Nomisec Exploits

22,667 exploits tracked across all sources.

Sort: Activity Stars
CVE-2021-42013 NOMISEC CRITICAL
Apache HTTP Server 2.4.49-2.4.50 - Path Traversal and Remote Code Execution via Alias-like Directives
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.
by dream434
CVSS 9.8
CVE-2017-5487 NOMISEC MEDIUM
WordPress < 4.7.1 - Unauthorized User Information Exposure via REST API
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
by dream434
CVSS 5.3
CVE-2023-1698 NOMISEC CRITICAL
WAGO Compact Controller 100 Firmware 20-22 - Unauthenticated OS Command Injection
In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.
by X3RX3SSec
4 stars
CVSS 9.8
CVE-2025-25460 NOMISEC MEDIUM
FlatPress 1.3.1 - Authenticated Stored Cross-Site Scripting in Add Entry TextArea Field
A stored Cross-Site Scripting (XSS) vulnerability was identified in FlatPress 1.3.1 within the "Add Entry" feature. This vulnerability allows authenticated attackers to inject malicious JavaScript payloads into blog posts, which are executed when other users view the posts. The issue arises due to improper input sanitization of the "TextArea" field in the blog entry submission form.
by RoNiXxCybSeC0101
1 stars
CVSS 4.8
CVE-2022-38532 NOMISEC HIGH
MSI Center <1.0.50.0 - Privilege Escalation
Micro-Star International Co., Ltd MSI Center 1.0.50.0 was discovered to contain a vulnerability in the component C_Features of MSI.CentralServer.exe. This vulnerability allows attackers to escalate privileges via running a crafted executable.
by nam3lum
7 stars
CVSS 7.8
CVE-2024-43583 NOMISEC HIGH
Windows 10 1507-22H2 and Windows 11 21H2 - Winlogon Elevation of Privilege
Winlogon Elevation of Privilege Vulnerability
by Kvngtheta
1 stars
CVSS 7.8
CVE-2024-24919 NOMISEC HIGH
Check Point Quantum Gateway - Information Disclosure
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.
by funixone
1 stars
CVSS 8.6
CVE-2025-26465 NOMISEC MEDIUM
OpenSSH 6.9-9.7 - Machine-in-the-Middle Attack via VerifyHostKeyDNS Error Handling
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.
by dolutech
1 stars
CVSS 6.8
CVE-2018-9338 NOMISEC HIGH
Android - Out-of-bounds Write in ResStringPool::setTo
In ResStringPool::setTo of ResourceTypes.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
by Pazhanivelmani
CVSS 7.8
CVE-2024-22243 NOMISEC HIGH
UriComponentsBuilder - Open Redirect
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.
by Reivap
CVSS 8.1
CVE-2025-24016 NOMISEC CRITICAL
Wazuh server remote code execution caused by an unsafe deserialization vulnerability.
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are a serialized as JSON and deserialized using `as_wazuh_object` (in `framework/wazuh/core/cluster/common.py`). If an attacker manages to inject an unsanitized dictionary in DAPI request/response, they can forge an unhandled exception (`__unhandled_exc__`) to evaluate arbitrary python code. The vulnerability can be triggered by anybody with API access (compromised dashboard or Wazuh servers in the cluster) or, in certain configurations, even by a compromised agent. Version 4.9.1 contains a fix.
by MuhammadWaseem29
5 stars
CVSS 9.9
CVE-2025-24016 NOMISEC CRITICAL
Wazuh server remote code execution caused by an unsafe deserialization vulnerability.
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are a serialized as JSON and deserialized using `as_wazuh_object` (in `framework/wazuh/core/cluster/common.py`). If an attacker manages to inject an unsanitized dictionary in DAPI request/response, they can forge an unhandled exception (`__unhandled_exc__`) to evaluate arbitrary python code. The vulnerability can be triggered by anybody with API access (compromised dashboard or Wazuh servers in the cluster) or, in certain configurations, even by a compromised agent. Version 4.9.1 contains a fix.
by GloStarRx1
1 stars
CVSS 9.9
CVE-2022-40684 NOMISEC CRITICAL
Fortinet Fortiproxy < 7.0.7 - Authentication Bypass
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
by Yami0x777
CVSS 9.8
CVE-2024-13481 NOMISEC HIGH
LTL Freight Quotes - R+L Carriers Edition <3.3.4 - SQL Injection
The LTL Freight Quotes – R+L Carriers Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
by RandomRobbieBF
CVSS 7.5
CVE-2024-13479 NOMISEC HIGH
LTL Freight Quotes - SEFL Edition <3.2.4 - SQL Injection
The LTL Freight Quotes – SEFL Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.2.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
by RandomRobbieBF
CVSS 7.5
CVE-2024-13478 NOMISEC HIGH
LTL Freight Quotes - TForce Edition <3.6.4 - SQL Injection
The LTL Freight Quotes – TForce Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
by RandomRobbieBF
CVSS 7.5
CVE-2024-13483 NOMISEC HIGH
LTL Freight Quotes - SAIA Edition <2.2.10 - SQL Injection
The LTL Freight Quotes – SAIA Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 2.2.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
by RandomRobbieBF
CVSS 7.5
CVE-2024-13485 NOMISEC HIGH
LTL Freight Quotes - ABF Freight Edition <3.3.7 - SQL Injection
The LTL Freight Quotes – ABF Freight Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
by RandomRobbieBF
CVSS 7.5
CVE-2024-13489 NOMISEC HIGH
LTL Freight Quotes - Old Dominion Edition <4.2.10 - SQL Injection
The LTL Freight Quotes – Old Dominion Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.2.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
by RandomRobbieBF
CVSS 7.5
CVE-2024-13488 NOMISEC HIGH
LTL Freight Quotes - Estes Edition <3.3.7 - SQL Injection
The LTL Freight Quotes – Estes Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.3.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
by RandomRobbieBF
CVSS 7.5
CVE-2025-21420 NOMISEC HIGH
Windows Disk Cleanup Tool - Elevation of Privilege via Improper Link Resolution
Windows Disk Cleanup Tool Elevation of Privilege Vulnerability
by toxy4ny
7 stars
CVSS 7.8
CVE-2023-24932 NOMISEC MEDIUM
Windows 10 1507-22H2 and Windows 11 21H2-22H2 - Secure Boot Security Feature Bypass
Secure Boot Security Feature Bypass Vulnerability
by helleflo1312
1 stars
CVSS 6.7
CVE-2025-0108 NOMISEC CRITICAL
Palo Alto Networks PAN-OS - Auth Bypass
An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software.
by sohaibeb
1 stars
CVSS 9.1
CVE-2024-1651 NOMISEC CRITICAL
Torrentpier 2.4.1 - Remote Code Execution via Insecure Deserialization
Torrentpier version 2.4.1 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to insecure deserialization.
by killukeren
CVSS 10.0
CVE-2008-4654 NOMISEC
VLC Media Player 0.9.0-0.9.4 - Stack-Based Buffer Overflow in Ty Demux Plugin
Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value.
by Hexastrike