. This allows brute force attacks or trial-and-error attempts by malicious invaders. The vulnerability can be exploited by a remote attacker who knows or can guess the password used in the connection. As a result, the attacker gains complete access to the affected system and can execute commands, modify files, and compromise user security.
by azurejoga
1 stars
CVSS 8.8
CVE-2021-37787 NOMISEC MEDIUM
abo.cms 5.8-5.9.3 - SQL Injection via TinyMCE Module POST Request
The unprivileged administrative interface in ABO.CMS version 5.8 through v.5.9.3 is affected by a SQL Injection vulnerability via a HTTP POST request to the TinyMCE module
by vasykor
CVSS 6.5
CVE-2025-21298 NOMISEC CRITICAL
Windows 10 1507-22H2, Windows 11 22H2-24H2, Windows Server 2008-2012 - Remote Code Execution via OLE Use-After-Free
Windows OLE Remote Code Execution Vulnerability
by TheBl4ckPh4nt0m
1 stars
CVSS 9.8
CVE-2025-21298 NOMISEC CRITICAL
Windows 10 1507-22H2, Windows 11 22H2-24H2, Windows Server 2008-2012 - Remote Code Execution via OLE Use-After-Free
Windows OLE Remote Code Execution Vulnerability
by Dit-Developers
1 stars
CVSS 9.8
CVE-2023-50164 NOMISEC CRITICAL
Apache Struts 2.0.0-2.5.32 - Path Traversal and Remote Code Execution via File Upload
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
by Pixel-DefaultBR
1 stars
CVSS 9.8
CVE-2018-6574 NOMISEC HIGH
GO < 1.8.6 - Code Injection
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
by elw0od
CVSS 7.8