Nomisec Exploits

22,667 exploits tracked across all sources.

Sort: Activity Stars
CVE-2022-35978 NOMISEC HIGH
Minetest < 5.6.0 - Unauthenticated Protection Mechanism Failure via Global Setting
Minetest is a free open-source voxel game engine with easy modding and game creation. In **single player**, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua environment the menu runs in is not sandboxed and can directly interfere with the user's system. There are currently no known workarounds.
by CanVo
CVSS 7.7
CVE-2019-1003030 NOMISEC CRITICAL
Jenkins Pipeline: Groovy Plugin <2.63 - RCE
A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM.
by overgrowncarrot1
1 stars
CVSS 9.9
CVE-2025-25296 NOMISEC MEDIUM
Label Studio < 1.16.0 - Cross-Site Scripting via label_config Query Parameter
Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's `/projects/upload-example` endpoint allows injection of arbitrary HTML through a `GET` request with an appropriately crafted `label_config` query parameter. By crafting a specially formatted XML label config with inline task data containing malicious HTML/JavaScript, an attacker can achieve Cross-Site Scripting (XSS). While the application has a Content Security Policy (CSP), it is only set in report-only mode, making it ineffective at preventing script execution. The vulnerability exists because the upload-example endpoint renders user-provided HTML content without proper sanitization on a GET request. This allows attackers to inject and execute arbitrary JavaScript in victims' browsers by getting them to visit a maliciously crafted URL. This is considered vulnerable because it enables attackers to execute JavaScript in victims' contexts, potentially allowing theft of sensitive data, session hijacking, or other malicious actions. Version 1.16.0 contains a patch for the issue.
by math-x-io
2 stars
CVSS 6.1
CVE-2023-6199 NOMISEC MEDIUM
BookStack 23.10.2 - Server-Side Request Forgery via Local File Filtering
Book Stack version 23.10.2 allows filtering local files on the server. This is possible because the application is vulnerable to SSRF.
by AbdrrahimDahmani
CVSS 6.5
CVE-2024-23346 NOMISEC CRITICAL
pymatgen < 2024.2.20 - Remote Code Execution via JonesFaithfulTransformation.from_transformation_str()
Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()` method within the `pymatgen` library prior to version 2024.2.20. This method insecurely utilizes `eval()` for processing input, enabling execution of arbitrary code when parsing untrusted input. Version 2024.2.20 fixes this issue.
by szyth
CVSS 9.3
CVE-2025-24971 NOMISEC CRITICAL
DumbDrop <commit 4ff8469d - Command Injection
DumpDrop is a stupid simple file upload application that provides an interface for dragging and dropping files. An OS Command Injection vulnerability was discovered in the DumbDrop application, `/upload/init` endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely when the **Apprise Notification** enabled. This issue has been addressed in commit `4ff8469d` and all users are advised to patch. There are no known workarounds for this vulnerability.
by be4zad
CVE-2025-26318 NOMISEC MEDIUM
TSplus Remote Access <17.30 - Info Disclosure
hb.exe in TSplus Remote Access before 17.30 2024-10-30 allows remote attackers to retrieve a list of all domain accounts currently connected to the application.
by Frozenka
4 stars
CVSS 5.8
CVE-2025-24752 NOMISEC HIGH
Essential Addons for Elementor <= 6.0.14 - Reflected Cross-Site Scripting
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Reflected XSS.This issue affects Essential Addons for Elementor: from n/a through <= 6.0.14.
by Sachinart
6 stars
CVSS 7.1
CVE-2024-47051 NOMISEC CRITICAL
Mautic < 5.2.3 - Authenticated Remote Code Execution and Path Traversal via Asset Upload
This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users. * Remote Code Execution (RCE) via Asset Upload: A Remote Code Execution vulnerability has been identified in the asset upload functionality. Insufficient enforcement of allowed file extensions allows an attacker to bypass restrictions and upload executable files, such as PHP scripts. * Path Traversal File Deletion: A Path Traversal vulnerability exists in the upload validation process. Due to improper handling of path components, an authenticated user can manipulate the file deletion process to delete arbitrary files on the host system.
by mallo-m
3 stars
CVSS 9.1
CVE-2025-0364 NOMISEC CRITICAL
BigAntSoft BigAnt Server <5.6.06 - RCE
BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the attacker can upload and execute arbitrary PHP code using the "Cloud Storage Addin," leading to unauthenticated code execution.
by vulncheck-oss
6 stars
CVSS 9.8
CVE-2024-56264 NOMISEC MEDIUM
Beee ACF City Selector <1.14.0 - RCE
Unrestricted Upload of File with Dangerous Type vulnerability in Beee ACF City Selector acf-city-selector allows Upload a Web Shell to a Web Server.This issue affects ACF City Selector: from n/a through <= 1.14.0.
by dpakmrya
CVSS 6.6
CVE-2024-5909 NOMISEC MEDIUM
Cortex XDR Agent 7.9-7.9.101 and 8.1-8.1.1 - Local Privilege Escalation via Agent Disabling
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.
by ig-labs
33 stars
CVSS 5.5
CVE-2023-3280 NOMISEC MEDIUM
Palo Alto Networks Cortex XDR Agent 5.0-5.0.12.22203 7.9.0-7.9.3 7.9.0-7.9.101 - Local Protection Mechanism Bypass
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent.
by ig-labs
33 stars
CVSS 5.5
CVE-2025-1094 NOMISEC HIGH
PostgreSQL < 17.3, 16.7, 15.11, 14.16, 13.19 - SQL Injection via libpq Quoting Functions
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.
by soltanali0
40 stars
CVSS 8.1
CVE-2023-46604 NOMISEC CRITICAL
Java OpenWire - Deserialization RCE
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
by skrkcb2
CVSS 10.0
CVE-2023-42829 NOMISEC MEDIUM
macOS 11.0-11.7.8 - Unauthorized SSH Passphrase Exposure via App State Observability
The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to access SSH passphrases.
by JamesD4
2 stars
CVSS 5.5
CVE-2014-6271 NOMISEC CRITICAL
Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
by YunchoHang
CVSS 9.8
CVE-2018-13382 NOMISEC CRITICAL
FortiProxy < 1.2.9 and FortiOS 5.4.1-5.4.10 - Unauthenticated Password Modification via SSL VPN Web Portal
An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests
by cojoben
CVSS 9.1
CVE-2024-24919 NOMISEC HIGH
Check Point Quantum Gateway - Information Disclosure
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.
by SpiX-7
CVSS 8.6
CVE-2025-1302 NOMISEC CRITICAL
jsonpath-plus < 10.3.0 - Remote Code Execution via Unsafe Eval Mode
Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. **Note:** This is caused by an incomplete fix for [CVE-2024-21534](https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884).
by EQSTLab
19 stars
CVSS 9.8
CVE-2025-25461 NOMISEC MEDIUM
SeedDMS 6.0.29 - Stored Cross-Site Scripting via Category Name Field
A Stored Cross-Site Scripting (XSS) vulnerability exists in SeedDMS 6.0.29. A user or rogue admin with the "Add Category" permission can inject a malicious XSS payload into the category name field. When a document is subsequently associated with this category, the payload is stored on the server and rendered without proper sanitization or output encoding. This results in the XSS payload executing in the browser of any user who views the document.
by RoNiXxCybSeC0101
2 stars
CVSS 5.4
CVE-2020-0796 NOMISEC CRITICAL
Windows 10 1903/1909 and Windows Server 1903/1909 - Remote Code Execution via SMBv3 Compression Buffer Overflow
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
by monjheta
CVSS 10.0
CVE-2025-21420 NOMISEC HIGH
Windows Disk Cleanup Tool - Elevation of Privilege via Improper Link Resolution
Windows Disk Cleanup Tool Elevation of Privilege Vulnerability
by Network-Sec
98 stars
CVSS 7.8
CVE-2024-54772 NOMISEC MEDIUM
MikroTik RouterOS <7.17.2 - Info Disclosure
An issue was discovered in the Winbox service of MikroTik RouterOS long-term release v6.43.13 through v6.49.13 and stable v6.43 through v7.17.2. A patch is available in the stable release v6.49.18. A discrepancy in response size between connection attempts made with a valid username and those with an invalid username allows attackers to enumerate for valid accounts.
by deauther890
32 stars
CVSS 5.4
CVE-2025-24104 NOMISEC MEDIUM
iPadOS < 17.7.4 and < 18.3 - Arbitrary File Write via Malicious Backup Restore
This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4. Restoring a maliciously crafted backup file may lead to modification of protected system files.
by ifpdz
51 stars
CVSS 5.5