Nomisec Exploits
22,667 exploits tracked across all sources.
Ivanti Connect Secure <22.7R2.5 - RCE
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
by punitdarji
Windows 10 1507-24H2 and Windows Server 2012-2016 - Active Directory Domain Services Elevation of Privilege
Active Directory Domain Services Elevation of Privilege Vulnerability
by ahmedumarehman
Windows Print Spooler - Remote Code Execution
Windows Print Spooler Remote Code Execution Vulnerability
by Sp4ceDogy
CVSS 7.8
IBM Tivoli Monitoring Portal <6 - Command Injection
IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. IBM X-Force ID: 123493.
by Morfeen01
CVSS 7.5
PaperCut MF and NG 8.0-20.1.7 - Unauthenticated Remote Code Execution via SetupCompleted
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.
by monke443
Espressif ESP32 Firmware - Hidden Functionality via Undocumented HCI Commands
Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory).
by em0gi
ollama < 0.1.34 - Path Traversal via Model Path Digest Validation Bypass
Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring.
by pankass
CVE-2007-2447
NOMISEC
Samba 3.0.0-3.0.25rc3 - Command Injection
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
by elphon
Zimbra Collaboration <8.8.15-9.0.0-10.0.9-10.1.1 - Command Injection
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.
by sec13b
CVSS 10.0
Progress MOVEit SFTP Authentication Bypass for Arbitrary File Read
Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.
by sec13b
CVSS 9.1
WordPress < 4.7.1 - Unauthorized User Information Exposure via REST API
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
by tpdlshdmlrkfmcla
CVSS 5.3
Telegram < 10.14.5 - Malicious App Disguised as Video via EvilVideo Vulnerability
EvilVideo vulnerability allows sending malicious apps disguised as videos in Telegram for Android application affecting
versions 10.14.4 and older.
by hexspectrum1
Unifiedtransform 2.0 - Incorrect Access Control via Teacher Attendance Endpoint
Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows teachers to take attendance of fellow teachers. This affected endpoint is /courses/teacher/index?teacher_id=2&semester_id=1.
by armaansidana2003
CVSS 4.3
Unifiedtransform 2.0 - Cross-Site Scripting in Create Assignment Function
Unifiedtransform 2.0 is vulnerable to Cross Site Scripting (XSS) in the Create assignment function.
by armaansidana2003
CVSS 5.4
Unifiedtransform 2.0 - Privilege Escalation via Incorrect Access Control
Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation allowing the change of Section Name and Room Number by Teachers.
by armaansidana2003
CVSS 3.3
Unifiedtransform 2.X - Privilege Escalation
Incorrect Access Control in Unifiedtransform 2.X leads to Privilege Escalation allowing teachers to create syllabus.
by armaansidana2003
CVSS 4.3
Unifiedtransform 2.0 - Improper Access Control via Exam Rule Edit Endpoint
Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?exam_rule_id=1.
by armaansidana2003
CVSS 4.3
Unifiedtransform 2.0 - Improper Access Control
Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance list for all class sections.
by armaansidana2003
CVSS 2.7
Unifiedtransform 2.0 - Privilege Escalation via Incorrect Access Control
Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers.
by armaansidana2003
CVSS 8.8
NVDA Remote 2.6.4 and Tele NVDA Remote 2025.3.3 - Improper Authentication via Weak Password Handling
A vulnerability was identified in the NVDA Remote (version 2.6.4) and Tele NVDA Remote (version 2025.3.3) remote connection add-ons, which allows an attacker to obtain total control of the remote system by guessing a weak password. The problem occurs because these add-ons accept any password entered by the user and do not have an additional authentication or computer verification mechanism. Tests indicate that more than 1,000 systems use easy-to-guess passwords, many with less than 4 to 6 characters, including common sequences. This allows brute force attacks or trial-and-error attempts by malicious invaders. The vulnerability can be exploited by a remote attacker who knows or can guess the password used in the connection. As a result, the attacker gains complete access to the affected system and can execute commands, modify files, and compromise user security.
by azurejoga
abo.cms 5.8-5.9.3 - SQL Injection via TinyMCE Module POST Request
The unprivileged administrative interface in ABO.CMS version 5.8 through v.5.9.3 is affected by a SQL Injection vulnerability via a HTTP POST request to the TinyMCE module
by vasykor
CVSS 6.5
Windows 10 1507-22H2, Windows 11 22H2-24H2, Windows Server 2008-2012 - Remote Code Execution via OLE Use-After-Free
Windows OLE Remote Code Execution Vulnerability
by TheBl4ckPh4nt0m
Windows 10 1507-22H2, Windows 11 22H2-24H2, Windows Server 2008-2012 - Remote Code Execution via OLE Use-After-Free
Windows OLE Remote Code Execution Vulnerability
by Dit-Developers
Apache Struts 2.0.0-2.5.32 - Path Traversal and Remote Code Execution via File Upload
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.
Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
by Pixel-DefaultBR
GO < 1.8.6 - Code Injection
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
by elw0od
CVSS 7.8
By Source